700 files changed, 162971 insertions, 7821 deletions

diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Makefile.ssl
index cda9de0ac9..b9951a4600 100644
--- a/src/lib/libcrypto/Attic/Makefile
+++ b/src/lib/libcrypto/Makefile.ssl
@@ -1,5 +1,5 @@
 #
-# OpenSSL/crypto/Makefile
+# SSLeay/crypto/Makefile
 #
 
 DIR=            crypto
@@ -11,9 +11,10 @@ CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
 MAKEDEPPROG=    makedepend
 MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
+MAKEFILE=       Makefile.ssl
 RM=             rm -f
 AR=             ar r
 
@@ -35,14 +36,14 @@ GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c
-LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o
+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
 
 SRC= $(LIBSRC)
 
 EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
         ossl_typ.h
-HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER)
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -51,9 +52,9 @@ top:
 
 all: shared
 
-buildinf.h: ../Makefile
+buildinf.h: ../Makefile.ssl
         ( echo "#ifndef MK1MF_BUILD"; \
-        echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
+        echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
         echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
         echo '  #define PLATFORM "$(PLATFORM)"'; \
         echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
@@ -72,7 +73,7 @@ subdirs:
         done;
 
 files:
-        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
         @for i in $(SDIRS) ;\
         do \
         (cd $$i && echo "making 'files' in crypto/$$i..." && \
@@ -80,9 +81,11 @@ files:
         done;
 
 links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
         @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
         @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
         @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
         @for i in $(SDIRS); do \
         (cd $$i && echo "making links in crypto/$$i..." && \
         $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
@@ -94,8 +97,7 @@ lib:	$(LIBOBJ)
         @touch lib
 
 shared: buildinf.h lib subdirs
-        @if [ -n "$(SHARED_LIBS)" ]; then \
-                egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null || \
+        if [ -n "$(SHARED_LIBS)" ]; then \
                 (cd ..; $(MAKE) $(SHARED_LIB)); \
         fi
 
@@ -114,7 +116,7 @@ tests:
         done;
 
 install:
-        @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+        @for i in $(EXHEADER) ;\
         do \
         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
@@ -201,8 +203,6 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
-o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-o_str.o: o_str.c o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
 tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
diff --git a/src/lib/libcrypto/acss/acss.h b/src/lib/libcrypto/acss/acss.h
new file mode 100644
index 0000000000..c2d3550796
--- /dev/null
+++ b/src/lib/libcrypto/acss/acss.h
@@ -0,0 +1,47 @@
+/*      $OpenBSD: acss.h,v 1.4 2005/04/25 13:20:52 miod Exp $   */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _ACSS_H_
+#define _ACSS_H_
+
+#ifdef OPENSSL_NO_ACSS
+#error acss is disabled.
+#endif
+
+/* 40bit key */
+#define ACSS_KEYSIZE            5
+
+/* modes of acss */
+#define ACSS_MODE0              0
+#define ACSS_MODE1              1
+#define ACSS_MODE2              2
+#define ACSS_MODE3              3
+
+typedef struct acss_key_st {
+        unsigned int    lfsr17;         /* current state of lfsrs */
+        unsigned int    lfsr25;
+        unsigned int    lfsrsum;
+        unsigned char   seed[ACSS_KEYSIZE];
+        unsigned char   data[ACSS_KEYSIZE];
+        int             encrypt;
+        int             mode;
+} ACSS_KEY;
+
+void acss_setkey(ACSS_KEY *, const unsigned char *, int, int);
+void acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *);
+
+#endif /* ifndef _ACSS_H_ */
diff --git a/src/lib/libcrypto/acss/acss_enc.c b/src/lib/libcrypto/acss/acss_enc.c
new file mode 100644
index 0000000000..829830bc54
--- /dev/null
+++ b/src/lib/libcrypto/acss/acss_enc.c
@@ -0,0 +1,177 @@
+/*      $OpenBSD: acss_enc.c,v 1.4 2004/02/13 10:05:44 hshoexer Exp $   */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/acss.h>
+
+/* decryption sbox */
+static unsigned char sboxdec[] = {
+        0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, 
+        0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, 
+        0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, 
+        0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, 
+        0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, 
+        0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, 
+        0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, 
+        0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, 
+        0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, 
+        0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, 
+        0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, 
+        0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, 
+        0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, 
+        0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, 
+        0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, 
+        0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, 
+        0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, 
+        0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, 
+        0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, 
+        0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, 
+        0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, 
+        0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, 
+        0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, 
+        0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, 
+        0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, 
+        0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, 
+        0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, 
+        0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, 
+        0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, 
+        0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, 
+        0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 
+        0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
+};
+
+/* encryption sbox */
+static unsigned char sboxenc[] = {
+        0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75,
+        0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b,
+        0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21,
+        0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f,
+        0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5,
+        0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab,
+        0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0,
+        0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2,
+        0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74,
+        0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76,
+        0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20,
+        0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22,
+        0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4,
+        0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6,
+        0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1,
+        0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf,
+        0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25,
+        0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b,
+        0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71,
+        0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f,
+        0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5,
+        0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb,
+        0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0,
+        0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2,
+        0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24,
+        0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26,
+        0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70,
+        0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72,
+        0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4,
+        0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6,
+        0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1,
+        0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff
+};
+
+/*
+ * Two linear feedback shift registers are used:
+ *
+ * lfsr17:  polynomial of degree 17, primitive modulo 2 (listed in Schneier)
+ *          x^15 + x + 1
+ * lfsr25:  polynomial of degree 25, not know if primitive modulo 2
+ *          x^13 + x^5 + x^4 + x + 1
+ *
+ * Output bits are discarded, instead the feedback bits are added to produce
+ * the cipher stream.  Depending on the mode, feedback bytes may be inverted
+ * bit-wise before addition.
+ *
+ * The lfsrs are seeded with bytes from the raw key:
+ *
+ * lfsr17:  byte 0[0:7] at bit 9
+ *          byte 1[0:7] at bit 0
+ *
+ * lfsr25:  byte 2[0:4] at bit 16
+ *          byte 2[5:7] at bit 22
+ *          byte 3[0:7] at bit 8
+ *          byte 4[0:7] at bit 0
+ *
+ * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in
+ * lfsr25.
+ *
+ */
+
+void
+acss(ACSS_KEY *key, unsigned long len, const unsigned char *in,
+    unsigned char *out)
+{
+        unsigned long i;
+        unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp;
+
+        lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0;
+
+        /* keystream is sum of lfsrs */
+        for (i = 0; i < len; i++) {
+                lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14);
+                key->lfsr17 = (key->lfsr17 >> 8)
+                        ^ (lfsr17tmp << 9)
+                        ^ (lfsr17tmp << 12)
+                        ^ (lfsr17tmp << 15);
+                key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */
+
+                lfsr25tmp = key->lfsr25
+                        ^ (key->lfsr25 >> 3)
+                        ^ (key->lfsr25 >> 4)
+                        ^ (key->lfsr25 >> 12);
+                key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17);
+                key->lfsr25 &= 0x1ffffff;       /* 25 bit LFSR */
+
+                lfsrsumtmp = key->lfsrsum;
+
+                /* addition */
+                switch (key->mode) {
+                case ACSS_MODE3:
+                        key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
+                        key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
+                        break;
+                case ACSS_MODE2:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
+                        break;
+                case ACSS_MODE1:
+                        key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                case ACSS_MODE0:
+                default:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                }
+                key->lfsrsum += (lfsrsumtmp >> 8);
+
+                if (in == (unsigned char *)0)
+                        /* generate only a keystream */
+                        out[i] = key->lfsrsum & 0xff;
+                else if (key->encrypt) {
+                        out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff];
+                } else {
+                        out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff;
+                }
+        }
+}
diff --git a/src/lib/libcrypto/acss/acss_skey.c b/src/lib/libcrypto/acss/acss_skey.c
new file mode 100644
index 0000000000..08e5685fcf
--- /dev/null
+++ b/src/lib/libcrypto/acss/acss_skey.c
@@ -0,0 +1,86 @@
+/*      $OpenBSD: acss_skey.c,v 1.2 2004/01/23 19:23:33 hshoexer Exp $  */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/acss.h>
+
+static unsigned char reverse[] = {
+        0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, 
+        0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, 
+        0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, 
+        0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, 
+        0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, 
+        0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, 
+        0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, 
+        0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, 
+        0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, 
+        0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, 
+        0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, 
+        0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, 
+        0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, 
+        0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, 
+        0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, 
+        0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, 
+        0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, 
+        0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, 
+        0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, 
+        0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, 
+        0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, 
+        0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, 
+        0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, 
+        0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, 
+        0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, 
+        0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, 
+        0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, 
+        0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, 
+        0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, 
+        0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, 
+        0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, 
+        0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff 
+};
+
+static void
+acss_seed(ACSS_KEY *key)
+{
+        int i;
+
+        for (i = 0; i < ACSS_KEYSIZE; i++)
+                key->seed[i] = reverse[key->data[i]];
+
+        /* seed lfsrs */
+        key->lfsr17 = key->seed[1]
+                | (key->seed[0] << 9)
+                | (1 << 8);     /* inject 1 at bit 9 */
+        key->lfsr25 = key->seed[4]
+                | (key->seed[3] << 8)
+                | ((key->seed[2] & 0x1f) << 16)
+                | ((key->seed[2] & 0xe0) << 17)
+                        | (1 << 21);    /* inject 1 at bit 22 */
+
+        key->lfsrsum = 0;
+}
+
+void
+acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode)
+{
+        memcpy(key->data, data, sizeof(key->data));
+
+        if (enc != -1)
+                key->encrypt = enc;
+        key->mode = mode;
+
+        acss_seed(key);
+}
diff --git a/src/lib/libcrypto/aes/Makefile.ssl b/src/lib/libcrypto/aes/Makefile.ssl
new file mode 100644
index 0000000000..f353aeb697
--- /dev/null
+++ b/src/lib/libcrypto/aes/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# crypto/aes/Makefile
+#
+
+DIR=    aes
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
+LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
diff --git a/src/lib/libcrypto/aes/README b/src/lib/libcrypto/aes/README
new file mode 100644
index 0000000000..0f9620a80e
--- /dev/null
+++ b/src/lib/libcrypto/aes/README
@@ -0,0 +1,3 @@
+This is an OpenSSL-compatible version of AES (also called Rijndael).
+aes_core.c is basically the same as rijndael-alg-fst.c but with an
+API that looks like the rest of the OpenSSL symmetric cipher suite.
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
new file mode 100644
index 0000000000..8a3ea0b883
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes.h
@@ -0,0 +1,127 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_H
+#define HEADER_AES_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#define AES_ENCRYPT     1
+#define AES_DECRYPT     0
+
+/* Because array size can't be a const in C, the following two are macros.
+   Both sizes are in bytes. */
+#define AES_MAXNR 14
+#define AES_BLOCK_SIZE 16
+
+#if defined(OPENSSL_FIPS)
+#define FIPS_AES_SIZE_T int
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+    unsigned long rd_key[4 *(AES_MAXNR + 1)];
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+        AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+        AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+        const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+        const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+        const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char *ivec, int *num, const int enc);
+void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+                            const int nbits,const AES_KEY *key,
+                            unsigned char *ivec,const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char *ivec, int *num);
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char ivec[AES_BLOCK_SIZE],
+        unsigned char ecount_buf[AES_BLOCK_SIZE],
+        unsigned int *num);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* !HEADER_AES_H */
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
new file mode 100644
index 0000000000..d2ba6bcdb4
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -0,0 +1,131 @@
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     const unsigned long length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc) {
+
+        unsigned long n;
+        unsigned long len = length;
+        unsigned char tmp[AES_BLOCK_SIZE];
+        const unsigned char *iv = ivec;
+
+        assert(in && out && key && ivec);
+        assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+        if (AES_ENCRYPT == enc) {
+                while (len >= AES_BLOCK_SIZE) {
+                        for(n=0; n < AES_BLOCK_SIZE; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        AES_encrypt(out, out, key);
+                        iv = out;
+                        len -= AES_BLOCK_SIZE;
+                        in += AES_BLOCK_SIZE;
+                        out += AES_BLOCK_SIZE;
+                }
+                if (len) {
+                        for(n=0; n < len; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        for(n=len; n < AES_BLOCK_SIZE; ++n)
+                                out[n] = iv[n];
+                        AES_encrypt(out, out, key);
+                        iv = out;
+                }
+                memcpy(ivec,iv,AES_BLOCK_SIZE);
+        } else if (in != out) {
+                while (len >= AES_BLOCK_SIZE) {
+                        AES_decrypt(in, out, key);
+                        for(n=0; n < AES_BLOCK_SIZE; ++n)
+                                out[n] ^= iv[n];
+                        iv = in;
+                        len -= AES_BLOCK_SIZE;
+                        in  += AES_BLOCK_SIZE;
+                        out += AES_BLOCK_SIZE;
+                }
+                if (len) {
+                        AES_decrypt(in,tmp,key);
+                        for(n=0; n < len; ++n)
+                                out[n] = tmp[n] ^ iv[n];
+                        iv = in;
+                }
+                memcpy(ivec,iv,AES_BLOCK_SIZE);
+        } else {
+                while (len >= AES_BLOCK_SIZE) {
+                        memcpy(tmp, in, AES_BLOCK_SIZE);
+                        AES_decrypt(in, out, key);
+                        for(n=0; n < AES_BLOCK_SIZE; ++n)
+                                out[n] ^= ivec[n];
+                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
+                        len -= AES_BLOCK_SIZE;
+                        in += AES_BLOCK_SIZE;
+                        out += AES_BLOCK_SIZE;
+                }
+                if (len) {
+                        memcpy(tmp, in, AES_BLOCK_SIZE);
+                        AES_decrypt(tmp, out, key);
+                        for(n=0; n < len; ++n)
+                                out[n] ^= ivec[n];
+                        for(n=len; n < AES_BLOCK_SIZE; ++n)
+                                out[n] = tmp[n];
+                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
+                }
+        }
+}
diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c
new file mode 100644
index 0000000000..49f0411010
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_cfb.c
@@ -0,0 +1,225 @@
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+#include "e_os.h"
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char *ivec, int *num, const int enc) {
+
+        unsigned int n;
+        unsigned long l = length;
+        unsigned char c;
+
+        assert(in && out && key && ivec && num);
+
+        n = *num;
+
+        if (enc) {
+                while (l--) {
+                        if (n == 0) {
+                                AES_encrypt(ivec, ivec, key);
+                        }
+                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
+                        n = (n+1) % AES_BLOCK_SIZE;
+                }
+        } else {
+                while (l--) {
+                        if (n == 0) {
+                                AES_encrypt(ivec, ivec, key);
+                        }
+                        c = *(in);
+                        *(out++) = *(in++) ^ ivec[n];
+                        ivec[n] = c;
+                        n = (n+1) % AES_BLOCK_SIZE;
+                }
+        }
+
+        *num=n;
+}
+
+/* This expects a single block of size nbits for both in and out. Note that
+   it corrupts any extra bits in the last byte of out */
+void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+                            const int nbits,const AES_KEY *key,
+                            unsigned char *ivec,const int enc)
+    {
+    int n,rem,num;
+    unsigned char ovec[AES_BLOCK_SIZE*2];
+
+    if (nbits<=0 || nbits>128) return;
+
+        /* fill in the first half of the new IV with the current IV */
+        memcpy(ovec,ivec,AES_BLOCK_SIZE);
+        /* construct the new IV */
+        AES_encrypt(ivec,ivec,key);
+        num = (nbits+7)/8;
+        if (enc)        /* encrypt the input */
+            for(n=0 ; n < num ; ++n)
+                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
+        else            /* decrypt the input */
+            for(n=0 ; n < num ; ++n)
+                out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
+        /* shift ovec left... */
+        rem = nbits%8;
+        num = nbits/8;
+        if(rem==0)
+            memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
+        else
+            for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+    }
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      const unsigned long length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+    {
+    unsigned int n;
+    unsigned char c[1],d[1];
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    memset(out,0,(length+7)/8);
+    for(n=0 ; n < length ; ++n)
+        {
+        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
+        out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+        }
+    }
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      const unsigned long length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+    {
+    unsigned int n;
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    for(n=0 ; n < length ; ++n)
+        AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
+    }
+
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
new file mode 100644
index 0000000000..ed566a8123
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -0,0 +1,1261 @@
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+   compatible API */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include <openssl/fips.h>
+#include "aes_locl.h"
+
+#ifndef OPENSSL_FIPS
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+        0x01000000, 0x02000000, 0x04000000, 0x08000000,
+        0x10000000, 0x20000000, 0x40000000, 0x80000000,
+        0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key) {
+
+        u32 *rk;
+        int i = 0;
+        u32 temp;
+
+        if (!userKey || !key)
+                return -1;
+        if (bits != 128 && bits != 192 && bits != 256)
+                return -2;
+
+        rk = key->rd_key;
+
+        if (bits==128)
+                key->rounds = 10;
+        else if (bits==192)
+                key->rounds = 12;
+        else
+                key->rounds = 14;
+
+        rk[0] = GETU32(userKey     );
+        rk[1] = GETU32(userKey +  4);
+        rk[2] = GETU32(userKey +  8);
+        rk[3] = GETU32(userKey + 12);
+        if (bits == 128) {
+                while (1) {
+                        temp  = rk[3];
+                        rk[4] = rk[0] ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                                rcon[i];
+                        rk[5] = rk[1] ^ rk[4];
+                        rk[6] = rk[2] ^ rk[5];
+                        rk[7] = rk[3] ^ rk[6];
+                        if (++i == 10) {
+                                return 0;
+                        }
+                        rk += 4;
+                }
+        }
+        rk[4] = GETU32(userKey + 16);
+        rk[5] = GETU32(userKey + 20);
+        if (bits == 192) {
+                while (1) {
+                        temp = rk[ 5];
+                        rk[ 6] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                                rcon[i];
+                        rk[ 7] = rk[ 1] ^ rk[ 6];
+                        rk[ 8] = rk[ 2] ^ rk[ 7];
+                        rk[ 9] = rk[ 3] ^ rk[ 8];
+                        if (++i == 8) {
+                                return 0;
+                        }
+                        rk[10] = rk[ 4] ^ rk[ 9];
+                        rk[11] = rk[ 5] ^ rk[10];
+                        rk += 6;
+                }
+        }
+        rk[6] = GETU32(userKey + 24);
+        rk[7] = GETU32(userKey + 28);
+        if (bits == 256) {
+                while (1) {
+                        temp = rk[ 7];
+                        rk[ 8] = rk[ 0] ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                                rcon[i];
+                        rk[ 9] = rk[ 1] ^ rk[ 8];
+                        rk[10] = rk[ 2] ^ rk[ 9];
+                        rk[11] = rk[ 3] ^ rk[10];
+                        if (++i == 7) {
+                                return 0;
+                        }
+                        temp = rk[11];
+                        rk[12] = rk[ 4] ^
+                                (Te4[(temp >> 24)       ] & 0xff000000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp      ) & 0xff] & 0x000000ff);
+                        rk[13] = rk[ 5] ^ rk[12];
+                        rk[14] = rk[ 6] ^ rk[13];
+                        rk[15] = rk[ 7] ^ rk[14];
+
+                        rk += 8;
+                }
+        }
+        return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         AES_KEY *key) {
+
+        u32 *rk;
+        int i, j, status;
+        u32 temp;
+
+        /* first, start with an encryption schedule */
+        status = AES_set_encrypt_key(userKey, bits, key);
+        if (status < 0)
+                return status;
+
+        rk = key->rd_key;
+
+        /* invert the order of the round keys: */
+        for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+                temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+                temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+                temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+                temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+        }
+        /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+        for (i = 1; i < (key->rounds); i++) {
+                rk += 4;
+                rk[0] =
+                        Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
+                        Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
+                        Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
+                rk[1] =
+                        Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
+                        Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
+                        Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
+                rk[2] =
+                        Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
+                        Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
+                        Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
+                rk[3] =
+                        Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
+                        Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
+                        Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
+        }
+        return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key) {
+
+        const u32 *rk;
+        u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+        int r;
+#endif /* ?FULL_UNROLL */
+
+        assert(in && out && key);
+        rk = key->rd_key;
+
+        /*
+         * map byte array block to cipher state
+         * and add initial round key:
+         */
+        s0 = GETU32(in     ) ^ rk[0];
+        s1 = GETU32(in +  4) ^ rk[1];
+        s2 = GETU32(in +  8) ^ rk[2];
+        s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+        /* round 1: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+        /* round 2: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+        /* round 3: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+        /* round 4: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+        /* round 5: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+        /* round 6: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+        /* round 7: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+        /* round 8: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+        /* round 9: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+         * apply last round and
+         * map cipher state to byte array block:
+         */
+        s0 =
+                (Te4[(t0 >> 24)       ] & 0xff000000) ^
+                (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t3      ) & 0xff] & 0x000000ff) ^
+                rk[0];
+        PUTU32(out     , s0);
+        s1 =
+                (Te4[(t1 >> 24)       ] & 0xff000000) ^
+                (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t0      ) & 0xff] & 0x000000ff) ^
+                rk[1];
+        PUTU32(out +  4, s1);
+        s2 =
+                (Te4[(t2 >> 24)       ] & 0xff000000) ^
+                (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t1      ) & 0xff] & 0x000000ff) ^
+                rk[2];
+        PUTU32(out +  8, s2);
+        s3 =
+                (Te4[(t3 >> 24)       ] & 0xff000000) ^
+                (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t2      ) & 0xff] & 0x000000ff) ^
+                rk[3];
+        PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key) {
+
+        const u32 *rk;
+        u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+        int r;
+#endif /* ?FULL_UNROLL */
+
+        assert(in && out && key);
+        rk = key->rd_key;
+
+        /*
+         * map byte array block to cipher state
+         * and add initial round key:
+         */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+        rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+         * apply last round and
+         * map cipher state to byte array block:
+         */
+        s0 =
+                (Td4[(t0 >> 24)       ] & 0xff000000) ^
+                (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t1      ) & 0xff] & 0x000000ff) ^
+                rk[0];
+        PUTU32(out     , s0);
+        s1 =
+                (Td4[(t1 >> 24)       ] & 0xff000000) ^
+                (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t2      ) & 0xff] & 0x000000ff) ^
+                rk[1];
+        PUTU32(out +  4, s1);
+        s2 =
+                (Td4[(t2 >> 24)       ] & 0xff000000) ^
+                (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t3      ) & 0xff] & 0x000000ff) ^
+                rk[2];
+        PUTU32(out +  8, s2);
+        s3 =
+                (Td4[(t3 >> 24)       ] & 0xff000000) ^
+                (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t0      ) & 0xff] & 0x000000ff) ^
+                rk[3];
+        PUTU32(out + 12, s3);
+}
+
+#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c
new file mode 100644
index 0000000000..f36982be1e
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_ctr.c
@@ -0,0 +1,139 @@
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
+ * is endian-neutral. */
+
+/* increment counter (128-bit int) by 1 */
+static void AES_ctr128_inc(unsigned char *counter) {
+        unsigned long c;
+
+        /* Grab bottom dword of counter and increment */
+        c = GETU32(counter + 12);
+        c++;    c &= 0xFFFFFFFF;
+        PUTU32(counter + 12, c);
+
+        /* if no overflow, we're done */
+        if (c)
+                return;
+
+        /* Grab 1st dword of counter and increment */
+        c = GETU32(counter +  8);
+        c++;    c &= 0xFFFFFFFF;
+        PUTU32(counter +  8, c);
+
+        /* if no overflow, we're done */
+        if (c)
+                return;
+
+        /* Grab 2nd dword of counter and increment */
+        c = GETU32(counter +  4);
+        c++;    c &= 0xFFFFFFFF;
+        PUTU32(counter +  4, c);
+
+        /* if no overflow, we're done */
+        if (c)
+                return;
+
+        /* Grab top dword of counter and increment */
+        c = GETU32(counter +  0);
+        c++;    c &= 0xFFFFFFFF;
+        PUTU32(counter +  0, c);
+}
+
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to AES_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV.  This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char ivec[AES_BLOCK_SIZE],
+        unsigned char ecount_buf[AES_BLOCK_SIZE],
+        unsigned int *num) {
+
+        unsigned int n;
+        unsigned long l=length;
+
+        assert(in && out && key && counter && num);
+        assert(*num < AES_BLOCK_SIZE);
+
+        n = *num;
+
+        while (l--) {
+                if (n == 0) {
+                        AES_encrypt(ivec, ecount_buf, key);
+                        AES_ctr128_inc(ivec);
+                }
+                *(out++) = *(in++) ^ ecount_buf[n];
+                n = (n+1) % AES_BLOCK_SIZE;
+        }
+
+        *num=n;
+}
diff --git a/src/lib/libcrypto/aes/aes_ecb.c b/src/lib/libcrypto/aes/aes_ecb.c
new file mode 100644
index 0000000000..28aa561c2d
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_ecb.c
@@ -0,0 +1,73 @@
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc) {
+
+        assert(in && out && key);
+        assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+        if (AES_ENCRYPT == enc)
+                AES_encrypt(in, out, key);
+        else
+                AES_decrypt(in, out, key);
+}
+
diff --git a/src/lib/libcrypto/aes/aes_locl.h b/src/lib/libcrypto/aes/aes_locl.h
new file mode 100644
index 0000000000..4184729e34
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_locl.h
@@ -0,0 +1,85 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+#define HEADER_AES_LOCL_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+#endif
+
+typedef unsigned long u32;
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+#define MAXKC   (256/32)
+#define MAXKB   (256/8)
+#define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+#undef FULL_UNROLL
+
+#endif /* !HEADER_AES_LOCL_H */
diff --git a/src/lib/libcrypto/aes/aes_misc.c b/src/lib/libcrypto/aes/aes_misc.c
new file mode 100644
index 0000000000..090def25d5
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_misc.c
@@ -0,0 +1,64 @@
+/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
+
+const char *AES_options(void) {
+#ifdef FULL_UNROLL
+        return "aes(full)";
+#else   
+        return "aes(partial)";
+#endif
+}
diff --git a/src/lib/libcrypto/aes/aes_ofb.c b/src/lib/libcrypto/aes/aes_ofb.c
new file mode 100644
index 0000000000..f358bb39e2
--- /dev/null
+++ b/src/lib/libcrypto/aes/aes_ofb.c
@@ -0,0 +1,142 @@
+/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+        const unsigned long length, const AES_KEY *key,
+        unsigned char *ivec, int *num) {
+
+        unsigned int n;
+        unsigned long l=length;
+
+        assert(in && out && key && ivec && num);
+
+        n = *num;
+
+        while (l--) {
+                if (n == 0) {
+                        AES_encrypt(ivec, ivec, key);
+                }
+                *(out++) = *(in++) ^ ivec[n];
+                n = (n+1) % AES_BLOCK_SIZE;
+        }
+
+        *num=n;
+}
diff --git a/src/lib/libcrypto/aes/asm/aes-586.pl b/src/lib/libcrypto/aes/asm/aes-586.pl
new file mode 100644
index 0000000000..688fda21ff
--- /dev/null
+++ b/src/lib/libcrypto/aes/asm/aes-586.pl
@@ -0,0 +1,1541 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Version 2.0.
+#
+# You might fail to appreciate this module performance from the first
+# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
+# to be *the* best Intel C compiler without -KPIC, performance appears
+# to be virtually identical... But try to re-configure with shared
+# library support... Aha! Intel compiler "suddenly" lags behind by 30%
+# [on P4, more on others]:-) And if compared to position-independent
+# code generated by GNU C, this code performs *more* than *twice* as
+# fast! Yes, all this buzz about PIC means that unlike other hand-
+# coded implementations, this one was explicitly designed to be safe
+# to use even in shared library context... This also means that this
+# code isn't necessarily absolutely fastest "ever," because in order
+# to achieve position independence an extra register has to be
+# off-loaded to stack, which affects the benchmark result.
+#
+# Special note about instruction choice. Do you recall RC4_INT code
+# performing poorly on P4? It might be the time to figure out why.
+# RC4_INT code implies effective address calculations in base+offset*4
+# form. Trouble is that it seems that offset scaling turned to be
+# critical path... At least eliminating scaling resulted in 2.8x RC4
+# performance improvement [as you might recall]. As AES code is hungry
+# for scaling too, I [try to] avoid the latter by favoring off-by-2
+# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.
+#
+# As was shown by Dean Gaudet <dean@arctic.org>, the above note turned
+# void. Performance improvement with off-by-2 shifts was observed on
+# intermediate implementation, which was spilling yet another register
+# to stack... Final offset*4 code below runs just a tad faster on P4,
+# but exhibits up to 10% improvement on other cores.
+#
+# Second version is "monolithic" replacement for aes_core.c, which in
+# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
+# This made it possible to implement little-endian variant of the
+# algorithm without modifying the base C code. Motivating factor for
+# the undertaken effort was that it appeared that in tight IA-32
+# register window little-endian flavor could achieve slightly higher
+# Instruction Level Parallelism, and it indeed resulted in up to 15%
+# better performance on most recent µ-archs...
+#
+# Current ECB performance numbers for 128-bit key in cycles per byte
+# [measure commonly used by AES benchmarkers] are:
+#
+#               small footprint         fully unrolled
+# P4[-3]        23[24]                  22[23]
+# AMD K8        19                      18
+# PIII          26(*)                   23
+# Pentium       63(*)                   52
+#
+# (*)   Performance difference between small footprint code and fully
+#       unrolled in more commonly used CBC mode is not as big, 7% for
+#       PIII and 15% for Pentium, which I consider tolerable.
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
+
+$small_footprint=1;     # $small_footprint=1 code is ~5% slower [on
+                        # recent µ-archs], but ~5 times smaller!
+                        # I favor compact code, because it minimizes
+                        # cache contention...
+$vertical_spin=0;       # shift "verticaly" defaults to 0, because of
+                        # its proof-of-concept status, see below...
+
+$s0="eax";
+$s1="ebx";
+$s2="ecx";
+$s3="edx";
+$key="esi";
+$acc="edi";
+
+if ($vertical_spin) {
+        # I need high parts of volatile registers to be accessible...
+        $s1="esi";      $key="ebx";
+        $s2="edi";      $acc="ecx";
+}
+# Note that there is no decvert(), as well as last encryption round is
+# performed with "horizontal" shifts. This is because this "vertical"
+# implementation [one which groups shifts on a given $s[i] to form a
+# "column," unlike "horizontal" one, which groups shifts on different
+# $s[i] to form a "row"] is work in progress. It was observed to run
+# few percents faster on Intel cores, but not AMD. On AMD K8 core it's
+# whole 12% slower:-( So we face a trade-off... Shall it be resolved
+# some day? Till then the code is considered experimental and by
+# default remains dormant...
+
+sub encvert()
+{ my ($te,@s) = @_;
+  my $v0 = $acc, $v1 = $key;
+
+        &mov    ($v0,$s[3]);                            # copy s3
+        &mov    (&DWP(0,"esp"),$s[2]);                  # save s2
+        &mov    ($v1,$s[0]);                            # copy s0
+        &mov    (&DWP(4,"esp"),$s[1]);                  # save s1
+
+        &movz   ($s[2],&HB($s[0]));
+        &and    ($s[0],0xFF);
+        &mov    ($s[0],&DWP(1024*0,$te,$s[0],4));       # s0>>0
+        &shr    ($v1,16);
+        &mov    ($s[3],&DWP(1024*1,$te,$s[2],4));       # s0>>8
+        &movz   ($s[1],&HB($v1));
+        &and    ($v1,0xFF);
+        &mov    ($s[2],&DWP(1024*2,$te,$v1,4));         # s0>>16
+         &mov   ($v1,$v0);
+        &mov    ($s[1],&DWP(1024*3,$te,$s[1],4));       # s0>>24
+
+        &and    ($v0,0xFF);
+        &xor    ($s[3],&DWP(1024*0,$te,$v0,4));         # s3>>0
+        &movz   ($v0,&HB($v1));
+        &shr    ($v1,16);
+        &xor    ($s[2],&DWP(1024*1,$te,$v0,4));         # s3>>8
+        &movz   ($v0,&HB($v1));
+        &and    ($v1,0xFF);
+        &xor    ($s[1],&DWP(1024*2,$te,$v1,4));         # s3>>16
+         &mov   ($v1,&DWP(0,"esp"));                    # restore s2
+        &xor    ($s[0],&DWP(1024*3,$te,$v0,4));         # s3>>24
+
+        &mov    ($v0,$v1);
+        &and    ($v1,0xFF);
+        &xor    ($s[2],&DWP(1024*0,$te,$v1,4));         # s2>>0
+        &movz   ($v1,&HB($v0));
+        &shr    ($v0,16);
+        &xor    ($s[1],&DWP(1024*1,$te,$v1,4));         # s2>>8
+        &movz   ($v1,&HB($v0));
+        &and    ($v0,0xFF);
+        &xor    ($s[0],&DWP(1024*2,$te,$v0,4));         # s2>>16
+         &mov   ($v0,&DWP(4,"esp"));                    # restore s1
+        &xor    ($s[3],&DWP(1024*3,$te,$v1,4));         # s2>>24
+
+        &mov    ($v1,$v0);
+        &and    ($v0,0xFF);
+        &xor    ($s[1],&DWP(1024*0,$te,$v0,4));         # s1>>0
+        &movz   ($v0,&HB($v1));
+        &shr    ($v1,16);
+        &xor    ($s[0],&DWP(1024*1,$te,$v0,4));         # s1>>8
+        &movz   ($v0,&HB($v1));
+        &and    ($v1,0xFF);
+        &xor    ($s[3],&DWP(1024*2,$te,$v1,4));         # s1>>16
+         &mov   ($key,&DWP(12,"esp"));                  # reincarnate v1 as key
+        &xor    ($s[2],&DWP(1024*3,$te,$v0,4));         # s1>>24
+}
+
+sub encstep()
+{ my ($i,$te,@s) = @_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+        # lines marked with #%e?x[i] denote "reordered" instructions...
+        if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
+        else        {   &mov    ($out,$s[0]);
+                        &and    ($out,0xFF);                    }
+        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
+        if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
+                        &mov    ($out,&DWP(1024*0,$te,$out,4));
+
+        if ($i==3)  {   $tmp=$s[1];                             }##%eax
+                        &movz   ($tmp,&HB($s[1]));
+                        &xor    ($out,&DWP(1024*1,$te,$tmp,4));
+
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
+        else        {   &mov    ($tmp,$s[2]);
+                        &shr    ($tmp,16);                      }
+        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
+                        &and    ($tmp,0xFF);
+                        &xor    ($out,&DWP(1024*2,$te,$tmp,4));
+
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
+        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
+        else        {   &mov    ($tmp,$s[3]); 
+                        &shr    ($tmp,24)                       }
+                        &xor    ($out,&DWP(1024*3,$te,$tmp,4));
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
+        if ($i==3)  {   &mov    ($s[3],$acc);                   }
+                        &comment();
+}
+
+sub enclast()
+{ my ($i,$te,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+        if ($i==3)  {   &mov    ($key,&DWP(12,"esp"));          }##%edx
+        else        {   &mov    ($out,$s[0]);                   }
+                        &and    ($out,0xFF);
+        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
+        if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
+                        &mov    ($out,&DWP(1024*0,$te,$out,4));
+                        &and    ($out,0x000000ff);
+
+        if ($i==3)  {   $tmp=$s[1];                             }##%eax
+                        &movz   ($tmp,&HB($s[1]));
+                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
+                        &and    ($tmp,0x0000ff00);
+                        &xor    ($out,$tmp);
+
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
+        else        {   mov     ($tmp,$s[2]);
+                        &shr    ($tmp,16);                      }
+        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
+                        &and    ($tmp,0xFF);
+                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
+                        &and    ($tmp,0x00ff0000);
+                        &xor    ($out,$tmp);
+
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
+        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
+        else        {   &mov    ($tmp,$s[3]);
+                        &shr    ($tmp,24);                      }
+                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
+                        &and    ($tmp,0xff000000);
+                        &xor    ($out,$tmp);
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
+        if ($i==3)  {   &mov    ($s[3],$acc);                   }
+}
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+&public_label("AES_Te");
+&function_begin("AES_encrypt");
+        &mov    ($acc,&wparam(0));              # load inp
+        &mov    ($key,&wparam(2));              # load key
+
+        &call   (&label("pic_point"));          # make it PIC!
+        &set_label("pic_point");
+        &blindpop("ebp");
+        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+        # allocate aligned stack frame
+        &mov    ($s0,"esp");
+        &sub    ("esp",20);
+        &and    ("esp",-16);
+
+        &mov    (&DWP(12,"esp"),$key);          # save key
+        &mov    (&DWP(16,"esp"),$s0);           # save %esp
+
+        &mov    ($s0,&DWP(0,$acc));             # load input data
+        &mov    ($s1,&DWP(4,$acc));
+        &mov    ($s2,&DWP(8,$acc));
+        &mov    ($s3,&DWP(12,$acc));
+
+        &xor    ($s0,&DWP(0,$key));
+        &xor    ($s1,&DWP(4,$key));
+        &xor    ($s2,&DWP(8,$key));
+        &xor    ($s3,&DWP(12,$key));
+
+        &mov    ($acc,&DWP(240,$key));          # load key->rounds
+
+        if ($small_footprint) {
+            &lea        ($acc,&DWP(-2,$acc,$acc));
+            &lea        ($acc,&DWP(0,$key,$acc,8));
+            &mov        (&DWP(8,"esp"),$acc);   # end of key schedule
+            &align      (4);
+            &set_label("loop");
+                if ($vertical_spin) {
+                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                } else {
+                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                }
+                &add    ($key,16);                      # advance rd_key
+                &xor    ($s0,&DWP(0,$key));
+                &xor    ($s1,&DWP(4,$key));
+                &xor    ($s2,&DWP(8,$key));
+                &xor    ($s3,&DWP(12,$key));
+            &cmp        ($key,&DWP(8,"esp"));
+            &mov        (&DWP(12,"esp"),$key);
+            &jb         (&label("loop"));
+        }
+        else {
+            &cmp        ($acc,10);
+            &jle        (&label("10rounds"));
+            &cmp        ($acc,12);
+            &jle        (&label("12rounds"));
+
+        &set_label("14rounds");
+            for ($i=1;$i<3;$i++) {
+                if ($vertical_spin) {
+                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                } else {
+                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                }
+                &xor    ($s0,&DWP(16*$i+0,$key));
+                &xor    ($s1,&DWP(16*$i+4,$key));
+                &xor    ($s2,&DWP(16*$i+8,$key));
+                &xor    ($s3,&DWP(16*$i+12,$key));
+            }
+            &add        ($key,32);
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
+        &set_label("12rounds");
+            for ($i=1;$i<3;$i++) {
+                if ($vertical_spin) {
+                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                } else {
+                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                }
+                &xor    ($s0,&DWP(16*$i+0,$key));
+                &xor    ($s1,&DWP(16*$i+4,$key));
+                &xor    ($s2,&DWP(16*$i+8,$key));
+                &xor    ($s3,&DWP(16*$i+12,$key));
+            }
+            &add        ($key,32);
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
+        &set_label("10rounds");
+            for ($i=1;$i<10;$i++) {
+                if ($vertical_spin) {
+                    &encvert("ebp",$s0,$s1,$s2,$s3);
+                } else {
+                    &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+                    &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+                }
+                &xor    ($s0,&DWP(16*$i+0,$key));
+                &xor    ($s1,&DWP(16*$i+4,$key));
+                &xor    ($s2,&DWP(16*$i+8,$key));
+                &xor    ($s3,&DWP(16*$i+12,$key));
+            }
+        }
+
+        &add    ("ebp",4*1024);                 # skip to Te4
+        if ($vertical_spin) {
+            # "reincarnate" some registers for "horizontal" spin...
+            &mov        ($s1="ebx",$key="esi");
+            &mov        ($s2="ecx",$acc="edi");
+        }
+        &enclast(0,"ebp",$s0,$s1,$s2,$s3);
+        &enclast(1,"ebp",$s1,$s2,$s3,$s0);
+        &enclast(2,"ebp",$s2,$s3,$s0,$s1);
+        &enclast(3,"ebp",$s3,$s0,$s1,$s2);
+
+        &mov    ("esp",&DWP(16,"esp"));         # restore %esp
+        &add    ($key,$small_footprint?16:160);
+        &xor    ($s0,&DWP(0,$key));
+        &xor    ($s1,&DWP(4,$key));
+        &xor    ($s2,&DWP(8,$key));
+        &xor    ($s3,&DWP(12,$key));
+
+        &mov    ($acc,&wparam(1));              # load out
+        &mov    (&DWP(0,$acc),$s0);             # write output data
+        &mov    (&DWP(4,$acc),$s1);
+        &mov    (&DWP(8,$acc),$s2);
+        &mov    (&DWP(12,$acc),$s3);
+
+        &pop    ("edi");
+        &pop    ("esi");
+        &pop    ("ebx");
+        &pop    ("ebp");
+        &ret    ();
+
+&set_label("AES_Te",64);        # Yes! I keep it in the code segment!
+        &data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+        &data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+        &data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+        &data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+        &data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+        &data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+        &data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+        &data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+        &data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+        &data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+        &data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+        &data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+        &data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+        &data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+        &data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+        &data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+        &data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+        &data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+        &data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+        &data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+        &data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+        &data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+        &data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+        &data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+        &data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+        &data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+        &data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+        &data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+        &data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+        &data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+        &data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+        &data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+        &data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+        &data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+        &data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+        &data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+        &data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+        &data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+        &data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+        &data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+        &data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+        &data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+        &data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+        &data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+        &data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+        &data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+        &data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+        &data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+        &data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+        &data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+        &data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+        &data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+        &data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+        &data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+        &data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+        &data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+        &data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+        &data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+        &data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+        &data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+        &data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+        &data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+        &data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+        &data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+#Te1:
+        &data_word(0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d);
+        &data_word(0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154);
+        &data_word(0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d);
+        &data_word(0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a);
+        &data_word(0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87);
+        &data_word(0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b);
+        &data_word(0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea);
+        &data_word(0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b);
+        &data_word(0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a);
+        &data_word(0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f);
+        &data_word(0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908);
+        &data_word(0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f);
+        &data_word(0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e);
+        &data_word(0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5);
+        &data_word(0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d);
+        &data_word(0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f);
+        &data_word(0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e);
+        &data_word(0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb);
+        &data_word(0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce);
+        &data_word(0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397);
+        &data_word(0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c);
+        &data_word(0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed);
+        &data_word(0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b);
+        &data_word(0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a);
+        &data_word(0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16);
+        &data_word(0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194);
+        &data_word(0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81);
+        &data_word(0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3);
+        &data_word(0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a);
+        &data_word(0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104);
+        &data_word(0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263);
+        &data_word(0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d);
+        &data_word(0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f);
+        &data_word(0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39);
+        &data_word(0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47);
+        &data_word(0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695);
+        &data_word(0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f);
+        &data_word(0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83);
+        &data_word(0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c);
+        &data_word(0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76);
+        &data_word(0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e);
+        &data_word(0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4);
+        &data_word(0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6);
+        &data_word(0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b);
+        &data_word(0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7);
+        &data_word(0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0);
+        &data_word(0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25);
+        &data_word(0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018);
+        &data_word(0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72);
+        &data_word(0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751);
+        &data_word(0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21);
+        &data_word(0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85);
+        &data_word(0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa);
+        &data_word(0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12);
+        &data_word(0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0);
+        &data_word(0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9);
+        &data_word(0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233);
+        &data_word(0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7);
+        &data_word(0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920);
+        &data_word(0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a);
+        &data_word(0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17);
+        &data_word(0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8);
+        &data_word(0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11);
+        &data_word(0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a);
+#Te2:
+        &data_word(0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b);
+        &data_word(0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5);
+        &data_word(0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b);
+        &data_word(0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76);
+        &data_word(0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d);
+        &data_word(0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0);
+        &data_word(0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf);
+        &data_word(0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0);
+        &data_word(0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26);
+        &data_word(0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc);
+        &data_word(0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1);
+        &data_word(0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15);
+        &data_word(0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3);
+        &data_word(0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a);
+        &data_word(0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2);
+        &data_word(0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75);
+        &data_word(0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a);
+        &data_word(0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0);
+        &data_word(0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3);
+        &data_word(0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784);
+        &data_word(0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced);
+        &data_word(0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b);
+        &data_word(0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39);
+        &data_word(0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf);
+        &data_word(0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb);
+        &data_word(0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485);
+        &data_word(0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f);
+        &data_word(0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8);
+        &data_word(0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f);
+        &data_word(0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5);
+        &data_word(0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321);
+        &data_word(0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2);
+        &data_word(0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec);
+        &data_word(0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917);
+        &data_word(0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d);
+        &data_word(0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573);
+        &data_word(0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc);
+        &data_word(0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388);
+        &data_word(0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14);
+        &data_word(0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db);
+        &data_word(0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a);
+        &data_word(0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c);
+        &data_word(0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662);
+        &data_word(0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79);
+        &data_word(0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d);
+        &data_word(0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9);
+        &data_word(0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea);
+        &data_word(0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808);
+        &data_word(0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e);
+        &data_word(0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6);
+        &data_word(0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f);
+        &data_word(0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a);
+        &data_word(0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66);
+        &data_word(0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e);
+        &data_word(0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9);
+        &data_word(0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e);
+        &data_word(0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311);
+        &data_word(0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794);
+        &data_word(0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9);
+        &data_word(0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf);
+        &data_word(0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d);
+        &data_word(0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868);
+        &data_word(0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f);
+        &data_word(0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16);
+#Te3:
+        &data_word(0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b);
+        &data_word(0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5);
+        &data_word(0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b);
+        &data_word(0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676);
+        &data_word(0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d);
+        &data_word(0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0);
+        &data_word(0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf);
+        &data_word(0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0);
+        &data_word(0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626);
+        &data_word(0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc);
+        &data_word(0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1);
+        &data_word(0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515);
+        &data_word(0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3);
+        &data_word(0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a);
+        &data_word(0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2);
+        &data_word(0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575);
+        &data_word(0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a);
+        &data_word(0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0);
+        &data_word(0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3);
+        &data_word(0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484);
+        &data_word(0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded);
+        &data_word(0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b);
+        &data_word(0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939);
+        &data_word(0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf);
+        &data_word(0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb);
+        &data_word(0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585);
+        &data_word(0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f);
+        &data_word(0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8);
+        &data_word(0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f);
+        &data_word(0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5);
+        &data_word(0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121);
+        &data_word(0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2);
+        &data_word(0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec);
+        &data_word(0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717);
+        &data_word(0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d);
+        &data_word(0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373);
+        &data_word(0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc);
+        &data_word(0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888);
+        &data_word(0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414);
+        &data_word(0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb);
+        &data_word(0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a);
+        &data_word(0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c);
+        &data_word(0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262);
+        &data_word(0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979);
+        &data_word(0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d);
+        &data_word(0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9);
+        &data_word(0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea);
+        &data_word(0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808);
+        &data_word(0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e);
+        &data_word(0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6);
+        &data_word(0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f);
+        &data_word(0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a);
+        &data_word(0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666);
+        &data_word(0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e);
+        &data_word(0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9);
+        &data_word(0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e);
+        &data_word(0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111);
+        &data_word(0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494);
+        &data_word(0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9);
+        &data_word(0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf);
+        &data_word(0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d);
+        &data_word(0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868);
+        &data_word(0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f);
+        &data_word(0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616);
+#Te4:
+        &data_word(0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b);
+        &data_word(0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5);
+        &data_word(0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b);
+        &data_word(0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676);
+        &data_word(0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d);
+        &data_word(0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0);
+        &data_word(0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf);
+        &data_word(0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0);
+        &data_word(0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626);
+        &data_word(0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc);
+        &data_word(0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1);
+        &data_word(0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515);
+        &data_word(0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3);
+        &data_word(0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a);
+        &data_word(0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2);
+        &data_word(0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575);
+        &data_word(0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a);
+        &data_word(0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0);
+        &data_word(0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3);
+        &data_word(0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484);
+        &data_word(0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed);
+        &data_word(0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b);
+        &data_word(0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939);
+        &data_word(0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf);
+        &data_word(0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb);
+        &data_word(0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585);
+        &data_word(0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f);
+        &data_word(0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8);
+        &data_word(0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f);
+        &data_word(0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5);
+        &data_word(0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121);
+        &data_word(0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2);
+        &data_word(0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec);
+        &data_word(0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717);
+        &data_word(0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d);
+        &data_word(0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373);
+        &data_word(0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc);
+        &data_word(0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888);
+        &data_word(0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414);
+        &data_word(0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb);
+        &data_word(0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a);
+        &data_word(0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c);
+        &data_word(0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262);
+        &data_word(0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979);
+        &data_word(0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d);
+        &data_word(0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9);
+        &data_word(0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea);
+        &data_word(0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808);
+        &data_word(0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e);
+        &data_word(0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6);
+        &data_word(0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f);
+        &data_word(0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a);
+        &data_word(0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666);
+        &data_word(0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e);
+        &data_word(0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9);
+        &data_word(0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e);
+        &data_word(0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111);
+        &data_word(0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494);
+        &data_word(0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9);
+        &data_word(0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf);
+        &data_word(0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d);
+        &data_word(0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868);
+        &data_word(0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f);
+        &data_word(0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616);
+#rcon:
+        &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
+        &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
+        &data_word(0x0000001b, 0x00000036);
+&function_end_B("AES_encrypt");
+
+#------------------------------------------------------------------#
+
+$s0="eax";
+$s1="ebx";
+$s2="ecx";
+$s3="edx";
+$key="edi";
+$acc="esi";
+
+sub decstep()
+{ my ($i,$td,@s) = @_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+        # no instructions are reordered, as performance appears
+        # optimal... or rather that all attempts to reorder didn't
+        # result in better performance [which by the way is not a
+        # bit lower than ecryption].
+        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
+        else        {   &mov    ($out,$s[0]);                   }
+                        &and    ($out,0xFF);
+                        &mov    ($out,&DWP(1024*0,$td,$out,4));
+
+        if ($i==3)  {   $tmp=$s[1];                             }
+                        &movz   ($tmp,&HB($s[1]));
+                        &xor    ($out,&DWP(1024*1,$td,$tmp,4));
+
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
+        else        {   &mov    ($tmp,$s[2]);                   }
+                        &shr    ($tmp,16);
+                        &and    ($tmp,0xFF);
+                        &xor    ($out,&DWP(1024*2,$td,$tmp,4));
+
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
+        else        {   &mov    ($tmp,$s[3]);                   }
+                        &shr    ($tmp,24);
+                        &xor    ($out,&DWP(1024*3,$td,$tmp,4));
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
+        if ($i==3)  {   &mov    ($s[3],&DWP(0,"esp"));          }
+                        &comment();
+}
+
+sub declast()
+{ my ($i,$td,@s)=@_;
+  my $tmp = $key;
+  my $out = $i==3?$s[0]:$acc;
+
+        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
+        else        {   &mov    ($out,$s[0]);                   }
+                        &and    ($out,0xFF);
+                        &mov    ($out,&DWP(0,$td,$out,4));
+                        &and    ($out,0x000000ff);
+
+        if ($i==3)  {   $tmp=$s[1];                             }
+                        &movz   ($tmp,&HB($s[1]));
+                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
+                        &and    ($tmp,0x0000ff00);
+                        &xor    ($out,$tmp);
+
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
+        else        {   mov     ($tmp,$s[2]);                   }
+                        &shr    ($tmp,16);
+                        &and    ($tmp,0xFF);
+                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
+                        &and    ($tmp,0x00ff0000);
+                        &xor    ($out,$tmp);
+
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
+        else        {   &mov    ($tmp,$s[3]);                   }
+                        &shr    ($tmp,24);
+                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
+                        &and    ($tmp,0xff000000);
+                        &xor    ($out,$tmp);
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
+        if ($i==3)  {   &mov    ($s[3],&DWP(0,"esp"));          }
+}
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+&public_label("AES_Td");
+&function_begin("AES_decrypt");
+        &mov    ($acc,&wparam(0));              # load inp
+        &mov    ($key,&wparam(2));              # load key
+
+        &call   (&label("pic_point"));          # make it PIC!
+        &set_label("pic_point");
+        &blindpop("ebp");
+        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+
+        # allocate aligned stack frame
+        &mov    ($s0,"esp");
+        &sub    ("esp",20);
+        &and    ("esp",-16);
+
+        &mov    (&DWP(12,"esp"),$key);          # save key
+        &mov    (&DWP(16,"esp"),$s0);           # save %esp
+
+        &mov    ($s0,&DWP(0,$acc));             # load input data
+        &mov    ($s1,&DWP(4,$acc));
+        &mov    ($s2,&DWP(8,$acc));
+        &mov    ($s3,&DWP(12,$acc));
+
+        &xor    ($s0,&DWP(0,$key));
+        &xor    ($s1,&DWP(4,$key));
+        &xor    ($s2,&DWP(8,$key));
+        &xor    ($s3,&DWP(12,$key));
+
+        &mov    ($acc,&DWP(240,$key));          # load key->rounds
+
+        if ($small_footprint) {
+            &lea        ($acc,&DWP(-2,$acc,$acc));
+            &lea        ($acc,&DWP(0,$key,$acc,8));
+            &mov        (&DWP(8,"esp"),$acc);   # end of key schedule
+            &align      (4);
+            &set_label("loop");
+                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+                &add    ($key,16);                      # advance rd_key
+                &xor    ($s0,&DWP(0,$key));
+                &xor    ($s1,&DWP(4,$key));
+                &xor    ($s2,&DWP(8,$key));
+                &xor    ($s3,&DWP(12,$key));
+            &cmp        ($key,&DWP(8,"esp"));
+            &mov        (&DWP(12,"esp"),$key);
+            &jb         (&label("loop"));
+        }
+        else {
+            &cmp        ($acc,10);
+            &jle        (&label("10rounds"));
+            &cmp        ($acc,12);
+            &jle        (&label("12rounds"));
+
+        &set_label("14rounds");
+            for ($i=1;$i<3;$i++) {
+                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+                &xor    ($s0,&DWP(16*$i+0,$key));
+                &xor    ($s1,&DWP(16*$i+4,$key));
+                &xor    ($s2,&DWP(16*$i+8,$key));
+                &xor    ($s3,&DWP(16*$i+12,$key));
+            }
+            &add        ($key,32);
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
+        &set_label("12rounds");
+            for ($i=1;$i<3;$i++) {
+                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+                &xor    ($s0,&DWP(16*$i+0,$key));
+                &xor    ($s1,&DWP(16*$i+4,$key));
+                &xor    ($s2,&DWP(16*$i+8,$key));
+                &xor    ($s3,&DWP(16*$i+12,$key));
+            }
+            &add        ($key,32);
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
+        &set_label("10rounds");
+            for ($i=1;$i<10;$i++) {
+                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+                &xor    ($s0,&DWP(16*$i+0,$key));
+                &xor    ($s1,&DWP(16*$i+4,$key));
+                &xor    ($s2,&DWP(16*$i+8,$key));
+                &xor    ($s3,&DWP(16*$i+12,$key));
+            }
+        }
+
+        &add    ("ebp",4*1024);                 # skip to Te4
+        &declast(0,"ebp",$s0,$s3,$s2,$s1);
+        &declast(1,"ebp",$s1,$s0,$s3,$s2);
+        &declast(2,"ebp",$s2,$s1,$s0,$s3);
+        &declast(3,"ebp",$s3,$s2,$s1,$s0);
+
+        &mov    ("esp",&DWP(16,"esp"));         # restore %esp
+        &add    ($key,$small_footprint?16:160);
+        &xor    ($s0,&DWP(0,$key));
+        &xor    ($s1,&DWP(4,$key));
+        &xor    ($s2,&DWP(8,$key));
+        &xor    ($s3,&DWP(12,$key));
+
+        &mov    ($key,&wparam(1));              # load out
+        &mov    (&DWP(0,$key),$s0);             # write output data
+        &mov    (&DWP(4,$key),$s1);
+        &mov    (&DWP(8,$key),$s2);
+        &mov    (&DWP(12,$key),$s3);
+
+        &pop    ("edi");
+        &pop    ("esi");
+        &pop    ("ebx");
+        &pop    ("ebp");
+        &ret    ();
+
+&set_label("AES_Td",64);        # Yes! I keep it in the code segment!
+        &data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+        &data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+        &data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+        &data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+        &data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+        &data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+        &data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+        &data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+        &data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+        &data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+        &data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+        &data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+        &data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+        &data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+        &data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+        &data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+        &data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+        &data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+        &data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+        &data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+        &data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+        &data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+        &data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+        &data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+        &data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+        &data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+        &data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+        &data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+        &data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+        &data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+        &data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+        &data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+        &data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+        &data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+        &data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+        &data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+        &data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+        &data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+        &data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+        &data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+        &data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+        &data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+        &data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+        &data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+        &data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+        &data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+        &data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+        &data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+        &data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+        &data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+        &data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+        &data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+        &data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+        &data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+        &data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+        &data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+        &data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+        &data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+        &data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+        &data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+        &data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+        &data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+        &data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+        &data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+#Td1:
+        &data_word(0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96);
+        &data_word(0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93);
+        &data_word(0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525);
+        &data_word(0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f);
+        &data_word(0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1);
+        &data_word(0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6);
+        &data_word(0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da);
+        &data_word(0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44);
+        &data_word(0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd);
+        &data_word(0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4);
+        &data_word(0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245);
+        &data_word(0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994);
+        &data_word(0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7);
+        &data_word(0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a);
+        &data_word(0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5);
+        &data_word(0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c);
+        &data_word(0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1);
+        &data_word(0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a);
+        &data_word(0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475);
+        &data_word(0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51);
+        &data_word(0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46);
+        &data_word(0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff);
+        &data_word(0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777);
+        &data_word(0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db);
+        &data_word(0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000);
+        &data_word(0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e);
+        &data_word(0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627);
+        &data_word(0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a);
+        &data_word(0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e);
+        &data_word(0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16);
+        &data_word(0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d);
+        &data_word(0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8);
+        &data_word(0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd);
+        &data_word(0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34);
+        &data_word(0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863);
+        &data_word(0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420);
+        &data_word(0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d);
+        &data_word(0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0);
+        &data_word(0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722);
+        &data_word(0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef);
+        &data_word(0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836);
+        &data_word(0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4);
+        &data_word(0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462);
+        &data_word(0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5);
+        &data_word(0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3);
+        &data_word(0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b);
+        &data_word(0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8);
+        &data_word(0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6);
+        &data_word(0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6);
+        &data_word(0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0);
+        &data_word(0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315);
+        &data_word(0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f);
+        &data_word(0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df);
+        &data_word(0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f);
+        &data_word(0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e);
+        &data_word(0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13);
+        &data_word(0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89);
+        &data_word(0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c);
+        &data_word(0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf);
+        &data_word(0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886);
+        &data_word(0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f);
+        &data_word(0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41);
+        &data_word(0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490);
+        &data_word(0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042);
+#Td2:
+        &data_word(0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e);
+        &data_word(0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303);
+        &data_word(0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c);
+        &data_word(0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3);
+        &data_word(0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0);
+        &data_word(0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9);
+        &data_word(0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59);
+        &data_word(0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8);
+        &data_word(0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71);
+        &data_word(0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a);
+        &data_word(0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f);
+        &data_word(0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b);
+        &data_word(0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8);
+        &data_word(0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab);
+        &data_word(0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508);
+        &data_word(0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82);
+        &data_word(0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2);
+        &data_word(0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe);
+        &data_word(0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb);
+        &data_word(0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110);
+        &data_word(0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd);
+        &data_word(0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15);
+        &data_word(0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e);
+        &data_word(0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee);
+        &data_word(0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000);
+        &data_word(0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72);
+        &data_word(0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739);
+        &data_word(0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e);
+        &data_word(0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91);
+        &data_word(0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a);
+        &data_word(0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17);
+        &data_word(0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9);
+        &data_word(0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60);
+        &data_word(0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e);
+        &data_word(0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1);
+        &data_word(0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011);
+        &data_word(0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1);
+        &data_word(0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3);
+        &data_word(0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264);
+        &data_word(0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90);
+        &data_word(0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b);
+        &data_word(0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf);
+        &data_word(0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246);
+        &data_word(0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af);
+        &data_word(0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312);
+        &data_word(0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb);
+        &data_word(0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a);
+        &data_word(0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8);
+        &data_word(0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c);
+        &data_word(0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066);
+        &data_word(0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8);
+        &data_word(0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6);
+        &data_word(0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04);
+        &data_word(0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51);
+        &data_word(0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41);
+        &data_word(0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347);
+        &data_word(0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c);
+        &data_word(0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1);
+        &data_word(0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37);
+        &data_word(0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db);
+        &data_word(0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40);
+        &data_word(0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195);
+        &data_word(0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1);
+        &data_word(0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257);
+#Td3:
+        &data_word(0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27);
+        &data_word(0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3);
+        &data_word(0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02);
+        &data_word(0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362);
+        &data_word(0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe);
+        &data_word(0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3);
+        &data_word(0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952);
+        &data_word(0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9);
+        &data_word(0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9);
+        &data_word(0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace);
+        &data_word(0x63184adf, 0xe582311a, 0x97603351, 0x62457f53);
+        &data_word(0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08);
+        &data_word(0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b);
+        &data_word(0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55);
+        &data_word(0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837);
+        &data_word(0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216);
+        &data_word(0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269);
+        &data_word(0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6);
+        &data_word(0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6);
+        &data_word(0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e);
+        &data_word(0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6);
+        &data_word(0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550);
+        &data_word(0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9);
+        &data_word(0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8);
+        &data_word(0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000);
+        &data_word(0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a);
+        &data_word(0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d);
+        &data_word(0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36);
+        &data_word(0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b);
+        &data_word(0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12);
+        &data_word(0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b);
+        &data_word(0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e);
+        &data_word(0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f);
+        &data_word(0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb);
+        &data_word(0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4);
+        &data_word(0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6);
+        &data_word(0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129);
+        &data_word(0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1);
+        &data_word(0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9);
+        &data_word(0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033);
+        &data_word(0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4);
+        &data_word(0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad);
+        &data_word(0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e);
+        &data_word(0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3);
+        &data_word(0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225);
+        &data_word(0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b);
+        &data_word(0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f);
+        &data_word(0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815);
+        &data_word(0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0);
+        &data_word(0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2);
+        &data_word(0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7);
+        &data_word(0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691);
+        &data_word(0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496);
+        &data_word(0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165);
+        &data_word(0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b);
+        &data_word(0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6);
+        &data_word(0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13);
+        &data_word(0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147);
+        &data_word(0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7);
+        &data_word(0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44);
+        &data_word(0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3);
+        &data_word(0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d);
+        &data_word(0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156);
+        &data_word(0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8);
+#Td4:
+        &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
+        &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
+        &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
+        &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
+        &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
+        &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
+        &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
+        &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
+        &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
+        &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
+        &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
+        &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
+        &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
+        &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
+        &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
+        &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
+        &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
+        &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
+        &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
+        &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
+        &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
+        &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
+        &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
+        &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
+        &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
+        &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
+        &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
+        &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
+        &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
+        &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
+        &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
+        &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
+        &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
+        &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
+        &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
+        &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
+        &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
+        &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
+        &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
+        &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
+        &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
+        &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
+        &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
+        &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
+        &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
+        &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
+        &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
+        &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
+        &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
+        &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
+        &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
+        &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
+        &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
+        &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
+        &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
+        &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
+        &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
+        &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
+        &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
+        &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
+        &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
+        &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
+        &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
+        &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
+&function_end_B("AES_decrypt");
+
+sub enckey()
+{
+        &movz   ("esi",&LB("edx"));             # rk[i]>>0
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
+        &movz   ("esi",&HB("edx"));             # rk[i]>>8
+        &and    ("ebx",0xFF000000);
+        &xor    ("eax","ebx");
+
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
+        &shr    ("edx",16);
+        &and    ("ebx",0x000000FF);
+        &movz   ("esi",&LB("edx"));             # rk[i]>>16
+        &xor    ("eax","ebx");
+
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
+        &movz   ("esi",&HB("edx"));             # rk[i]>>24
+        &and    ("ebx",0x0000FF00);
+        &xor    ("eax","ebx");
+
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
+        &and    ("ebx",0x00FF0000);
+        &xor    ("eax","ebx");
+
+        &xor    ("eax",&DWP(1024,"ebp","ecx",4));       # rcon
+}
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+&public_label("AES_Te");
+&function_begin("AES_set_encrypt_key");
+        &mov    ("esi",&wparam(0));             # user supplied key
+        &mov    ("edi",&wparam(2));             # private key schedule
+
+        &test   ("esi",-1);
+        &jz     (&label("badpointer"));
+        &test   ("edi",-1);
+        &jz     (&label("badpointer"));
+
+        &call   (&label("pic_point"));
+        &set_label("pic_point");
+        &blindpop("ebp");
+        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &add    ("ebp",1024*4);                 # skip to Te4
+
+        &mov    ("ecx",&wparam(1));             # number of bits in key
+        &cmp    ("ecx",128);
+        &je     (&label("10rounds"));
+        &cmp    ("ecx",192);
+        &je     (&label("12rounds"));
+        &cmp    ("ecx",256);
+        &je     (&label("14rounds"));
+        &mov    ("eax",-2);                     # invalid number of bits
+        &jmp    (&label("exit"));
+
+    &set_label("10rounds");
+        &mov    ("eax",&DWP(0,"esi"));          # copy first 4 dwords
+        &mov    ("ebx",&DWP(4,"esi"));
+        &mov    ("ecx",&DWP(8,"esi"));
+        &mov    ("edx",&DWP(12,"esi"));
+        &mov    (&DWP(0,"edi"),"eax");
+        &mov    (&DWP(4,"edi"),"ebx");
+        &mov    (&DWP(8,"edi"),"ecx");
+        &mov    (&DWP(12,"edi"),"edx");
+
+        &xor    ("ecx","ecx");
+        &jmp    (&label("10shortcut"));
+
+        &align  (4);
+        &set_label("10loop");
+                &mov    ("eax",&DWP(0,"edi"));          # rk[0]
+                &mov    ("edx",&DWP(12,"edi"));         # rk[3]
+        &set_label("10shortcut");
+                &enckey ();
+
+                &mov    (&DWP(16,"edi"),"eax");         # rk[4]
+                &xor    ("eax",&DWP(4,"edi"));
+                &mov    (&DWP(20,"edi"),"eax");         # rk[5]
+                &xor    ("eax",&DWP(8,"edi"));
+                &mov    (&DWP(24,"edi"),"eax");         # rk[6]
+                &xor    ("eax",&DWP(12,"edi"));
+                &mov    (&DWP(28,"edi"),"eax");         # rk[7]
+                &inc    ("ecx");
+                &add    ("edi",16);
+                &cmp    ("ecx",10);
+        &jl     (&label("10loop"));
+
+        &mov    (&DWP(80,"edi"),10);            # setup number of rounds
+        &xor    ("eax","eax");
+        &jmp    (&label("exit"));
+                
+    &set_label("12rounds");
+        &mov    ("eax",&DWP(0,"esi"));          # copy first 6 dwords
+        &mov    ("ebx",&DWP(4,"esi"));
+        &mov    ("ecx",&DWP(8,"esi"));
+        &mov    ("edx",&DWP(12,"esi"));
+        &mov    (&DWP(0,"edi"),"eax");
+        &mov    (&DWP(4,"edi"),"ebx");
+        &mov    (&DWP(8,"edi"),"ecx");
+        &mov    (&DWP(12,"edi"),"edx");
+        &mov    ("ecx",&DWP(16,"esi"));
+        &mov    ("edx",&DWP(20,"esi"));
+        &mov    (&DWP(16,"edi"),"ecx");
+        &mov    (&DWP(20,"edi"),"edx");
+
+        &xor    ("ecx","ecx");
+        &jmp    (&label("12shortcut"));
+
+        &align  (4);
+        &set_label("12loop");
+                &mov    ("eax",&DWP(0,"edi"));          # rk[0]
+                &mov    ("edx",&DWP(20,"edi"));         # rk[5]
+        &set_label("12shortcut");
+                &enckey ();
+
+                &mov    (&DWP(24,"edi"),"eax");         # rk[6]
+                &xor    ("eax",&DWP(4,"edi"));
+                &mov    (&DWP(28,"edi"),"eax");         # rk[7]
+                &xor    ("eax",&DWP(8,"edi"));
+                &mov    (&DWP(32,"edi"),"eax");         # rk[8]
+                &xor    ("eax",&DWP(12,"edi"));
+                &mov    (&DWP(36,"edi"),"eax");         # rk[9]
+
+                &cmp    ("ecx",7);
+                &je     (&label("12break"));
+                &inc    ("ecx");
+
+                &xor    ("eax",&DWP(16,"edi"));
+                &mov    (&DWP(40,"edi"),"eax");         # rk[10]
+                &xor    ("eax",&DWP(20,"edi"));
+                &mov    (&DWP(44,"edi"),"eax");         # rk[11]
+
+                &add    ("edi",24);
+        &jmp    (&label("12loop"));
+
+        &set_label("12break");
+        &mov    (&DWP(72,"edi"),12);            # setup number of rounds
+        &xor    ("eax","eax");
+        &jmp    (&label("exit"));
+
+    &set_label("14rounds");
+        &mov    ("eax",&DWP(0,"esi"));          # copy first 8 dwords
+        &mov    ("ebx",&DWP(4,"esi"));
+        &mov    ("ecx",&DWP(8,"esi"));
+        &mov    ("edx",&DWP(12,"esi"));
+        &mov    (&DWP(0,"edi"),"eax");
+        &mov    (&DWP(4,"edi"),"ebx");
+        &mov    (&DWP(8,"edi"),"ecx");
+        &mov    (&DWP(12,"edi"),"edx");
+        &mov    ("eax",&DWP(16,"esi"));
+        &mov    ("ebx",&DWP(20,"esi"));
+        &mov    ("ecx",&DWP(24,"esi"));
+        &mov    ("edx",&DWP(28,"esi"));
+        &mov    (&DWP(16,"edi"),"eax");
+        &mov    (&DWP(20,"edi"),"ebx");
+        &mov    (&DWP(24,"edi"),"ecx");
+        &mov    (&DWP(28,"edi"),"edx");
+
+        &xor    ("ecx","ecx");
+        &jmp    (&label("14shortcut"));
+
+        &align  (4);
+        &set_label("14loop");
+                &mov    ("edx",&DWP(28,"edi"));         # rk[7]
+        &set_label("14shortcut");
+                &mov    ("eax",&DWP(0,"edi"));          # rk[0]
+
+                &enckey ();
+
+                &mov    (&DWP(32,"edi"),"eax");         # rk[8]
+                &xor    ("eax",&DWP(4,"edi"));
+                &mov    (&DWP(36,"edi"),"eax");         # rk[9]
+                &xor    ("eax",&DWP(8,"edi"));
+                &mov    (&DWP(40,"edi"),"eax");         # rk[10]
+                &xor    ("eax",&DWP(12,"edi"));
+                &mov    (&DWP(44,"edi"),"eax");         # rk[11]
+
+                &cmp    ("ecx",6);
+                &je     (&label("14break"));
+                &inc    ("ecx");
+
+                &mov    ("edx","eax");
+                &mov    ("eax",&DWP(16,"edi"));         # rk[4]
+                &movz   ("esi",&LB("edx"));             # rk[11]>>0
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
+                &movz   ("esi",&HB("edx"));             # rk[11]>>8
+                &and    ("ebx",0x000000FF);
+                &xor    ("eax","ebx");
+
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
+                &shr    ("edx",16);
+                &and    ("ebx",0x0000FF00);
+                &movz   ("esi",&LB("edx"));             # rk[11]>>16
+                &xor    ("eax","ebx");
+
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
+                &movz   ("esi",&HB("edx"));             # rk[11]>>24
+                &and    ("ebx",0x00FF0000);
+                &xor    ("eax","ebx");
+
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
+                &and    ("ebx",0xFF000000);
+                &xor    ("eax","ebx");
+
+                &mov    (&DWP(48,"edi"),"eax");         # rk[12]
+                &xor    ("eax",&DWP(20,"edi"));
+                &mov    (&DWP(52,"edi"),"eax");         # rk[13]
+                &xor    ("eax",&DWP(24,"edi"));
+                &mov    (&DWP(56,"edi"),"eax");         # rk[14]
+                &xor    ("eax",&DWP(28,"edi"));
+                &mov    (&DWP(60,"edi"),"eax");         # rk[15]
+
+                &add    ("edi",32);
+        &jmp    (&label("14loop"));
+
+        &set_label("14break");
+        &mov    (&DWP(48,"edi"),14);            # setup number of rounds
+        &xor    ("eax","eax");
+        &jmp    (&label("exit"));
+
+    &set_label("badpointer");
+        &mov    ("eax",-1);
+    &set_label("exit");
+&function_end("AES_set_encrypt_key");
+
+sub deckey()
+{ my ($i,$ptr,$te4,$td) = @_;
+
+        &mov    ("eax",&DWP($i,$ptr));
+        &mov    ("edx","eax");
+        &movz   ("ebx",&HB("eax"));
+        &shr    ("edx",16);
+        &and    ("eax",0xFF);
+        &movz   ("eax",&BP(0,$te4,"eax",4));
+        &movz   ("ebx",&BP(0,$te4,"ebx",4));
+        &mov    ("eax",&DWP(1024*0,$td,"eax",4));
+        &xor    ("eax",&DWP(1024*1,$td,"ebx",4));
+        &movz   ("ebx",&HB("edx"));
+        &and    ("edx",0xFF);
+        &movz   ("edx",&BP(0,$te4,"edx",4));
+        &movz   ("ebx",&BP(0,$te4,"ebx",4));
+        &xor    ("eax",&DWP(1024*2,$td,"edx",4));
+        &xor    ("eax",&DWP(1024*3,$td,"ebx",4));
+        &mov    (&DWP($i,$ptr),"eax");
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+#                        AES_KEY *key)
+&public_label("AES_Td");
+&public_label("AES_Te");
+&function_begin_B("AES_set_decrypt_key");
+        &mov    ("eax",&wparam(0));
+        &mov    ("ecx",&wparam(1));
+        &mov    ("edx",&wparam(2));
+        &sub    ("esp",12);
+        &mov    (&DWP(0,"esp"),"eax");
+        &mov    (&DWP(4,"esp"),"ecx");
+        &mov    (&DWP(8,"esp"),"edx");
+        &call   ("AES_set_encrypt_key");
+        &add    ("esp",12);
+        &cmp    ("eax",0);
+        &je     (&label("proceed"));
+        &ret    ();
+
+    &set_label("proceed");
+        &push   ("ebp");
+        &push   ("ebx");
+        &push   ("esi");
+        &push   ("edi");
+
+        &mov    ("esi",&wparam(2));
+        &mov    ("ecx",&DWP(240,"esi"));        # pull number of rounds
+        &lea    ("ecx",&DWP(0,"","ecx",4));
+        &lea    ("edi",&DWP(0,"esi","ecx",4));  # pointer to last chunk
+
+        &align  (4);
+        &set_label("invert");                   # invert order of chunks
+                &mov    ("eax",&DWP(0,"esi"));
+                &mov    ("ebx",&DWP(4,"esi"));
+                &mov    ("ecx",&DWP(0,"edi"));
+                &mov    ("edx",&DWP(4,"edi"));
+                &mov    (&DWP(0,"edi"),"eax");
+                &mov    (&DWP(4,"edi"),"ebx");
+                &mov    (&DWP(0,"esi"),"ecx");
+                &mov    (&DWP(4,"esi"),"edx");
+                &mov    ("eax",&DWP(8,"esi"));
+                &mov    ("ebx",&DWP(12,"esi"));
+                &mov    ("ecx",&DWP(8,"edi"));
+                &mov    ("edx",&DWP(12,"edi"));
+                &mov    (&DWP(8,"edi"),"eax");
+                &mov    (&DWP(12,"edi"),"ebx");
+                &mov    (&DWP(8,"esi"),"ecx");
+                &mov    (&DWP(12,"esi"),"edx");
+                &add    ("esi",16);
+                &sub    ("edi",16);
+                &cmp    ("esi","edi");
+        &jne    (&label("invert"));
+
+        &call   (&label("pic_point"));
+        &set_label("pic_point");
+        blindpop("ebp");
+        &lea    ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &add    ("ebp",1024*4);                 # skip to Te4
+
+        &mov    ("esi",&wparam(2));
+        &mov    ("ecx",&DWP(240,"esi"));        # pull number of rounds
+        &dec    ("ecx");
+        &align  (4);
+        &set_label("permute");                  # permute the key schedule
+                &add    ("esi",16);
+                &deckey (0,"esi","ebp","edi");
+                &deckey (4,"esi","ebp","edi");
+                &deckey (8,"esi","ebp","edi");
+                &deckey (12,"esi","ebp","edi");
+                &dec    ("ecx");
+        &jnz    (&label("permute"));
+
+        &xor    ("eax","eax");                  # return success
+&function_end("AES_set_decrypt_key");
+
+&asm_finish();
diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl
new file mode 100644
index 0000000000..cb45194d48
--- /dev/null
+++ b/src/lib/libcrypto/asn1/Makefile.ssl
@@ -0,0 +1,1152 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        f_int.c f_string.c n_pkey.c \
+        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+        asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        f_int.o f_string.o n_pkey.o \
+        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+        asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bool.o: ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_d2i_fp.o: ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/aes.h
+a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_digest.o: ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_dup.o: ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_hdr.o: ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_meth.o: ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_set.o: ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/aes.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_time.o: ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_type.o: ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utf8.o: ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/aes.h
+a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h a_verify.c
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_lib.o: ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_moid.o: ../../e_os.h ../../include/openssl/aes.h
+asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_moid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+asn_moid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_moid.o: ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+evp_asn1.o: ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_enum.o: ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_int.o: ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+nsseq.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_enc.o: ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_fre.o: ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_new.o: ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_typ.o: ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_utl.o: ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/aes.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_name.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_sig.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_val.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_val.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
new file mode 100644
index 0000000000..b81bf4fc81
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -0,0 +1,222 @@
+/* crypto/asn1/a_bitstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{ return M_ASN1_BIT_STRING_set(x, d, len); }
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+        {
+        int ret,j,bits,len;
+        unsigned char *p,*d;
+
+        if (a == NULL) return(0);
+
+        len=a->length;
+
+        if (len > 0)
+                {
+                if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
+                        {
+                        bits=(int)a->flags&0x07;
+                        }
+                else
+                        {
+                        for ( ; len > 0; len--)
+                                {
+                                if (a->data[len-1]) break;
+                                }
+                        j=a->data[len-1];
+                        if      (j & 0x01) bits=0;
+                        else if (j & 0x02) bits=1;
+                        else if (j & 0x04) bits=2;
+                        else if (j & 0x08) bits=3;
+                        else if (j & 0x10) bits=4;
+                        else if (j & 0x20) bits=5;
+                        else if (j & 0x40) bits=6;
+                        else if (j & 0x80) bits=7;
+                        else bits=0; /* should not happen */
+                        }
+                }
+        else
+                bits=0;
+
+        ret=1+len;
+        if (pp == NULL) return(ret);
+
+        p= *pp;
+
+        *(p++)=(unsigned char)bits;
+        d=a->data;
+        memcpy(p,d,len);
+        p+=len;
+        if (len > 0) p[-1]&=(0xff<<bits);
+        *pp=p;
+        return(ret);
+        }
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
+             long len)
+        {
+        ASN1_BIT_STRING *ret=NULL;
+        unsigned char *p,*s;
+        int i;
+
+        if (len < 1)
+                {
+                i=ASN1_R_STRING_TOO_SHORT;
+                goto err;
+                }
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        i= *(p++);
+        /* We do this to preserve the settings.  If we modify
+         * the settings, via the _set_bit function, we will recalculate
+         * on output */
+        ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
+        ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+
+        if (len-- > 1) /* using one because of the bits left byte */
+                {
+                s=(unsigned char *)OPENSSL_malloc((int)len);
+                if (s == NULL)
+                        {
+                        i=ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                memcpy(s,p,(int)len);
+                s[len-1]&=(0xff<<i);
+                p+=len;
+                }
+        else
+                s=NULL;
+
+        ret->length=(int)len;
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->data=s;
+        ret->type=V_ASN1_BIT_STRING;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_BIT_STRING_free(ret);
+        return(NULL);
+        }
+
+/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+        {
+        int w,v,iv;
+        unsigned char *c;
+
+        w=n/8;
+        v=1<<(7-(n&0x07));
+        iv= ~v;
+        if (!value) v=0;
+
+        a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+
+        if (a == NULL) return(0);
+        if ((a->length < (w+1)) || (a->data == NULL))
+                {
+                if (!value) return(1); /* Don't need to set */
+                if (a->data == NULL)
+                        c=(unsigned char *)OPENSSL_malloc(w+1);
+                else
+                        c=(unsigned char *)OPENSSL_realloc_clean(a->data,
+                                                                 a->length,
+                                                                 w+1);
+                if (c == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
+                a->data=c;
+                a->length=w+1;
+        }
+        a->data[w]=((a->data[w])&iv)|v;
+        while ((a->length > 0) && (a->data[a->length-1] == 0))
+                a->length--;
+        return(1);
+        }
+
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+        {
+        int w,v;
+
+        w=n/8;
+        v=1<<(7-(n&0x07));
+        if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
+                return(0);
+        return((a->data[w]&v) != 0);
+        }
+
diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c
new file mode 100644
index 0000000000..24333ea4d5
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_bool.c
@@ -0,0 +1,114 @@
+/* crypto/asn1/a_bool.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
+        {
+        int r;
+        unsigned char *p;
+
+        r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
+        if (pp == NULL) return(r);
+        p= *pp;
+
+        ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
+        *(p++)= (unsigned char)a;
+        *pp=p;
+        return(r);
+        }
+
+int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
+        {
+        int ret= -1;
+        unsigned char *p;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != V_ASN1_BOOLEAN)
+                {
+                i=ASN1_R_EXPECTING_A_BOOLEAN;
+                goto err;
+                }
+
+        if (len != 1)
+                {
+                i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+                goto err;
+                }
+        ret= (int)*(p++);
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
+        return(ret);
+        }
+
+
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c
new file mode 100644
index 0000000000..2407f7c87a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_bytes.c
@@ -0,0 +1,312 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
+/* type is a 'bitmap' of acceptable string types.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
+             long length, int type)
+        {
+        ASN1_STRING *ret=NULL;
+        unsigned char *p,*s;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80) goto err;
+
+        if (tag >= 32)
+                {
+                i=ASN1_R_TAG_VALUE_TOO_HIGH;
+                goto err;
+                }
+        if (!(ASN1_tag2bit(tag) & type))
+                {
+                i=ASN1_R_WRONG_TYPE;
+                goto err;
+                }
+
+        /* If a bit-string, exit early */
+        if (tag == V_ASN1_BIT_STRING)
+                return(d2i_ASN1_BIT_STRING(a,pp,length));
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+
+        if (len != 0)
+                {
+                s=(unsigned char *)OPENSSL_malloc((int)len+1);
+                if (s == NULL)
+                        {
+                        i=ERR_R_MALLOC_FAILURE;
+                        goto err;
+                        }
+                memcpy(s,p,(int)len);
+                s[len]='\0';
+                p+=len;
+                }
+        else
+                s=NULL;
+
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->length=(int)len;
+        ret->data=s;
+        ret->type=tag;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_STRING_free(ret);
+        return(NULL);
+        }
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
+        {
+        int ret,r,constructed;
+        unsigned char *p;
+
+        if (a == NULL)  return(0);
+
+        if (tag == V_ASN1_BIT_STRING)
+                return(i2d_ASN1_BIT_STRING(a,pp));
+                
+        ret=a->length;
+        r=ASN1_object_size(0,ret,tag);
+        if (pp == NULL) return(r);
+        p= *pp;
+
+        if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+                constructed=1;
+        else
+                constructed=0;
+        ASN1_put_object(&p,constructed,ret,tag,xclass);
+        memcpy(p,a->data,a->length);
+        p+=a->length;
+        *pp= p;
+        return(r);
+        }
+
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
+             int Ptag, int Pclass)
+        {
+        ASN1_STRING *ret=NULL;
+        unsigned char *p,*s;
+        long len;
+        int inf,tag,xclass;
+        int i=0;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != Ptag)
+                {
+                i=ASN1_R_WRONG_TAG;
+                goto err;
+                }
+
+        if (inf & V_ASN1_CONSTRUCTED)
+                {
+                ASN1_CTX c;
+
+                c.pp=pp;
+                c.p=p;
+                c.inf=inf;
+                c.slen=len;
+                c.tag=Ptag;
+                c.xclass=Pclass;
+                c.max=(length == 0)?0:(p+length);
+                if (!asn1_collate_primitive(ret,&c)) 
+                        goto err; 
+                else
+                        {
+                        p=c.p;
+                        }
+                }
+        else
+                {
+                if (len != 0)
+                        {
+                        if ((ret->length < len) || (ret->data == NULL))
+                                {
+                                if (ret->data != NULL) OPENSSL_free(ret->data);
+                                s=(unsigned char *)OPENSSL_malloc((int)len + 1);
+                                if (s == NULL)
+                                        {
+                                        i=ERR_R_MALLOC_FAILURE;
+                                        goto err;
+                                        }
+                                }
+                        else
+                                s=ret->data;
+                        memcpy(s,p,(int)len);
+                        s[len] = '\0';
+                        p+=len;
+                        }
+                else
+                        {
+                        s=NULL;
+                        if (ret->data != NULL) OPENSSL_free(ret->data);
+                        }
+
+                ret->length=(int)len;
+                ret->data=s;
+                ret->type=Ptag;
+                }
+
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_STRING_free(ret);
+        ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
+        return(NULL);
+        }
+
+
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
+ * them into the one structure that is then returned */
+/* There have been a few bug fixes for this function from
+ * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
+        {
+        ASN1_STRING *os=NULL;
+        BUF_MEM b;
+        int num;
+
+        b.length=0;
+        b.max=0;
+        b.data=NULL;
+
+        if (a == NULL)
+                {
+                c->error=ERR_R_PASSED_NULL_PARAMETER;
+                goto err;
+                }
+
+        num=0;
+        for (;;)
+                {
+                if (c->inf & 1)
+                        {
+                        c->eos=ASN1_check_infinite_end(&c->p,
+                                (long)(c->max-c->p));
+                        if (c->eos) break;
+                        }
+                else
+                        {
+                        if (c->slen <= 0) break;
+                        }
+
+                c->q=c->p;
+                if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+                        == NULL)
+                        {
+                        c->error=ERR_R_ASN1_LIB;
+                        goto err;
+                        }
+
+                if (!BUF_MEM_grow_clean(&b,num+os->length))
+                        {
+                        c->error=ERR_R_BUF_LIB;
+                        goto err;
+                        }
+                memcpy(&(b.data[num]),os->data,os->length);
+                if (!(c->inf & 1))
+                        c->slen-=(c->p-c->q);
+                num+=os->length;
+                }
+
+        if (!asn1_Finish(c)) goto err;
+
+        a->length=num;
+        if (a->data != NULL) OPENSSL_free(a->data);
+        a->data=(unsigned char *)b.data;
+        if (os != NULL) ASN1_STRING_free(os);
+        return(1);
+err:
+        ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
+        if (os != NULL) ASN1_STRING_free(os);
+        if (b.data != NULL) OPENSSL_free(b.data);
+        return(0);
+        }
+
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
new file mode 100644
index 0000000000..b67b75e7c2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_d2i_fp.c
@@ -0,0 +1,262 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+#ifndef OPENSSL_NO_FP_API
+
+char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
+             unsigned char **x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+                }
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_d2i_bio(xnew,d2i,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
+             unsigned char **x)
+        {
+        BUF_MEM *b = NULL;
+        unsigned char *p;
+        char *ret=NULL;
+        int len;
+
+        len = asn1_d2i_read_bio(in, &b);
+        if(len < 0) goto err;
+
+        p=(unsigned char *)b->data;
+        ret=d2i(x,&p,len);
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+        {
+        BUF_MEM *b = NULL;
+        unsigned char *p;
+        void *ret=NULL;
+        int len;
+
+        len = asn1_d2i_read_bio(in, &b);
+        if(len < 0) goto err;
+
+        p=(unsigned char *)b->data;
+        ret=ASN1_item_d2i(x,&p,len, it);
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+                }
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_item_d2i_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+        {
+        BUF_MEM *b;
+        unsigned char *p;
+        int i;
+        int ret=-1;
+        ASN1_CTX c;
+        int want=HEADER_SIZE;
+        int eos=0;
+#if defined(__GNUC__) && defined(__ia64)
+        /* pathetic compiler bug in all known versions as of Nov. 2002 */
+        long off=0;
+#else
+        int off=0;
+#endif
+        int len=0;
+
+        b=BUF_MEM_new();
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+                return -1;
+                }
+
+        ERR_clear_error();
+        for (;;)
+                {
+                if (want >= (len-off))
+                        {
+                        want-=(len-off);
+
+                        if (!BUF_MEM_grow_clean(b,len+want))
+                                {
+                                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        i=BIO_read(in,&(b->data[len]),want);
+                        if ((i < 0) && ((len-off) == 0))
+                                {
+                                ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+                                goto err;
+                                }
+                        if (i > 0)
+                                len+=i;
+                        }
+                /* else data already loaded */
+
+                p=(unsigned char *)&(b->data[off]);
+                c.p=p;
+                c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
+                        len-off);
+                if (c.inf & 0x80)
+                        {
+                        unsigned long e;
+
+                        e=ERR_GET_REASON(ERR_peek_error());
+                        if (e != ASN1_R_TOO_LONG)
+                                goto err;
+                        else
+                                ERR_get_error(); /* clear error */
+                        }
+                i=c.p-p;/* header length */
+                off+=i; /* end of data */
+
+                if (c.inf & 1)
+                        {
+                        /* no data body so go round again */
+                        eos++;
+                        want=HEADER_SIZE;
+                        }
+                else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+                        {
+                        /* eos value, so go back and read another header */
+                        eos--;
+                        if (eos <= 0)
+                                break;
+                        else
+                                want=HEADER_SIZE;
+                        }
+                else 
+                        {
+                        /* suck in c.slen bytes of data */
+                        want=(int)c.slen;
+                        if (want > (len-off))
+                                {
+                                want-=(len-off);
+                                if (!BUF_MEM_grow_clean(b,len+want))
+                                        {
+                                        ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                while (want > 0)
+                                        {
+                                        i=BIO_read(in,&(b->data[len]),want);
+                                        if (i <= 0)
+                                                {
+                                                ASN1err(ASN1_F_ASN1_D2I_BIO,
+                                                    ASN1_R_NOT_ENOUGH_DATA);
+                                                goto err;
+                                                }
+                                        len+=i;
+                                        want -= i;
+                                        }
+                                }
+                        off+=(int)c.slen;
+                        if (eos <= 0)
+                                {
+                                break;
+                                }
+                        else
+                                want=HEADER_SIZE;
+                        }
+                }
+
+        *pb = b;
+        return off;
+err:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c
new file mode 100644
index 0000000000..7182e9fa5d
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_digest.c
@@ -0,0 +1,111 @@
+/* crypto/asn1/a_digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len)
+        {
+        int i;
+        unsigned char *str,*p;
+
+        i=i2d(data,NULL);
+        if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        p=str;
+        i2d(data,&p);
+
+        EVP_Digest(str, i, md, len, type, NULL);
+        OPENSSL_free(str);
+        return(1);
+        }
+
+#endif
+
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+                unsigned char *md, unsigned int *len)
+        {
+        int i;
+        unsigned char *str = NULL;
+
+        i=ASN1_item_i2d(asn,&str, it);
+        if (!str) return(0);
+
+        EVP_Digest(str, i, md, len, type, NULL);
+        OPENSSL_free(str);
+        return(1);
+        }
+
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
new file mode 100644
index 0000000000..58a017884c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_dup.c
@@ -0,0 +1,107 @@
+/* crypto/asn1/a_dup.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
+        {
+        unsigned char *b,*p;
+        long i;
+        char *ret;
+
+        if (x == NULL) return(NULL);
+
+        i=(long)i2d(x,NULL);
+        b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+        if (b == NULL)
+                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+        p= b;
+        i=i2d(x,&p);
+        p= b;
+        ret=d2i(NULL,&p,i);
+        OPENSSL_free(b);
+        return(ret);
+        }
+
+#endif
+
+/* ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+        {
+        unsigned char *b = NULL, *p;
+        long i;
+        void *ret;
+
+        if (x == NULL) return(NULL);
+
+        i=ASN1_item_i2d(x,&b,it);
+        if (b == NULL)
+                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+        p= b;
+        ret=ASN1_item_d2i(NULL,&p,i, it);
+        OPENSSL_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c
new file mode 100644
index 0000000000..03ede68d1c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_enum.c
@@ -0,0 +1,180 @@
+/* crypto/asn1/a_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+/* 
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
+ */
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+        {
+        int i,j,k;
+        unsigned char buf[sizeof(long)+1];
+        long d;
+
+        a->type=V_ASN1_ENUMERATED;
+        if (a->length < (sizeof(long)+1))
+                {
+                if (a->data != NULL)
+                        OPENSSL_free(a->data);
+                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+                        memset((char *)a->data,0,sizeof(long)+1);
+                }
+        if (a->data == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        d=v;
+        if (d < 0)
+                {
+                d= -d;
+                a->type=V_ASN1_NEG_ENUMERATED;
+                }
+
+        for (i=0; i<sizeof(long); i++)
+                {
+                if (d == 0) break;
+                buf[i]=(int)d&0xff;
+                d>>=8;
+                }
+        j=0;
+        for (k=i-1; k >=0; k--)
+                a->data[j++]=buf[k];
+        a->length=j;
+        return(1);
+        }
+
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+        {
+        int neg=0,i;
+        long r=0;
+
+        if (a == NULL) return(0L);
+        i=a->type;
+        if (i == V_ASN1_NEG_ENUMERATED)
+                neg=1;
+        else if (i != V_ASN1_ENUMERATED)
+                return -1;
+        
+        if (a->length > sizeof(long))
+                {
+                /* hmm... a bit ugly */
+                return(0xffffffffL);
+                }
+        if (a->data == NULL)
+                return 0;
+
+        for (i=0; i<a->length; i++)
+                {
+                r<<=8;
+                r|=(unsigned char)a->data[i];
+                }
+        if (neg) r= -r;
+        return(r);
+        }
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+        {
+        ASN1_ENUMERATED *ret;
+        int len,j;
+
+        if (ai == NULL)
+                ret=M_ASN1_ENUMERATED_new();
+        else
+                ret=ai;
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+                }
+        if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
+        else ret->type=V_ASN1_ENUMERATED;
+        j=BN_num_bits(bn);
+        len=((j == 0)?0:((j/8)+1));
+        if (ret->length < len+4)
+                {
+                unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+                if (!new_data)
+                        {
+                        ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                ret->data=new_data;
+                }
+
+        ret->length=BN_bn2bin(bn,ret->data);
+        return(ret);
+err:
+        if (ret != ai) M_ASN1_ENUMERATED_free(ret);
+        return(NULL);
+        }
+
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+        {
+        BIGNUM *ret;
+
+        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+                ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
+        else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c
new file mode 100644
index 0000000000..f4f1b73ebe
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_i2d_fp.c
@@ -0,0 +1,163 @@
+/* crypto/asn1/a_i2d_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_i2d_bio(i2d,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
+        {
+        char *b;
+        unsigned char *p;
+        int i,j=0,n,ret=1;
+
+        n=i2d(x,NULL);
+        b=(char *)OPENSSL_malloc(n);
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        p=(unsigned char *)b;
+        i2d(x,&p);
+        
+        for (;;)
+                {
+                i=BIO_write(out,&(b[j]),n);
+                if (i == n) break;
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                j+=i;
+                n-=i;
+                }
+        OPENSSL_free(b);
+        return(ret);
+        }
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_item_i2d_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+        {
+        unsigned char *b = NULL;
+        int i,j=0,n,ret=1;
+
+        n = ASN1_item_i2d(x, &b, it);
+        if (b == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        for (;;)
+                {
+                i=BIO_write(out,&(b[j]),n);
+                if (i == n) break;
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                j+=i;
+                n-=i;
+                }
+        OPENSSL_free(b);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
new file mode 100644
index 0000000000..21cc64bb23
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -0,0 +1,453 @@
+/* crypto/asn1/a_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+{ return M_ASN1_INTEGER_dup(x);}
+
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+        { 
+        int neg, ret;
+        /* Compare signs */
+        neg = x->type & V_ASN1_NEG;
+        if (neg != (y->type & V_ASN1_NEG))
+                {
+                if (neg)
+                        return -1;
+                else
+                        return 1;
+                }
+
+        ret = ASN1_STRING_cmp(x, y);
+
+        if (neg)
+                return -ret;
+        else
+                return ret;
+        }
+        
+
+/* 
+ * This converts an ASN1 INTEGER into its content encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally 
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing 
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+        {
+        int pad=0,ret,i,neg;
+        unsigned char *p,*n,pb=0;
+
+        if ((a == NULL) || (a->data == NULL)) return(0);
+        neg=a->type & V_ASN1_NEG;
+        if (a->length == 0)
+                ret=1;
+        else
+                {
+                ret=a->length;
+                i=a->data[0];
+                if (!neg && (i > 127)) {
+                        pad=1;
+                        pb=0;
+                } else if(neg) {
+                        if(i>128) {
+                                pad=1;
+                                pb=0xFF;
+                        } else if(i == 128) {
+                        /*
+                         * Special case: if any other bytes non zero we pad:
+                         * otherwise we don't.
+                         */
+                                for(i = 1; i < a->length; i++) if(a->data[i]) {
+                                                pad=1;
+                                                pb=0xFF;
+                                                break;
+                                }
+                        }
+                }
+                ret+=pad;
+                }
+        if (pp == NULL) return(ret);
+        p= *pp;
+
+        if (pad) *(p++)=pb;
+        if (a->length == 0) *(p++)=0;
+        else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
+        else {
+                /* Begin at the end of the encoding */
+                n=a->data + a->length - 1;
+                p += a->length - 1;
+                i = a->length;
+                /* Copy zeros to destination as long as source is zero */
+                while(!*n) {
+                        *(p--) = 0;
+                        n--;
+                        i--;
+                }
+                /* Complement and increment next octet */
+                *(p--) = ((*(n--)) ^ 0xff) + 1;
+                i--;
+                /* Complement any octets left */
+                for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+        }
+
+        *pp+=ret;
+        return(ret);
+        }
+
+/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
+             long len)
+        {
+        ASN1_INTEGER *ret=NULL;
+        unsigned char *p,*to,*s, *pend;
+        int i;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+                ret->type=V_ASN1_INTEGER;
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        pend = p + len;
+
+        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+         * signifies a missing NULL parameter. */
+        s=(unsigned char *)OPENSSL_malloc((int)len+1);
+        if (s == NULL)
+                {
+                i=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        to=s;
+        if(!len) {
+                /* Strictly speaking this is an illegal INTEGER but we
+                 * tolerate it.
+                 */
+                ret->type=V_ASN1_INTEGER;
+        } else if (*p & 0x80) /* a negative number */
+                {
+                ret->type=V_ASN1_NEG_INTEGER;
+                if ((*p == 0xff) && (len != 1)) {
+                        p++;
+                        len--;
+                }
+                i = len;
+                p += i - 1;
+                to += i - 1;
+                while((!*p) && i) {
+                        *(to--) = 0;
+                        i--;
+                        p--;
+                }
+                /* Special case: if all zeros then the number will be of
+                 * the form FF followed by n zero bytes: this corresponds to
+                 * 1 followed by n zero bytes. We've already written n zeros
+                 * so we just append an extra one and set the first byte to
+                 * a 1. This is treated separately because it is the only case
+                 * where the number of bytes is larger than len.
+                 */
+                if(!i) {
+                        *s = 1;
+                        s[len] = 0;
+                        len++;
+                } else {
+                        *(to--) = (*(p--) ^ 0xff) + 1;
+                        i--;
+                        for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+                }
+        } else {
+                ret->type=V_ASN1_INTEGER;
+                if ((*p == 0) && (len != 1))
+                        {
+                        p++;
+                        len--;
+                        }
+                memcpy(s,p,(int)len);
+        }
+
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->data=s;
+        ret->length=(int)len;
+        if (a != NULL) (*a)=ret;
+        *pp=pend;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+
+
+/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
+ * ASN1 integers: some broken software can encode a positive INTEGER
+ * with its MSB set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
+             long length)
+        {
+        ASN1_INTEGER *ret=NULL;
+        unsigned char *p,*to,*s;
+        long len;
+        int inf,tag,xclass;
+        int i;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+                ret->type=V_ASN1_INTEGER;
+                }
+        else
+                ret=(*a);
+
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != V_ASN1_INTEGER)
+                {
+                i=ASN1_R_EXPECTING_AN_INTEGER;
+                goto err;
+                }
+
+        /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+         * signifies a missing NULL parameter. */
+        s=(unsigned char *)OPENSSL_malloc((int)len+1);
+        if (s == NULL)
+                {
+                i=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+        to=s;
+        ret->type=V_ASN1_INTEGER;
+        if(len) {
+                if ((*p == 0) && (len != 1))
+                        {
+                        p++;
+                        len--;
+                        }
+                memcpy(s,p,(int)len);
+                p+=len;
+        }
+
+        if (ret->data != NULL) OPENSSL_free(ret->data);
+        ret->data=s;
+        ret->length=(int)len;
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+        {
+        int i,j,k;
+        unsigned char buf[sizeof(long)+1];
+        long d;
+
+        a->type=V_ASN1_INTEGER;
+        if (a->length < (sizeof(long)+1))
+                {
+                if (a->data != NULL)
+                        OPENSSL_free(a->data);
+                if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+                        memset((char *)a->data,0,sizeof(long)+1);
+                }
+        if (a->data == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        d=v;
+        if (d < 0)
+                {
+                d= -d;
+                a->type=V_ASN1_NEG_INTEGER;
+                }
+
+        for (i=0; i<sizeof(long); i++)
+                {
+                if (d == 0) break;
+                buf[i]=(int)d&0xff;
+                d>>=8;
+                }
+        j=0;
+        for (k=i-1; k >=0; k--)
+                a->data[j++]=buf[k];
+        a->length=j;
+        return(1);
+        }
+
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
+        {
+        int neg=0,i;
+        long r=0;
+
+        if (a == NULL) return(0L);
+        i=a->type;
+        if (i == V_ASN1_NEG_INTEGER)
+                neg=1;
+        else if (i != V_ASN1_INTEGER)
+                return -1;
+        
+        if (a->length > sizeof(long))
+                {
+                /* hmm... a bit ugly */
+                return(0xffffffffL);
+                }
+        if (a->data == NULL)
+                return 0;
+
+        for (i=0; i<a->length; i++)
+                {
+                r<<=8;
+                r|=(unsigned char)a->data[i];
+                }
+        if (neg) r= -r;
+        return(r);
+        }
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+        {
+        ASN1_INTEGER *ret;
+        int len,j;
+
+        if (ai == NULL)
+                ret=M_ASN1_INTEGER_new();
+        else
+                ret=ai;
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+                }
+        if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
+        else ret->type=V_ASN1_INTEGER;
+        j=BN_num_bits(bn);
+        len=((j == 0)?0:((j/8)+1));
+        if (ret->length < len+4)
+                {
+                unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+                if (!new_data)
+                        {
+                        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                ret->data=new_data;
+                }
+        ret->length=BN_bn2bin(bn,ret->data);
+        /* Correct zero case */
+        if(!ret->length)
+                {
+                ret->data[0] = 0;
+                ret->length = 1;
+                }
+        return(ret);
+err:
+        if (ret != ai) M_ASN1_INTEGER_free(ret);
+        return(NULL);
+        }
+
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+        {
+        BIGNUM *ret;
+
+        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+                ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+        else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
+        return(ret);
+        }
+
+IMPLEMENT_STACK_OF(ASN1_INTEGER)
+IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
new file mode 100644
index 0000000000..208b3ec395
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -0,0 +1,400 @@
+/* a_mbstr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                 int (*rfunc)(unsigned long value, void *in), void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+static int is_printable(unsigned long value);
+
+/* These functions take a string in UTF8, ASCII or multibyte form and
+ * a mask of permissible ASN1 string types. It then works out the minimal
+ * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data.
+ * Yes this is horrible: it has to be :-(
+ * The 'ncopy' form checks minimum and maximum size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask)
+{
+        return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask, 
+                                        long minsize, long maxsize)
+{
+        int str_type;
+        int ret;
+        char free_out;
+        int outform, outlen;
+        ASN1_STRING *dest;
+        unsigned char *p;
+        int nchar;
+        char strbuf[32];
+        int (*cpyfunc)(unsigned long,void *) = NULL;
+        if(len == -1) len = strlen((const char *)in);
+        if(!mask) mask = DIRSTRING_TYPE;
+
+        /* First do a string check and work out the number of characters */
+        switch(inform) {
+
+                case MBSTRING_BMP:
+                if(len & 1) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+                                         ASN1_R_INVALID_BMPSTRING_LENGTH);
+                        return -1;
+                }
+                nchar = len >> 1;
+                break;
+
+                case MBSTRING_UNIV:
+                if(len & 3) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+                                         ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+                        return -1;
+                }
+                nchar = len >> 2;
+                break;
+
+                case MBSTRING_UTF8:
+                nchar = 0;
+                /* This counts the characters and does utf8 syntax checking */
+                ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+                if(ret < 0) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+                                                 ASN1_R_INVALID_UTF8STRING);
+                        return -1;
+                }
+                break;
+
+                case MBSTRING_ASC:
+                nchar = len;
+                break;
+
+                default:
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);
+                return -1;
+        }
+
+        if((minsize > 0) && (nchar < minsize)) {
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
+                BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+                ERR_add_error_data(2, "minsize=", strbuf);
+                return -1;
+        }
+
+        if((maxsize > 0) && (nchar > maxsize)) {
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
+                BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+                ERR_add_error_data(2, "maxsize=", strbuf);
+                return -1;
+        }
+
+        /* Now work out minimal type (if any) */
+        if(traverse_string(in, len, inform, type_str, &mask) < 0) {
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS);
+                return -1;
+        }
+
+
+        /* Now work out output format and string type */
+        outform = MBSTRING_ASC;
+        if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
+        else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
+        else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
+        else if(mask & B_ASN1_BMPSTRING) {
+                str_type = V_ASN1_BMPSTRING;
+                outform = MBSTRING_BMP;
+        } else if(mask & B_ASN1_UNIVERSALSTRING) {
+                str_type = V_ASN1_UNIVERSALSTRING;
+                outform = MBSTRING_UNIV;
+        } else {
+                str_type = V_ASN1_UTF8STRING;
+                outform = MBSTRING_UTF8;
+        }
+        if(!out) return str_type;
+        if(*out) {
+                free_out = 0;
+                dest = *out;
+                if(dest->data) {
+                        dest->length = 0;
+                        OPENSSL_free(dest->data);
+                        dest->data = NULL;
+                }
+                dest->type = str_type;
+        } else {
+                free_out = 1;
+                dest = ASN1_STRING_type_new(str_type);
+                if(!dest) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+                                                        ERR_R_MALLOC_FAILURE);
+                        return -1;
+                }
+                *out = dest;
+        }
+        /* If both the same type just copy across */
+        if(inform == outform) {
+                if(!ASN1_STRING_set(dest, in, len)) {
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                }
+                return str_type;
+        } 
+
+        /* Work out how much space the destination will need */
+        switch(outform) {
+                case MBSTRING_ASC:
+                outlen = nchar;
+                cpyfunc = cpy_asc;
+                break;
+
+                case MBSTRING_BMP:
+                outlen = nchar << 1;
+                cpyfunc = cpy_bmp;
+                break;
+
+                case MBSTRING_UNIV:
+                outlen = nchar << 2;
+                cpyfunc = cpy_univ;
+                break;
+
+                case MBSTRING_UTF8:
+                outlen = 0;
+                traverse_string(in, len, inform, out_utf8, &outlen);
+                cpyfunc = cpy_utf8;
+                break;
+        }
+        if(!(p = OPENSSL_malloc(outlen + 1))) {
+                if(free_out) ASN1_STRING_free(dest);
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
+                return -1;
+        }
+        dest->length = outlen;
+        dest->data = p;
+        p[outlen] = 0;
+        traverse_string(in, len, inform, cpyfunc, &p);
+        return str_type;        
+}
+
+/* This function traverses a string and passes the value of each character
+ * to an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                 int (*rfunc)(unsigned long value, void *in), void *arg)
+{
+        unsigned long value;
+        int ret;
+        while(len) {
+                if(inform == MBSTRING_ASC) {
+                        value = *p++;
+                        len--;
+                } else if(inform == MBSTRING_BMP) {
+                        value = *p++ << 8;
+                        value |= *p++;
+                        len -= 2;
+                } else if(inform == MBSTRING_UNIV) {
+                        value = ((unsigned long)*p++) << 24;
+                        value |= ((unsigned long)*p++) << 16;
+                        value |= *p++ << 8;
+                        value |= *p++;
+                        len -= 4;
+                } else {
+                        ret = UTF8_getc(p, len, &value);
+                        if(ret < 0) return -1;
+                        len -= ret;
+                        p += ret;
+                }
+                if(rfunc) {
+                        ret = rfunc(value, arg);
+                        if(ret <= 0) return ret;
+                }
+        }
+        return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+        int *nchar;
+        nchar = arg;
+        (*nchar)++;
+        return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+        int *outlen;
+        outlen = arg;
+        *outlen += UTF8_putc(NULL, -1, value);
+        return 1;
+}
+
+/* Determine the "type" of a string: check each character against a
+ * supplied "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+        unsigned long types;
+        types = *((unsigned long *)arg);
+        if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+                                        types &= ~B_ASN1_PRINTABLESTRING;
+        if((types & B_ASN1_IA5STRING) && (value > 127))
+                                        types &= ~B_ASN1_IA5STRING;
+        if((types & B_ASN1_T61STRING) && (value > 0xff))
+                                        types &= ~B_ASN1_T61STRING;
+        if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+                                        types &= ~B_ASN1_BMPSTRING;
+        if(!types) return -1;
+        *((unsigned long *)arg) = types;
+        return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+        unsigned char **p, *q;
+        p = arg;
+        q = *p;
+        *q = (unsigned char) value;
+        (*p)++;
+        return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+        unsigned char **p, *q;
+        p = arg;
+        q = *p;
+        *q++ = (unsigned char) ((value >> 8) & 0xff);
+        *q = (unsigned char) (value & 0xff);
+        *p += 2;
+        return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+        unsigned char **p, *q;
+        p = arg;
+        q = *p;
+        *q++ = (unsigned char) ((value >> 24) & 0xff);
+        *q++ = (unsigned char) ((value >> 16) & 0xff);
+        *q++ = (unsigned char) ((value >> 8) & 0xff);
+        *q = (unsigned char) (value & 0xff);
+        *p += 4;
+        return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+        unsigned char **p;
+        int ret;
+        p = arg;
+        /* We already know there is enough room so pass 0xff as the length */
+        ret = UTF8_putc(*p, 0xff, value);
+        *p += ret;
+        return 1;
+}
+
+/* Return 1 if the character is permitted in a PrintableString */
+static int is_printable(unsigned long value)
+{
+        int ch;
+        if(value > 0x7f) return 0;
+        ch = (int) value;
+        /* Note: we can't use 'isalnum' because certain accented 
+         * characters may count as alphanumeric in some environments.
+         */
+#ifndef CHARSET_EBCDIC
+        if((ch >= 'a') && (ch <= 'z')) return 1;
+        if((ch >= 'A') && (ch <= 'Z')) return 1;
+        if((ch >= '0') && (ch <= '9')) return 1;
+        if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
+#else /*CHARSET_EBCDIC*/
+        if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
+        if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
+        if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
+        if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
+#endif /*CHARSET_EBCDIC*/
+        return 0;
+}
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
new file mode 100644
index 0000000000..0a8e6c287c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -0,0 +1,320 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+        {
+        unsigned char *p;
+        int objsize;
+
+        if ((a == NULL) || (a->data == NULL)) return(0);
+
+        objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
+        if (pp == NULL) return objsize;
+
+        p= *pp;
+        ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+        memcpy(p,a->data,a->length);
+        p+=a->length;
+
+        *pp=p;
+        return(objsize);
+        }
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+        {
+        int i,first,len=0,c;
+        char tmp[24];
+        const char *p;
+        unsigned long l;
+
+        if (num == 0)
+                return(0);
+        else if (num == -1)
+                num=strlen(buf);
+
+        p=buf;
+        c= *(p++);
+        num--;
+        if ((c >= '0') && (c <= '2'))
+                {
+                first=(c-'0')*40;
+                }
+        else
+                {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
+                goto err;
+                }
+
+        if (num <= 0)
+                {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
+                goto err;
+                }
+        c= *(p++);
+        num--;
+        for (;;)
+                {
+                if (num <= 0) break;
+                if ((c != '.') && (c != ' '))
+                        {
+                        ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
+                        goto err;
+                        }
+                l=0;
+                for (;;)
+                        {
+                        if (num <= 0) break;
+                        num--;
+                        c= *(p++);
+                        if ((c == ' ') || (c == '.'))
+                                break;
+                        if ((c < '0') || (c > '9'))
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
+                                goto err;
+                                }
+                        l=l*10L+(long)(c-'0');
+                        }
+                if (len == 0)
+                        {
+                        if ((first < 2) && (l >= 40))
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                                goto err;
+                                }
+                        l+=(long)first;
+                        }
+                i=0;
+                for (;;)
+                        {
+                        tmp[i++]=(unsigned char)l&0x7f;
+                        l>>=7L;
+                        if (l == 0L) break;
+                        }
+                if (out != NULL)
+                        {
+                        if (len+i > olen)
+                                {
+                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
+                                goto err;
+                                }
+                        while (--i > 0)
+                                out[len++]=tmp[i]|0x80;
+                        out[len++]=tmp[0];
+                        }
+                else
+                        len+=i;
+                }
+        return(len);
+err:
+        return(0);
+        }
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+        return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+        {
+        char buf[80];
+        int i;
+
+        if ((a == NULL) || (a->data == NULL))
+                return(BIO_write(bp,"NULL",4));
+        i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+        if (i > sizeof buf) i=sizeof buf;
+        BIO_write(bp,buf,i);
+        return(i);
+        }
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+             long length)
+{
+        unsigned char *p;
+        long len;
+        int tag,xclass;
+        int inf,i;
+        ASN1_OBJECT *ret = NULL;
+        p= *pp;
+        inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
+        if (inf & 0x80)
+                {
+                i=ASN1_R_BAD_OBJECT_HEADER;
+                goto err;
+                }
+
+        if (tag != V_ASN1_OBJECT)
+                {
+                i=ASN1_R_EXPECTING_AN_OBJECT;
+                goto err;
+                }
+        ret = c2i_ASN1_OBJECT(a, &p, len);
+        if(ret) *pp = p;
+        return ret;
+err:
+        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_OBJECT_free(ret);
+        return(NULL);
+}
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+             long len)
+        {
+        ASN1_OBJECT *ret=NULL;
+        unsigned char *p;
+        int i;
+
+        /* only the ASN1_OBJECTs from the 'table' will have values
+         * for ->sn or ->ln */
+        if ((a == NULL) || ((*a) == NULL) ||
+                !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+                {
+                if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+                }
+        else    ret=(*a);
+
+        p= *pp;
+        if ((ret->data == NULL) || (ret->length < len))
+                {
+                if (ret->data != NULL) OPENSSL_free(ret->data);
+                ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
+                ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+                if (ret->data == NULL)
+                        { i=ERR_R_MALLOC_FAILURE; goto err; }
+                }
+        memcpy(ret->data,p,(int)len);
+        ret->length=(int)len;
+        ret->sn=NULL;
+        ret->ln=NULL;
+        /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+        p+=len;
+
+        if (a != NULL) (*a)=ret;
+        *pp=p;
+        return(ret);
+err:
+        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                ASN1_OBJECT_free(ret);
+        return(NULL);
+        }
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+        {
+        ASN1_OBJECT *ret;
+
+        ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->data=NULL;
+        ret->nid=0;
+        ret->sn=NULL;
+        ret->ln=NULL;
+        ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
+        return(ret);
+        }
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+        {
+        if (a == NULL) return;
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
+                {
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
+                if (a->sn != NULL) OPENSSL_free((void *)a->sn);
+                if (a->ln != NULL) OPENSSL_free((void *)a->ln);
+#endif
+                a->sn=a->ln=NULL;
+                }
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
+                {
+                if (a->data != NULL) OPENSSL_free(a->data);
+                a->data=NULL;
+                a->length=0;
+                }
+        if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+                OPENSSL_free(a);
+        }
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+             const char *sn, const char *ln)
+        {
+        ASN1_OBJECT o;
+
+        o.sn=sn;
+        o.ln=ln;
+        o.data=data;
+        o.nid=nid;
+        o.length=len;
+        o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+                ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+        return(OBJ_dup(&o));
+        }
+
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
new file mode 100644
index 0000000000..9690bae0f1
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_octet.c
@@ -0,0 +1,71 @@
+/* crypto/asn1/a_octet.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+{ return M_ASN1_OCTET_STRING_dup(x); }
+
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+{ return M_ASN1_OCTET_STRING_cmp(a, b); }
+
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
+{ return M_ASN1_OCTET_STRING_set(x, d, len); }
+
diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c
new file mode 100644
index 0000000000..d18e772320
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_print.c
@@ -0,0 +1,127 @@
+/* crypto/asn1/a_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+        {
+        int c;
+        int ia5=0;
+        int t61=0;
+
+        if (len <= 0) len= -1;
+        if (s == NULL) return(V_ASN1_PRINTABLESTRING);
+
+        while ((*s) && (len-- != 0))
+                {
+                c= *(s++);
+#ifndef CHARSET_EBCDIC
+                if (!(  ((c >= 'a') && (c <= 'z')) ||
+                        ((c >= 'A') && (c <= 'Z')) ||
+                        (c == ' ') ||
+                        ((c >= '0') && (c <= '9')) ||
+                        (c == ' ') || (c == '\'') ||
+                        (c == '(') || (c == ')') ||
+                        (c == '+') || (c == ',') ||
+                        (c == '-') || (c == '.') ||
+                        (c == '/') || (c == ':') ||
+                        (c == '=') || (c == '?')))
+                        ia5=1;
+                if (c&0x80)
+                        t61=1;
+#else
+                if (!isalnum(c) && (c != ' ') &&
+                    strchr("'()+,-./:=?", c) == NULL)
+                        ia5=1;
+                if (os_toascii[c] & 0x80)
+                        t61=1;
+#endif
+                }
+        if (t61) return(V_ASN1_T61STRING);
+        if (ia5) return(V_ASN1_IA5STRING);
+        return(V_ASN1_PRINTABLESTRING);
+        }
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+        {
+        int i;
+        unsigned char *p;
+
+        if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
+        if ((s->length%4) != 0) return(0);
+        p=s->data;
+        for (i=0; i<s->length; i+=4)
+                {
+                if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+                        break;
+                else
+                        p+=4;
+                }
+        if (i < s->length) return(0);
+        p=s->data;
+        for (i=3; i<s->length; i+=4)
+                {
+                *(p++)=s->data[i];
+                }
+        *(p)='\0';
+        s->length/=4;
+        s->type=ASN1_PRINTABLE_type(s->data,s->length);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
new file mode 100644
index 0000000000..e24061c545
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -0,0 +1,235 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_ASN1_OLD
+
+typedef struct
+    {
+    unsigned char *pbData;
+    int cbData;
+    } MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
+ */
+static int SetBlobCmp(const void *elem1, const void *elem2 )
+    {
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
+    int r;
+
+    r = memcmp(b1->pbData, b2->pbData,
+               b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+    if(r != 0)
+        return r;
+    return b1->cbData-b2->cbData;
+    }
+
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
+             int ex_class, int is_set)
+        {
+        int ret=0,r;
+        int i;
+        unsigned char *p;
+        unsigned char *pStart, *pTempMem;
+        MYBLOB *rgSetBlob;
+        int totSize;
+
+        if (a == NULL) return(0);
+        for (i=sk_num(a)-1; i>=0; i--)
+                ret+=func(sk_value(a,i),NULL);
+        r=ASN1_object_size(1,ret,ex_tag);
+        if (pp == NULL) return(r);
+
+        p= *pp;
+        ASN1_put_object(&p,1,ret,ex_tag,ex_class);
+
+/* Modified by gp@nsj.co.jp */
+        /* And then again by Ben */
+        /* And again by Steve */
+
+        if(!is_set || (sk_num(a) < 2))
+                {
+                for (i=0; i<sk_num(a); i++)
+                        func(sk_value(a,i),&p);
+
+                *pp=p;
+                return(r);
+                }
+
+        pStart  = p; /* Catch the beg of Setblobs*/
+                /* In this array we will store the SET blobs */
+                rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+                if (rgSetBlob == NULL)
+                        {
+                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+
+        for (i=0; i<sk_num(a); i++)
+                {
+                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
+                func(sk_value(a,i),&p);
+                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+SetBlob
+*/
+                }
+        *pp=p;
+        totSize = p - pStart; /* This is the total size of all set blobs */
+
+ /* Now we have to sort the blobs. I am using a simple algo.
+    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+                if (!(pTempMem = OPENSSL_malloc(totSize)))
+                        {
+                        ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+
+/* Copy to temp mem */
+        p = pTempMem;
+        for(i=0; i<sk_num(a); ++i)
+                {
+                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+                p += rgSetBlob[i].cbData;
+                }
+
+/* Copy back to user mem*/
+        memcpy(pStart, pTempMem, totSize);
+        OPENSSL_free(pTempMem);
+        OPENSSL_free(rgSetBlob);
+
+        return(r);
+        }
+
+STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+             char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
+        {
+        ASN1_CTX c;
+        STACK *ret=NULL;
+
+        if ((a == NULL) || ((*a) == NULL))
+                {
+                if ((ret=sk_new_null()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                ret=(*a);
+
+        c.p= *pp;
+        c.max=(length == 0)?0:(c.p+length);
+
+        c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
+        if (c.inf & 0x80) goto err;
+        if (ex_class != c.xclass)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
+                goto err;
+                }
+        if (ex_tag != c.tag)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
+                goto err;
+                }
+        if ((c.slen+c.p) > c.max)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
+                goto err;
+                }
+        /* check for infinite constructed - it can be as long
+         * as the amount of data passed to us */
+        if (c.inf == (V_ASN1_CONSTRUCTED+1))
+                c.slen=length+ *pp-c.p;
+        c.max=c.p+c.slen;
+
+        while (c.p < c.max)
+                {
+                char *s;
+
+                if (M_ASN1_D2I_end_sequence()) break;
+                if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
+                        asn1_add_error(*pp,(int)(c.q- *pp));
+                        goto err;
+                        }
+                if (!sk_push(ret,s)) goto err;
+                }
+        if (a != NULL) (*a)=ret;
+        *pp=c.p;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                {
+                if (free_func != NULL)
+                        sk_pop_free(ret,free_func);
+                else
+                        sk_free(ret);
+                }
+        return(NULL);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
new file mode 100644
index 0000000000..52ce7e3974
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -0,0 +1,294 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+             const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *p,*buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=i2d(data,NULL);
+        buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf_in;
+
+        i2d(data,&p);
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+             ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+             const EVP_MD *type)
+        {
+        EVP_MD_CTX ctx;
+        unsigned char *buf_in=NULL,*buf_out=NULL;
+        int i,inl=0,outl=0,outll=0;
+        X509_ALGOR *a;
+
+        EVP_MD_CTX_init(&ctx);
+        for (i=0; i<2; i++)
+                {
+                if (i == 0)
+                        a=algor1;
+                else
+                        a=algor2;
+                if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+                        {
+                        /* special case: RFC 2459 tells us to omit 'parameters'
+                         * with id-dsa-with-sha1 */
+                        ASN1_TYPE_free(a->parameter);
+                        a->parameter = NULL;
+                        }
+                else if ((a->parameter == NULL) || 
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                ASN1_OBJECT_free(a->algorithm);
+                a->algorithm=OBJ_nid2obj(type->pkey_type);
+                if (a->algorithm == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        goto err;
+                        }
+                if (a->algorithm->length == 0)
+                        {
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        goto err;
+                        }
+                }
+        inl=ASN1_item_i2d(asn,&buf_in, it);
+        outll=outl=EVP_PKEY_size(pkey);
+        buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+        if ((buf_in == NULL) || (buf_out == NULL))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_SignInit_ex(&ctx,type, NULL);
+        EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+        if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+                        (unsigned int *)&outl,pkey))
+                {
+                outl=0;
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+                goto err;
+                }
+        if (signature->data != NULL) OPENSSL_free(signature->data);
+        signature->data=buf_out;
+        buf_out=NULL;
+        signature->length=outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        if (buf_in != NULL)
+                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+        if (buf_out != NULL)
+                { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+        return(outl);
+        }
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
new file mode 100644
index 0000000000..a07122ba47
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -0,0 +1,567 @@
+/* a_strex.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+#include "cryptlib.h"
+
+/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
+ * Enhanced string and name printing routines handling
+ * multibyte characters, RFC2253 and a host of other
+ * options.
+ */
+
+
+#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+
+/* Three IO functions for sending data to memory, a BIO and
+ * and a FILE pointer.
+ */
+#if 0                           /* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
+{
+        unsigned char **out = arg;
+        if(!out) return 1;
+        memcpy(*out, buf, len);
+        *out += len;
+        return 1;
+}
+#endif
+
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+        if(!arg) return 1;
+        if(BIO_write(arg, buf, len) != len) return 0;
+        return 1;
+}
+
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+        if(!arg) return 1;
+        if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
+        return 1;
+}
+
+typedef int char_io(void *arg, const void *buf, int len);
+
+/* This function handles display of
+ * strings, one character at a time.
+ * It is passed an unsigned long for each
+ * character because it could come from 2 or even
+ * 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
+{
+        unsigned char chflgs, chtmp;
+        char tmphex[HEX_SIZE(long)+3];
+
+        if(c > 0xffffffffL)
+                return -1;
+        if(c > 0xffff) {
+                BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
+                if(!io_ch(arg, tmphex, 10)) return -1;
+                return 10;
+        }
+        if(c > 0xff) {
+                BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
+                if(!io_ch(arg, tmphex, 6)) return -1;
+                return 6;
+        }
+        chtmp = (unsigned char)c;
+        if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+        else chflgs = char_type[chtmp] & flags;
+        if(chflgs & CHARTYPE_BS_ESC) {
+                /* If we don't escape with quotes, signal we need quotes */
+                if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+                        if(do_quotes) *do_quotes = 1;
+                        if(!io_ch(arg, &chtmp, 1)) return -1;
+                        return 1;
+                }
+                if(!io_ch(arg, "\\", 1)) return -1;
+                if(!io_ch(arg, &chtmp, 1)) return -1;
+                return 2;
+        }
+        if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
+                BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+                if(!io_ch(arg, tmphex, 3)) return -1;
+                return 3;
+        }
+        if(!io_ch(arg, &chtmp, 1)) return -1;
+        return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK     0x7
+#define BUF_TYPE_CONVUTF8       0x8
+
+/* This function sends each character in a buffer to
+ * do_esc_char(). It interprets the content formats
+ * and converts to or from UTF8 as appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+                        int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
+{
+        int i, outlen, len;
+        unsigned char orflags, *p, *q;
+        unsigned long c;
+        p = buf;
+        q = buf + buflen;
+        outlen = 0;
+        while(p != q) {
+                if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
+                else orflags = 0;
+                switch(type & BUF_TYPE_WIDTH_MASK) {
+                        case 4:
+                        c = ((unsigned long)*p++) << 24;
+                        c |= ((unsigned long)*p++) << 16;
+                        c |= ((unsigned long)*p++) << 8;
+                        c |= *p++;
+                        break;
+
+                        case 2:
+                        c = ((unsigned long)*p++) << 8;
+                        c |= *p++;
+                        break;
+
+                        case 1:
+                        c = *p++;
+                        break;
+                        
+                        case 0:
+                        i = UTF8_getc(p, buflen, &c);
+                        if(i < 0) return -1;    /* Invalid UTF8String */
+                        p += i;
+                        break;
+                }
+                if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
+                if(type & BUF_TYPE_CONVUTF8) {
+                        unsigned char utfbuf[6];
+                        int utflen;
+                        utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+                        for(i = 0; i < utflen; i++) {
+                                /* We don't need to worry about setting orflags correctly
+                                 * because if utflen==1 its value will be correct anyway 
+                                 * otherwise each character will be > 0x7f and so the 
+                                 * character will never be escaped on first and last.
+                                 */
+                                len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
+                                if(len < 0) return -1;
+                                outlen += len;
+                        }
+                } else {
+                        len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
+                        if(len < 0) return -1;
+                        outlen += len;
+                }
+        }
+        return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
+{
+        const static char hexdig[] = "0123456789ABCDEF";
+        unsigned char *p, *q;
+        char hextmp[2];
+        if(arg) {
+                p = buf;
+                q = buf + buflen;
+                while(p != q) {
+                        hextmp[0] = hexdig[*p >> 4];
+                        hextmp[1] = hexdig[*p & 0xf];
+                        if(!io_ch(arg, hextmp, 2)) return -1;
+                        p++;
+                }
+        }
+        return buflen << 1;
+}
+
+/* "dump" a string. This is done when the type is unknown,
+ * or the flags request it. We can either dump the content
+ * octets or the entire DER encoding. This uses the RFC2253
+ * #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+{
+        /* Placing the ASN1_STRING in a temp ASN1_TYPE allows
+         * the DER encoding to readily obtained
+         */
+        ASN1_TYPE t;
+        unsigned char *der_buf, *p;
+        int outlen, der_len;
+
+        if(!io_ch(arg, "#", 1)) return -1;
+        /* If we don't dump DER encoding just dump content octets */
+        if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+                outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+                if(outlen < 0) return -1;
+                return outlen + 1;
+        }
+        t.type = str->type;
+        t.value.ptr = (char *)str;
+        der_len = i2d_ASN1_TYPE(&t, NULL);
+        der_buf = OPENSSL_malloc(der_len);
+        if(!der_buf) return -1;
+        p = der_buf;
+        i2d_ASN1_TYPE(&t, &p);
+        outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+        OPENSSL_free(der_buf);
+        if(outlen < 0) return -1;
+        return outlen + 1;
+}
+
+/* Lookup table to convert tags to character widths,
+ * 0 = UTF8 encoded, -1 is used for non string types
+ * otherwise it is the number of bytes per character
+ */
+
+const static signed char tag2nbyte[] = {
+        -1, -1, -1, -1, -1,     /* 0-4 */
+        -1, -1, -1, -1, -1,     /* 5-9 */
+        -1, -1, 0, -1,          /* 10-13 */
+        -1, -1, -1, -1,         /* 15-17 */
+        -1, 1, 1,               /* 18-20 */
+        -1, 1, 1, 1,            /* 21-24 */
+        -1, 1, -1,              /* 25-27 */
+        4, -1, 2                /* 28-30 */
+};
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+                  ASN1_STRFLGS_ESC_QUOTE | \
+                  ASN1_STRFLGS_ESC_CTRL | \
+                  ASN1_STRFLGS_ESC_MSB)
+
+/* This is the main function, print out an
+ * ASN1_STRING taking note of various escape
+ * and display options. Returns number of
+ * characters written or -1 if an error
+ * occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
+{
+        int outlen, len;
+        int type;
+        char quotes;
+        unsigned char flags;
+        quotes = 0;
+        /* Keep a copy of escape flags */
+        flags = (unsigned char)(lflags & ESC_FLAGS);
+
+        type = str->type;
+
+        outlen = 0;
+
+
+        if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
+                const char *tagname;
+                tagname = ASN1_tag2str(type);
+                outlen += strlen(tagname);
+                if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; 
+                outlen++;
+        }
+
+        /* Decide what to do with type, either dump content or display it */
+
+        /* Dump everything */
+        if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
+        /* Ignore the string type */
+        else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
+        else {
+                /* Else determine width based on type */
+                if((type > 0) && (type < 31)) type = tag2nbyte[type];
+                else type = -1;
+                if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
+        }
+
+        if(type == -1) {
+                len = do_dump(lflags, io_ch, arg, str);
+                if(len < 0) return -1;
+                outlen += len;
+                return outlen;
+        }
+
+        if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+                /* Note: if string is UTF8 and we want
+                 * to convert to UTF8 then we just interpret
+                 * it as 1 byte per character to avoid converting
+                 * twice.
+                 */
+                if(!type) type = 1;
+                else type |= BUF_TYPE_CONVUTF8;
+        }
+
+        len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+        if(outlen < 0) return -1;
+        outlen += len;
+        if(quotes) outlen += 2;
+        if(!arg) return outlen;
+        if(quotes && !io_ch(arg, "\"", 1)) return -1;
+        do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
+        if(quotes && !io_ch(arg, "\"", 1)) return -1;
+        return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+        int i;
+        for(i = 0; i < indent; i++)
+                        if(!io_ch(arg, " ", 1)) return 0;
+        return 1;
+}
+
+#define FN_WIDTH_LN     25
+#define FN_WIDTH_SN     10
+
+static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
+                                int indent, unsigned long flags)
+{
+        int i, prev = -1, orflags, cnt;
+        int fn_opt, fn_nid;
+        ASN1_OBJECT *fn;
+        ASN1_STRING *val;
+        X509_NAME_ENTRY *ent;
+        char objtmp[80];
+        const char *objbuf;
+        int outlen, len;
+        char *sep_dn, *sep_mv, *sep_eq;
+        int sep_dn_len, sep_mv_len, sep_eq_len;
+        if(indent < 0) indent = 0;
+        outlen = indent;
+        if(!do_indent(io_ch, arg, indent)) return -1;
+        switch (flags & XN_FLAG_SEP_MASK)
+        {
+                case XN_FLAG_SEP_MULTILINE:
+                sep_dn = "\n";
+                sep_dn_len = 1;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                break;
+
+                case XN_FLAG_SEP_COMMA_PLUS:
+                sep_dn = ",";
+                sep_dn_len = 1;
+                sep_mv = "+";
+                sep_mv_len = 1;
+                indent = 0;
+                break;
+
+                case XN_FLAG_SEP_CPLUS_SPC:
+                sep_dn = ", ";
+                sep_dn_len = 2;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                indent = 0;
+                break;
+
+                case XN_FLAG_SEP_SPLUS_SPC:
+                sep_dn = "; ";
+                sep_dn_len = 2;
+                sep_mv = " + ";
+                sep_mv_len = 3;
+                indent = 0;
+                break;
+
+                default:
+                return -1;
+        }
+
+        if(flags & XN_FLAG_SPC_EQ) {
+                sep_eq = " = ";
+                sep_eq_len = 3;
+        } else {
+                sep_eq = "=";
+                sep_eq_len = 1;
+        }
+
+        fn_opt = flags & XN_FLAG_FN_MASK;
+
+        cnt = X509_NAME_entry_count(n); 
+        for(i = 0; i < cnt; i++) {
+                if(flags & XN_FLAG_DN_REV)
+                                ent = X509_NAME_get_entry(n, cnt - i - 1);
+                else ent = X509_NAME_get_entry(n, i);
+                if(prev != -1) {
+                        if(prev == ent->set) {
+                                if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
+                                outlen += sep_mv_len;
+                        } else {
+                                if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
+                                outlen += sep_dn_len;
+                                if(!do_indent(io_ch, arg, indent)) return -1;
+                                outlen += indent;
+                        }
+                }
+                prev = ent->set;
+                fn = X509_NAME_ENTRY_get_object(ent);
+                val = X509_NAME_ENTRY_get_data(ent);
+                fn_nid = OBJ_obj2nid(fn);
+                if(fn_opt != XN_FLAG_FN_NONE) {
+                        int objlen, fld_len;
+                        if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
+                                OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+                                fld_len = 0; /* XXX: what should this be? */
+                                objbuf = objtmp;
+                        } else {
+                                if(fn_opt == XN_FLAG_FN_SN) {
+                                        fld_len = FN_WIDTH_SN;
+                                        objbuf = OBJ_nid2sn(fn_nid);
+                                } else if(fn_opt == XN_FLAG_FN_LN) {
+                                        fld_len = FN_WIDTH_LN;
+                                        objbuf = OBJ_nid2ln(fn_nid);
+                                } else {
+                                        fld_len = 0; /* XXX: what should this be? */
+                                        objbuf = "";
+                                }
+                        }
+                        objlen = strlen(objbuf);
+                        if(!io_ch(arg, objbuf, objlen)) return -1;
+                        if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+                                if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
+                                outlen += fld_len - objlen;
+                        }
+                        if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
+                        outlen += objlen + sep_eq_len;
+                }
+                /* If the field name is unknown then fix up the DER dump
+                 * flag. We might want to limit this further so it will
+                 * DER dump on anything other than a few 'standard' fields.
+                 */
+                if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 
+                                        orflags = ASN1_STRFLGS_DUMP_ALL;
+                else orflags = 0;
+     
+                len = do_print_ex(io_ch, arg, flags | orflags, val);
+                if(len < 0) return -1;
+                outlen += len;
+        }
+        return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
+{
+        if(flags == XN_FLAG_COMPAT)
+                return X509_NAME_print(out, nm, indent);
+        return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
+{
+        if(flags == XN_FLAG_COMPAT)
+                {
+                BIO *btmp;
+                int ret;
+                btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+                if(!btmp) return -1;
+                ret = X509_NAME_print(btmp, nm, indent);
+                BIO_free(btmp);
+                return ret;
+                }
+        return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+{
+        return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+{
+        return do_print_ex(send_fp_chars, fp, flags, str);
+}
+
+/* Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+{
+        ASN1_STRING stmp, *str = &stmp;
+        int mbflag, type, ret;
+        if(!in) return -1;
+        type = in->type;
+        if((type < 0) || (type > 30)) return -1;
+        mbflag = tag2nbyte[type];
+        if(mbflag == -1) return -1;
+        if (mbflag == 0)
+                mbflag = MBSTRING_UTF8;
+        else if (mbflag == 4)
+                mbflag = MBSTRING_UNIV;
+        else            
+                mbflag |= MBSTRING_FLAG;
+        stmp.data = NULL;
+        ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+        if(ret < 0) return ret;
+        *out = stmp.data;
+        return stmp.length;
+}
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
new file mode 100644
index 0000000000..613bbc4a7d
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -0,0 +1,290 @@
+/* a_strnid.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+                        const ASN1_STRING_TABLE * const *b);
+static int table_cmp(const void *a, const void *b);
+
+
+/* This is the global mask for the mbstring functions: this is use to
+ * mask out certain types (such as BMPString and UTF8String) because
+ * certain software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = 0xFFFFFFFFL;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+        global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+        return global_mask;
+}
+
+/* This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default:   the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(char *p)
+{
+        unsigned long mask;
+        char *end;
+        if(!strncmp(p, "MASK:", 5)) {
+                if(!p[5]) return 0;
+                mask = strtoul(p + 5, &end, 0);
+                if(*end) return 0;
+        } else if(!strcmp(p, "nombstr"))
+                         mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+        else if(!strcmp(p, "pkix"))
+                        mask = ~((unsigned long)B_ASN1_T61STRING);
+        else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+        else if(!strcmp(p, "default"))
+            mask = 0xFFFFFFFFL;
+        else return 0;
+        ASN1_STRING_set_default_mask(mask);
+        return 1;
+}
+
+/* The following function generates an ASN1_STRING based on limits in a table.
+ * Frequently the types and length of an ASN1_STRING are restricted by a 
+ * corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
+                                        int inlen, int inform, int nid)
+{
+        ASN1_STRING_TABLE *tbl;
+        ASN1_STRING *str = NULL;
+        unsigned long mask;
+        int ret;
+        if(!out) out = &str;
+        tbl = ASN1_STRING_TABLE_get(nid);
+        if(tbl) {
+                mask = tbl->mask;
+                if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
+                ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+                                        tbl->minsize, tbl->maxsize);
+        } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
+        if(ret <= 0) return NULL;
+        return *out;
+}
+
+/* Now the tables and helper functions for the string table:
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
+
+
+/* This table must be kept in NID order */
+
+static ASN1_STRING_TABLE tbl_standard[] = {
+{NID_commonName,                1, ub_common_name, DIRSTRING_TYPE, 0},
+{NID_countryName,               2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_localityName,              1, ub_locality_name, DIRSTRING_TYPE, 0},
+{NID_stateOrProvinceName,       1, ub_state_name, DIRSTRING_TYPE, 0},
+{NID_organizationName,          1, ub_organization_name, DIRSTRING_TYPE, 0},
+{NID_organizationalUnitName,    1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
+{NID_pkcs9_emailAddress,        1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_pkcs9_unstructuredName,    1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_challengePassword,   1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+{NID_givenName,                 1, ub_name, DIRSTRING_TYPE, 0},
+{NID_surname,                   1, ub_name, DIRSTRING_TYPE, 0},
+{NID_initials,                  1, ub_name, DIRSTRING_TYPE, 0},
+{NID_serialNumber,              1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_friendlyName,              -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+{NID_name,                      1, ub_name, DIRSTRING_TYPE, 0},
+{NID_dnQualifier,               -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_domainComponent,           1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_ms_csp_name,               -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+};
+
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+                        const ASN1_STRING_TABLE * const *b)
+{
+        return (*a)->nid - (*b)->nid;
+}
+
+static int table_cmp(const void *a, const void *b)
+{
+        const ASN1_STRING_TABLE *sa = a, *sb = b;
+        return sa->nid - sb->nid;
+}
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+        int idx;
+        ASN1_STRING_TABLE *ttmp;
+        ASN1_STRING_TABLE fnd;
+        fnd.nid = nid;
+        ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+                                        (char *)tbl_standard, 
+                        sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+                        sizeof(ASN1_STRING_TABLE), table_cmp);
+        if(ttmp) return ttmp;
+        if(!stable) return NULL;
+        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+        if(idx < 0) return NULL;
+        return sk_ASN1_STRING_TABLE_value(stable, idx);
+}
+        
+int ASN1_STRING_TABLE_add(int nid,
+                 long minsize, long maxsize, unsigned long mask,
+                                unsigned long flags)
+{
+        ASN1_STRING_TABLE *tmp;
+        char new_nid = 0;
+        flags &= ~STABLE_FLAGS_MALLOC;
+        if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+        if(!stable) {
+                ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
+                tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+                if(!tmp) {
+                        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
+                                                        ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                tmp->flags = flags | STABLE_FLAGS_MALLOC;
+                tmp->nid = nid;
+                new_nid = 1;
+        } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
+        if(minsize != -1) tmp->minsize = minsize;
+        if(maxsize != -1) tmp->maxsize = maxsize;
+        tmp->mask = mask;
+        if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
+        return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+        STACK_OF(ASN1_STRING_TABLE) *tmp;
+        tmp = stable;
+        if(!tmp) return;
+        stable = NULL;
+        sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+        if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
+}
+
+
+IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
+
+#ifdef STRING_TABLE_TEST
+
+main()
+{
+        ASN1_STRING_TABLE *tmp;
+        int i, last_nid = -1;
+
+        for (tmp = tbl_standard, i = 0;
+                i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+                {
+                        if (tmp->nid < last_nid)
+                                {
+                                last_nid = 0;
+                                break;
+                                }
+                        last_nid = tmp->nid;
+                }
+
+        if (last_nid != 0)
+                {
+                printf("Table order OK\n");
+                exit(0);
+                }
+
+        for (tmp = tbl_standard, i = 0;
+                i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
+                        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+                                                        OBJ_nid2ln(tmp->nid));
+
+}
+
+#endif
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
new file mode 100644
index 0000000000..159681fbcb
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -0,0 +1,164 @@
+/* crypto/asn1/a_time.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ * written by Steve Henson.
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1t.h>
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+#if 0
+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+        {
+#ifdef CHARSET_EBCDIC
+        /* KLUDGE! We convert to ascii before writing DER */
+        char tmp[24];
+        ASN1_STRING tmpstr;
+
+        if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+            int len;
+
+            tmpstr = *(ASN1_STRING *)a;
+            len = tmpstr.length;
+            ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+            tmpstr.data = tmp;
+            a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+        }
+#endif
+        if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+                                return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                                     a->type ,V_ASN1_UNIVERSAL));
+        ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+        return -1;
+        }
+#endif
+
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+        {
+        struct tm *ts;
+        struct tm data;
+
+        ts=OPENSSL_gmtime(&t,&data);
+        if (ts == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+                return NULL;
+                }
+        if((ts->tm_year >= 50) && (ts->tm_year < 150))
+                                        return ASN1_UTCTIME_set(s, t);
+        return ASN1_GENERALIZEDTIME_set(s,t);
+        }
+
+int ASN1_TIME_check(ASN1_TIME *t)
+        {
+        if (t->type == V_ASN1_GENERALIZEDTIME)
+                return ASN1_GENERALIZEDTIME_check(t);
+        else if (t->type == V_ASN1_UTCTIME)
+                return ASN1_UTCTIME_check(t);
+        return 0;
+        }
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+        {
+        ASN1_GENERALIZEDTIME *ret;
+        char *str;
+        int newlen;
+
+        if (!ASN1_TIME_check(t)) return NULL;
+
+        if (!out || !*out)
+                {
+                if (!(ret = ASN1_GENERALIZEDTIME_new ()))
+                        return NULL;
+                if (out) *out = ret;
+                }
+        else ret = *out;
+
+        /* If already GeneralizedTime just copy across */
+        if (t->type == V_ASN1_GENERALIZEDTIME)
+                {
+                if(!ASN1_STRING_set(ret, t->data, t->length))
+                        return NULL;
+                return ret;
+                }
+
+        /* grow the string */
+        if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+                return NULL;
+        /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+        newlen = t->length + 2 + 1;
+        str = (char *)ret->data;
+        /* Work out the century and prepend */
+        if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
+        else BUF_strlcpy(str, "20", newlen);
+
+        BUF_strlcat(str, (char *)t->data, newlen);
+
+        return ret;
+        }
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
new file mode 100644
index 0000000000..2292d49b93
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/asn1t.h>
+#include "cryptlib.h"
+
+int ASN1_TYPE_get(ASN1_TYPE *a)
+        {
+        if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+                return(a->type);
+        else
+                return(0);
+        }
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+        {
+        if (a->value.ptr != NULL)
+                {
+                ASN1_TYPE **tmp_a = &a;
+                ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+                }
+        a->type=type;
+        a->value.ptr=value;
+        }
+
+
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/src/lib/libcrypto/asn1/a_utf8.c b/src/lib/libcrypto/asn1/a_utf8.c
new file mode 100644
index 0000000000..508e11e527
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_utf8.c
@@ -0,0 +1,211 @@
+/* crypto/asn1/a_utf8.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+
+/* UTF8 utilities */
+
+/* This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+        const unsigned char *p;
+        unsigned long value;
+        int ret;
+        if(len <= 0) return 0;
+        p = str;
+
+        /* Check syntax and work out the encoded value (if correct) */
+        if((*p & 0x80) == 0) {
+                value = *p++ & 0x7f;
+                ret = 1;
+        } else if((*p & 0xe0) == 0xc0) {
+                if(len < 2) return -1;
+                if((p[1] & 0xc0) != 0x80) return -3;
+                value = (*p++ & 0x1f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x80) return -4;
+                ret = 2;
+        } else if((*p & 0xf0) == 0xe0) {
+                if(len < 3) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) ) return -3;
+                value = (*p++ & 0xf) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x800) return -4;
+                ret = 3;
+        } else if((*p & 0xf8) == 0xf0) {
+                if(len < 4) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) 
+                   || ((p[3] & 0xc0) != 0x80) ) return -3;
+                value = ((unsigned long)(*p++ & 0x7)) << 18;
+                value |= (*p++ & 0x3f) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x10000) return -4;
+                ret = 4;
+        } else if((*p & 0xfc) == 0xf8) {
+                if(len < 5) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) 
+                   || ((p[3] & 0xc0) != 0x80) 
+                   || ((p[4] & 0xc0) != 0x80) ) return -3;
+                value = ((unsigned long)(*p++ & 0x3)) << 24;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x200000) return -4;
+                ret = 5;
+        } else if((*p & 0xfe) == 0xfc) {
+                if(len < 6) return -1;
+                if( ((p[1] & 0xc0) != 0x80)
+                   || ((p[2] & 0xc0) != 0x80) 
+                   || ((p[3] & 0xc0) != 0x80) 
+                   || ((p[4] & 0xc0) != 0x80) 
+                   || ((p[5] & 0xc0) != 0x80) ) return -3;
+                value = ((unsigned long)(*p++ & 0x1)) << 30;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+                value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+                value |= (*p++ & 0x3f) << 6;
+                value |= *p++ & 0x3f;
+                if(value < 0x4000000) return -4;
+                ret = 6;
+        } else return -2;
+        *val = value;
+        return ret;
+}
+
+/* This takes a character 'value' and writes the UTF8 encoded value in
+ * 'str' where 'str' is a buffer containing 'len' characters. Returns
+ * the number of characters written or -1 if 'len' is too small. 'str' can
+ * be set to NULL in which case it just returns the number of characters.
+ * It will need at most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+        if(!str) len = 6;       /* Maximum we will need */
+        else if(len <= 0) return -1;
+        if(value < 0x80) {
+                if(str) *str = (unsigned char)value;
+                return 1;
+        }
+        if(value < 0x800) {
+                if(len < 2) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 2;
+        }
+        if(value < 0x10000) {
+                if(len < 3) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 3;
+        }
+        if(value < 0x200000) {
+                if(len < 4) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+                        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 4;
+        }
+        if(value < 0x4000000) {
+                if(len < 5) return -1;
+                if(str) {
+                        *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+                        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+                        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+                        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                        *str = (unsigned char)((value & 0x3f) | 0x80);
+                }
+                return 5;
+        }
+        if(len < 6) return -1;
+        if(str) {
+                *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+                *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+                *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+                *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+                *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+                *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 6;
+}
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
new file mode 100644
index 0000000000..18ef0acf00
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -0,0 +1,181 @@
+/* crypto/asn1/a_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
+             char *data, EVP_PKEY *pkey)
+        {
+        EVP_MD_CTX ctx;
+        const EVP_MD *type;
+        unsigned char *p,*buf_in=NULL;
+        int ret= -1,i,inl;
+
+        EVP_MD_CTX_init(&ctx);
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+        
+        inl=i2d(data,NULL);
+        buf_in=OPENSSL_malloc((unsigned int)inl);
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf_in;
+
+        i2d(data,&p);
+        EVP_VerifyInit_ex(&ctx,type, NULL);
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+        OPENSSL_cleanse(buf_in,(unsigned int)inl);
+        OPENSSL_free(buf_in);
+
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+             void *asn, EVP_PKEY *pkey)
+        {
+        EVP_MD_CTX ctx;
+        const EVP_MD *type;
+        unsigned char *buf_in=NULL;
+        int ret= -1,i,inl;
+
+        EVP_MD_CTX_init(&ctx);
+        i=OBJ_obj2nid(a->algorithm);
+        type=EVP_get_digestbyname(OBJ_nid2sn(i));
+        if (type == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+
+        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+
+        inl = ASN1_item_i2d(asn, &buf_in, it);
+        
+        if (buf_in == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+        OPENSSL_cleanse(buf_in,(unsigned int)inl);
+        OPENSSL_free(buf_in);
+
+        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+                        (unsigned int)signature->length,pkey) <= 0)
+                {
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+                ret=0;
+                goto err;
+                }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+
+
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
new file mode 100644
index 0000000000..ceaeb4cbe3
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -0,0 +1,1111 @@
+/* crypto/asn1/asn1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_H
+#define HEADER_ASN1_H
+
+#include <time.h>
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/e_os2.h>
+#include <openssl/bn.h>
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+
+#include <openssl/symhacks.h>
+
+#include <openssl/ossl_typ.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define V_ASN1_UNIVERSAL                0x00
+#define V_ASN1_APPLICATION              0x40
+#define V_ASN1_CONTEXT_SPECIFIC         0x80
+#define V_ASN1_PRIVATE                  0xc0
+
+#define V_ASN1_CONSTRUCTED              0x20
+#define V_ASN1_PRIMITIVE_TAG            0x1f
+#define V_ASN1_PRIMATIVE_TAG            0x1f
+
+#define V_ASN1_APP_CHOOSE               -2      /* let the recipient choose */
+#define V_ASN1_OTHER                    -3      /* used in ASN1_TYPE */
+#define V_ASN1_ANY                      -4      /* used in ASN1 template code */
+
+#define V_ASN1_NEG                      0x100   /* negative flag */
+
+#define V_ASN1_UNDEF                    -1
+#define V_ASN1_EOC                      0
+#define V_ASN1_BOOLEAN                  1       /**/
+#define V_ASN1_INTEGER                  2
+#define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
+#define V_ASN1_BIT_STRING               3
+#define V_ASN1_OCTET_STRING             4
+#define V_ASN1_NULL                     5
+#define V_ASN1_OBJECT                   6
+#define V_ASN1_OBJECT_DESCRIPTOR        7
+#define V_ASN1_EXTERNAL                 8
+#define V_ASN1_REAL                     9
+#define V_ASN1_ENUMERATED               10
+#define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
+#define V_ASN1_UTF8STRING               12
+#define V_ASN1_SEQUENCE                 16
+#define V_ASN1_SET                      17
+#define V_ASN1_NUMERICSTRING            18      /**/
+#define V_ASN1_PRINTABLESTRING          19
+#define V_ASN1_T61STRING                20
+#define V_ASN1_TELETEXSTRING            20      /* alias */
+#define V_ASN1_VIDEOTEXSTRING           21      /**/
+#define V_ASN1_IA5STRING                22
+#define V_ASN1_UTCTIME                  23
+#define V_ASN1_GENERALIZEDTIME          24      /**/
+#define V_ASN1_GRAPHICSTRING            25      /**/
+#define V_ASN1_ISO64STRING              26      /**/
+#define V_ASN1_VISIBLESTRING            26      /* alias */
+#define V_ASN1_GENERALSTRING            27      /**/
+#define V_ASN1_UNIVERSALSTRING          28      /**/
+#define V_ASN1_BMPSTRING                30
+
+/* For use with d2i_ASN1_type_bytes() */
+#define B_ASN1_NUMERICSTRING    0x0001
+#define B_ASN1_PRINTABLESTRING  0x0002
+#define B_ASN1_T61STRING        0x0004
+#define B_ASN1_TELETEXSTRING    0x0004
+#define B_ASN1_VIDEOTEXSTRING   0x0008
+#define B_ASN1_IA5STRING        0x0010
+#define B_ASN1_GRAPHICSTRING    0x0020
+#define B_ASN1_ISO64STRING      0x0040
+#define B_ASN1_VISIBLESTRING    0x0040
+#define B_ASN1_GENERALSTRING    0x0080
+#define B_ASN1_UNIVERSALSTRING  0x0100
+#define B_ASN1_OCTET_STRING     0x0200
+#define B_ASN1_BIT_STRING       0x0400
+#define B_ASN1_BMPSTRING        0x0800
+#define B_ASN1_UNKNOWN          0x1000
+#define B_ASN1_UTF8STRING       0x2000
+#define B_ASN1_UTCTIME          0x4000
+#define B_ASN1_GENERALIZEDTIME  0x8000
+
+/* For use with ASN1_mbstring_copy() */
+#define MBSTRING_FLAG           0x1000
+#define MBSTRING_ASC            (MBSTRING_FLAG|1)
+#define MBSTRING_BMP            (MBSTRING_FLAG|2)
+#define MBSTRING_UNIV           (MBSTRING_FLAG|3)
+#define MBSTRING_UTF8           (MBSTRING_FLAG|4)
+
+struct X509_algor_st;
+
+#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
+#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
+
+typedef struct asn1_ctx_st
+        {
+        unsigned char *p;/* work char pointer */
+        int eos;        /* end of sequence read for indefinite encoding */
+        int error;      /* error code to use when returning an error */
+        int inf;        /* constructed if 0x20, indefinite is 0x21 */
+        int tag;        /* tag from last 'get object' */
+        int xclass;     /* class from last 'get object' */
+        long slen;      /* length of last 'get object' */
+        unsigned char *max; /* largest value of p allowed */
+        unsigned char *q;/* temporary variable */
+        unsigned char **pp;/* variable */
+        int line;       /* used in error processing */
+        } ASN1_CTX;
+
+/* These are used internally in the ASN1_OBJECT to keep track of
+ * whether the names and data need to be free()ed */
+#define ASN1_OBJECT_FLAG_DYNAMIC         0x01   /* internal use */
+#define ASN1_OBJECT_FLAG_CRITICAL        0x02   /* critical x509v3 object id */
+#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04   /* internal use */
+#define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08   /* internal use */
+typedef struct asn1_object_st
+        {
+        const char *sn,*ln;
+        int nid;
+        int length;
+        unsigned char *data;
+        int flags;      /* Should we free this one */
+        } ASN1_OBJECT;
+
+#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
+/* This is the base type that holds just about everything :-) */
+typedef struct asn1_string_st
+        {
+        int length;
+        int type;
+        unsigned char *data;
+        /* The value of the following field depends on the type being
+         * held.  It is mostly being used for BIT_STRING so if the
+         * input data has a non-zero 'unused bits' value, it will be
+         * handled correctly */
+        long flags;
+        } ASN1_STRING;
+
+/* ASN1_ENCODING structure: this is used to save the received
+ * encoding of an ASN1 type. This is useful to get round
+ * problems with invalid encodings which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st
+        {
+        unsigned char *enc;     /* DER encoding */
+        long len;               /* Length of encoding */
+        int modified;            /* set to 1 if 'enc' is invalid */
+        } ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+#define ASN1_LONG_UNDEF 0x7fffffffL
+
+#define STABLE_FLAGS_MALLOC     0x01
+#define STABLE_NO_MASK          0x02
+#define DIRSTRING_TYPE  \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+        int nid;
+        long minsize;
+        long maxsize;
+        unsigned long mask;
+        unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DECLARE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+
+/* Declarations for template structures: for full definitions
+ * see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a); \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+        type *name##_new(void); \
+        void name##_free(type *a); \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+        type *d2i_##name(type **a, unsigned char **in, long len); \
+        int i2d_##name(type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(itname)
+
+#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(const type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(name)
+
+#define DECLARE_ASN1_FUNCTIONS_const(name) \
+        name *name##_new(void); \
+        void name##_free(name *a);
+
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING; 
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#define DECLARE_ASN1_ITEM(name) \
+        OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+#else
+
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+        const ASN1_ITEM * name##_it(void);
+
+#endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/* These determine which characters to escape:
+ * RFC2253 special characters, control characters and
+ * MSB set characters
+ */
+
+#define ASN1_STRFLGS_ESC_2253           1
+#define ASN1_STRFLGS_ESC_CTRL           2
+#define ASN1_STRFLGS_ESC_MSB            4
+
+
+/* This flag determines how we do escaping: normally
+ * RC2253 backslash only, set this to use backslash and
+ * quote.
+ */
+
+#define ASN1_STRFLGS_ESC_QUOTE          8
+
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+#define CHARTYPE_PRINTABLESTRING        0x10
+/* Character needs escaping if it is the first character */
+#define CHARTYPE_FIRST_ESC_2253         0x20
+/* Character needs escaping if it is the last character */
+#define CHARTYPE_LAST_ESC_2253          0x40
+
+/* NB the internal flags are safely reused below by flags
+ * handled at the top level.
+ */
+
+/* If this is set we convert all character strings
+ * to UTF8 first 
+ */
+
+#define ASN1_STRFLGS_UTF8_CONVERT       0x10
+
+/* If this is set we don't attempt to interpret content:
+ * just assume all strings are 1 byte per character. This
+ * will produce some pretty odd looking output!
+ */
+
+#define ASN1_STRFLGS_IGNORE_TYPE        0x20
+
+/* If this is set we include the string type in the output */
+#define ASN1_STRFLGS_SHOW_TYPE          0x40
+
+/* This determines which strings to display and which to
+ * 'dump' (hex dump of content octets or DER encoding). We can
+ * only dump non character strings or everything. If we
+ * don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to
+ * the usual escaping options.
+ */
+
+#define ASN1_STRFLGS_DUMP_ALL           0x80
+#define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+
+/* These determine what 'dumping' does, we can dump the
+ * content octets or the DER encoding: both use the
+ * RFC2253 #XXXXX notation.
+ */
+
+#define ASN1_STRFLGS_DUMP_DER           0x200
+
+/* All the string flags consistent with RFC2253,
+ * escaping control characters isn't essential in
+ * RFC2253 but it is advisable anyway.
+ */
+
+#define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
+                                ASN1_STRFLGS_ESC_CTRL | \
+                                ASN1_STRFLGS_ESC_MSB | \
+                                ASN1_STRFLGS_UTF8_CONVERT | \
+                                ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                ASN1_STRFLGS_DUMP_DER)
+
+DECLARE_STACK_OF(ASN1_INTEGER)
+DECLARE_ASN1_SET_OF(ASN1_INTEGER)
+
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
+typedef struct asn1_type_st
+        {
+        int type;
+        union   {
+                char *ptr;
+                ASN1_BOOLEAN            boolean;
+                ASN1_STRING *           asn1_string;
+                ASN1_OBJECT *           object;
+                ASN1_INTEGER *          integer;
+                ASN1_ENUMERATED *       enumerated;
+                ASN1_BIT_STRING *       bit_string;
+                ASN1_OCTET_STRING *     octet_string;
+                ASN1_PRINTABLESTRING *  printablestring;
+                ASN1_T61STRING *        t61string;
+                ASN1_IA5STRING *        ia5string;
+                ASN1_GENERALSTRING *    generalstring;
+                ASN1_BMPSTRING *        bmpstring;
+                ASN1_UNIVERSALSTRING *  universalstring;
+                ASN1_UTCTIME *          utctime;
+                ASN1_GENERALIZEDTIME *  generalizedtime;
+                ASN1_VISIBLESTRING *    visiblestring;
+                ASN1_UTF8STRING *       utf8string;
+                /* set and sequence are left complete and still
+                 * contain the set or sequence bytes */
+                ASN1_STRING *           set;
+                ASN1_STRING *           sequence;
+                } value;
+        } ASN1_TYPE;
+
+DECLARE_STACK_OF(ASN1_TYPE)
+DECLARE_ASN1_SET_OF(ASN1_TYPE)
+
+typedef struct asn1_method_st
+        {
+        int (*i2d)();
+        char *(*d2i)();
+        char *(*create)();
+        void (*destroy)();
+        } ASN1_METHOD;
+
+/* This is used when parsing some Netscape objects */
+typedef struct asn1_header_st
+        {
+        ASN1_OCTET_STRING *header;
+        char *data;
+        ASN1_METHOD *meth;
+        } ASN1_HEADER;
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+        int bitnum;
+        const char *lname;
+        const char *sname;
+} BIT_STRING_BITNAME;
+
+
+#define M_ASN1_STRING_length(x) ((x)->length)
+#define M_ASN1_STRING_length_set(x, n)  ((x)->length = (n))
+#define M_ASN1_STRING_type(x)   ((x)->type)
+#define M_ASN1_STRING_data(x)   ((x)->data)
+
+/* Macros for string operations */
+#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
+#define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+                ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+
+#define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
+                ASN1_STRING_type_new(V_ASN1_INTEGER)
+#define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
+                ASN1_STRING_type_new(V_ASN1_ENUMERATED)
+#define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+#define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
+                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
+#define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+                ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+                (ASN1_STRING *)a,(ASN1_STRING *)b)
+#define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
+#define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
+#define M_i2d_ASN1_OCTET_STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
+                V_ASN1_UNIVERSAL)
+
+#define B_ASN1_TIME \
+                        B_ASN1_UTCTIME | \
+                        B_ASN1_GENERALIZEDTIME
+
+#define B_ASN1_PRINTABLE \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_T61STRING| \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_BIT_STRING| \
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING|\
+                        B_ASN1_UNKNOWN
+
+#define B_ASN1_DIRECTORYSTRING \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_TELETEXSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_UTF8STRING
+
+#define B_ASN1_DISPLAYTEXT \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_VISIBLESTRING| \
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING
+
+#define M_ASN1_PRINTABLE_new()  ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_PRINTABLE)
+
+#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define M_DIRECTORYSTRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                                                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DIRECTORYSTRING(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_DIRECTORYSTRING)
+
+#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+                                                pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DISPLAYTEXT(a,pp,l) \
+                d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+                        B_ASN1_DISPLAYTEXT)
+
+#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
+                ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define M_ASN1_PRINTABLESTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
+                V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
+                (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
+
+#define M_ASN1_T61STRING_new()  (ASN1_T61STRING *)\
+                ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_T61STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_T61STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
+                V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_T61STRING(a,pp,l) \
+                (ASN1_T61STRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
+
+#define M_ASN1_IA5STRING_new()  (ASN1_IA5STRING *)\
+                ASN1_STRING_type_new(V_ASN1_IA5STRING)
+#define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_IA5STRING_dup(a) \
+                        (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_i2d_ASN1_IA5STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_IA5STRING(a,pp,l) \
+                (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
+                        B_ASN1_IA5STRING)
+
+#define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
+                ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
+                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
+#define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
+        (ASN1_STRING *)a)
+
+#define M_ASN1_TIME_new()       (ASN1_TIME *)\
+                ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
+#define M_ASN1_GENERALSTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_GENERALSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
+                (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
+
+#define M_ASN1_UNIVERSALSTRING_new()    (ASN1_UNIVERSALSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
+#define M_ASN1_UNIVERSALSTRING_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
+                (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
+
+#define M_ASN1_BMPSTRING_new()  (ASN1_BMPSTRING *)\
+                ASN1_STRING_type_new(V_ASN1_BMPSTRING)
+#define M_ASN1_BMPSTRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_BMPSTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
+                (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
+
+#define M_ASN1_VISIBLESTRING_new()      (ASN1_VISIBLESTRING *)\
+                ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_ASN1_VISIBLESTRING_free(a)    ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
+                (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
+
+#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
+                ASN1_STRING_type_new(V_ASN1_UTF8STRING)
+#define M_ASN1_UTF8STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UTF8STRING(a,pp) \
+                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
+                        V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
+                (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
+                ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
+
+  /* for the is_set parameter to i2d_ASN1_SET */
+#define IS_SEQUENCE     0
+#define IS_SET          1
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+
+ASN1_OBJECT *   ASN1_OBJECT_new(void );
+void            ASN1_OBJECT_free(ASN1_OBJECT *a);
+int             i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT *   c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+                        long length);
+ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+                        long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
+ASN1_STRING *   ASN1_STRING_new(void);
+void            ASN1_STRING_free(ASN1_STRING *a);
+ASN1_STRING *   ASN1_STRING_dup(ASN1_STRING *a);
+ASN1_STRING *   ASN1_STRING_type_new(int type );
+int             ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+  /* Since this is used to store all sorts of things, via macros, for now, make
+     its data void * */
+int             ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+int ASN1_STRING_length(ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(ASN1_STRING *x);
+unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int             i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
+                        long length);
+int             ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
+                        int length );
+int             ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int             ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+
+#ifndef OPENSSL_NO_BIO
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                                BIT_STRING_BITNAME *tbl, int indent);
+#endif
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+                                BIT_STRING_BITNAME *tbl);
+
+int             i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
+int             d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+int             i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+                        long length);
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
+                        long length);
+ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+
+int             i2d_ASN1_SET(STACK *a, unsigned char **pp,
+                        int (*func)(), int ex_tag, int ex_class, int is_set);
+STACK *         d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+                        char *(*func)(), void (*free_func)(void *),
+                        int ex_tag, int ex_class);
+
+#ifndef OPENSSL_NO_BIO
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+#endif
+int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
+        const char *sn, const char *ln);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
+        long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
+/* type is one or more of the B_ASN1_ values. */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
+                long length,int type);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
+        int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+        int tag, int xclass);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+#ifndef OPENSSL_NO_FP_API
+char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+#endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+#ifndef OPENSSL_NO_BIO
+char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
+#endif
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write netscape format cert/key */
+int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length);
+ASN1_HEADER *ASN1_HEADER_new(void );
+void ASN1_HEADER_free(ASN1_HEADER *a);
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+/* Not used that much at this point, except for the first two */
+ASN1_METHOD *X509_asn1_meth(void);
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
+        unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
+        unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+        unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
+        unsigned char *data, int max_len);
+
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+                                                 void (*free_func)(void *) ); 
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+                             int *len );
+void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                                        int inform, unsigned long mask, 
+                                        long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 
+                const unsigned char *in, int inlen, int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ASN1_strings(void);
+
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+#define ASN1_F_A2D_ASN1_OBJECT                           100
+#define ASN1_F_A2I_ASN1_ENUMERATED                       101
+#define ASN1_F_A2I_ASN1_INTEGER                          102
+#define ASN1_F_A2I_ASN1_STRING                           103
+#define ASN1_F_ASN1_BIT_STRING_SET_BIT                   176
+#define ASN1_F_ASN1_CHECK_TLEN                           104
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE                    105
+#define ASN1_F_ASN1_COLLECT                              106
+#define ASN1_F_ASN1_D2I_BIO                              107
+#define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
+#define ASN1_F_ASN1_D2I_FP                               109
+#define ASN1_F_ASN1_DIGEST                               177
+#define ASN1_F_ASN1_DO_ADB                               110
+#define ASN1_F_ASN1_DUP                                  111
+#define ASN1_F_ASN1_ENUMERATED_SET                       112
+#define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
+#define ASN1_F_ASN1_GENERALIZEDTIME_SET                  178
+#define ASN1_F_ASN1_GET_OBJECT                           114
+#define ASN1_F_ASN1_HEADER_NEW                           115
+#define ASN1_F_ASN1_I2D_BIO                              116
+#define ASN1_F_ASN1_I2D_FP                               117
+#define ASN1_F_ASN1_INTEGER_SET                          118
+#define ASN1_F_ASN1_INTEGER_TO_BN                        119
+#define ASN1_F_ASN1_ITEM_EX_D2I                          120
+#define ASN1_F_ASN1_ITEM_NEW                             121
+#define ASN1_F_ASN1_MBSTRING_COPY                        122
+#define ASN1_F_ASN1_OBJECT_NEW                           123
+#define ASN1_F_ASN1_PACK_STRING                          124
+#define ASN1_F_ASN1_PBE_SET                              125
+#define ASN1_F_ASN1_SEQ_PACK                             126
+#define ASN1_F_ASN1_SEQ_UNPACK                           127
+#define ASN1_F_ASN1_SIGN                                 128
+#define ASN1_F_ASN1_STRING_SET                           179
+#define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+#define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+#define ASN1_F_ASN1_TEMPLATE_D2I                         131
+#define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
+#define ASN1_F_ASN1_TEMPLATE_NEW                         133
+#define ASN1_F_ASN1_TIME_SET                             175
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
+#define ASN1_F_ASN1_UNPACK_STRING                        136
+#define ASN1_F_ASN1_UTCTIME_SET                          180
+#define ASN1_F_ASN1_VERIFY                               137
+#define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
+#define ASN1_F_BN_TO_ASN1_INTEGER                        139
+#define ASN1_F_COLLECT_DATA                              140
+#define ASN1_F_D2I_ASN1_BIT_STRING                       141
+#define ASN1_F_D2I_ASN1_BOOLEAN                          142
+#define ASN1_F_D2I_ASN1_BYTES                            143
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME                  144
+#define ASN1_F_D2I_ASN1_HEADER                           145
+#define ASN1_F_D2I_ASN1_INTEGER                          146
+#define ASN1_F_D2I_ASN1_OBJECT                           147
+#define ASN1_F_D2I_ASN1_SET                              148
+#define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
+#define ASN1_F_D2I_ASN1_UINTEGER                         150
+#define ASN1_F_D2I_ASN1_UTCTIME                          151
+#define ASN1_F_D2I_NETSCAPE_RSA                          152
+#define ASN1_F_D2I_NETSCAPE_RSA_2                        153
+#define ASN1_F_D2I_PRIVATEKEY                            154
+#define ASN1_F_D2I_PUBLICKEY                             155
+#define ASN1_F_D2I_X509                                  156
+#define ASN1_F_D2I_X509_CINF                             157
+#define ASN1_F_D2I_X509_NAME                             158
+#define ASN1_F_D2I_X509_PKEY                             159
+#define ASN1_F_I2D_ASN1_SET                              181
+#define ASN1_F_I2D_ASN1_TIME                             160
+#define ASN1_F_I2D_DSA_PUBKEY                            161
+#define ASN1_F_I2D_NETSCAPE_RSA                          162
+#define ASN1_F_I2D_PRIVATEKEY                            163
+#define ASN1_F_I2D_PUBLICKEY                             164
+#define ASN1_F_I2D_RSA_PUBKEY                            165
+#define ASN1_F_LONG_C2I                                  166
+#define ASN1_F_OID_MODULE_INIT                           174
+#define ASN1_F_PKCS5_PBE2_SET                            167
+#define ASN1_F_X509_CINF_NEW                             168
+#define ASN1_F_X509_CRL_ADD0_REVOKED                     169
+#define ASN1_F_X509_INFO_NEW                             170
+#define ASN1_F_X509_NAME_NEW                             171
+#define ASN1_F_X509_NEW                                  172
+#define ASN1_F_X509_PKEY_NEW                             173
+
+/* Reason codes. */
+#define ASN1_R_ADDING_OBJECT                             171
+#define ASN1_R_AUX_ERROR                                 100
+#define ASN1_R_BAD_CLASS                                 101
+#define ASN1_R_BAD_OBJECT_HEADER                         102
+#define ASN1_R_BAD_PASSWORD_READ                         103
+#define ASN1_R_BAD_TAG                                   104
+#define ASN1_R_BN_LIB                                    105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
+#define ASN1_R_BUFFER_TOO_SMALL                          107
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
+#define ASN1_R_DATA_IS_WRONG                             109
+#define ASN1_R_DECODE_ERROR                              110
+#define ASN1_R_DECODING_ERROR                            111
+#define ASN1_R_ENCODE_ERROR                              112
+#define ASN1_R_ERROR_GETTING_TIME                        173
+#define ASN1_R_ERROR_LOADING_SECTION                     172
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT                 113
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
+#define ASN1_R_EXPECTING_AN_INTEGER                      115
+#define ASN1_R_EXPECTING_AN_OBJECT                       116
+#define ASN1_R_EXPECTING_A_BOOLEAN                       117
+#define ASN1_R_EXPECTING_A_TIME                          118
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
+#define ASN1_R_FIELD_MISSING                             121
+#define ASN1_R_FIRST_NUM_TOO_LARGE                       122
+#define ASN1_R_HEADER_TOO_LONG                           123
+#define ASN1_R_ILLEGAL_CHARACTERS                        124
+#define ASN1_R_ILLEGAL_NULL                              125
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+#define ASN1_R_ILLEGAL_TAGGED_ANY                        127
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
+#define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
+#define ASN1_R_INVALID_DIGIT                             130
+#define ASN1_R_INVALID_SEPARATOR                         131
+#define ASN1_R_INVALID_TIME_FORMAT                       132
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
+#define ASN1_R_INVALID_UTF8STRING                        134
+#define ASN1_R_IV_TOO_LARGE                              135
+#define ASN1_R_LENGTH_ERROR                              136
+#define ASN1_R_MISSING_EOC                               137
+#define ASN1_R_MISSING_SECOND_NUMBER                     138
+#define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+#define ASN1_R_MSTRING_WRONG_TAG                         140
+#define ASN1_R_NON_HEX_CHARACTERS                        141
+#define ASN1_R_NOT_ENOUGH_DATA                           142
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
+#define ASN1_R_NULL_IS_WRONG_LENGTH                      144
+#define ASN1_R_ODD_NUMBER_OF_CHARS                       145
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING                146
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
+#define ASN1_R_SHORT_LINE                                150
+#define ASN1_R_STRING_TOO_LONG                           151
+#define ASN1_R_STRING_TOO_SHORT                          152
+#define ASN1_R_TAG_VALUE_TOO_HIGH                        153
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_TOO_LONG                                  155
+#define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
+#define ASN1_R_UNEXPECTED_EOC                            159
+#define ASN1_R_UNKNOWN_FORMAT                            160
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
+#define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
+#define ASN1_R_UNSUPPORTED_CIPHER                        165
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
+#define ASN1_R_WRONG_TAG                                 168
+#define ASN1_R_WRONG_TYPE                                169
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
new file mode 100644
index 0000000000..3b57c8fbae
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -0,0 +1,248 @@
+/* crypto/asn1/asn1_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ASN1_str_functs[]=
+        {
+{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),  "a2d_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),      "a2i_ASN1_ENUMERATED"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),  "a2i_ASN1_STRING"},
+{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0),  "ASN1_BIT_STRING_set_bit"},
+{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),  "ASN1_CHECK_TLEN"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),   "ASN1_COLLATE_PRIMITIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),     "ASN1_COLLECT"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),     "ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),    "ASN1_D2I_EX_PRIMITIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),      "ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0),      "ASN1_digest"},
+{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),      "ASN1_DO_ADB"},
+{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),      "ASN1_ENUMERATED_set"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),    "ASN1_ENUMERATED_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"},
+{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),  "ASN1_get_object"},
+{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),  "ASN1_HEADER_new"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),     "ASN1_i2d_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),      "ASN1_i2d_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"},
+{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),       "ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),    "ASN1_item_new"},
+{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),       "ASN1_mbstring_copy"},
+{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),  "ASN1_OBJECT_new"},
+{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0),     "ASN1_PBE_SET"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),    "ASN1_seq_pack"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),  "ASN1_seq_unpack"},
+{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),        "ASN1_sign"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0),  "ASN1_STRING_set"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),    "ASN1_STRING_TABLE_add"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),     "ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),        "ASN1_TEMPLATE_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),     "ASN1_TEMPLATE_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),        "ASN1_TEMPLATE_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0),    "ASN1_TIME_set"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),    "ASN1_TYPE_get_int_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),        "ASN1_TYPE_get_octetstring"},
+{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),       "ASN1_unpack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"},
+{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),      "ASN1_verify"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),    "BN_to_ASN1_ENUMERATED"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),       "BN_to_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),     "COLLECT_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),      "D2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),   "d2i_ASN1_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),  "d2i_ASN1_HEADER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),  "d2i_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),     "d2i_ASN1_SET"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),      "d2i_ASN1_type_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),        "d2i_ASN1_UINTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),       "D2I_NETSCAPE_RSA_2"},
+{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),   "d2i_PrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),    "d2i_PublicKey"},
+{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"},
+{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),    "D2I_X509_CINF"},
+{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),    "D2I_X509_NAME"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),    "d2i_X509_PKEY"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0),     "i2d_ASN1_SET"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),    "I2D_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),   "i2d_DSA_PUBKEY"},
+{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),   "i2d_PrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),    "i2d_PublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),   "i2d_RSA_PUBKEY"},
+{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"},
+{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),  "OID_MODULE_INIT"},
+{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),   "PKCS5_pbe2_set"},
+{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),    "X509_CINF_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),    "X509_CRL_add0_revoked"},
+{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),    "X509_INFO_new"},
+{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),    "X509_NAME_NEW"},
+{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"},
+{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),    "X509_PKEY_new"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA ASN1_str_reasons[]=
+        {
+{ASN1_R_ADDING_OBJECT                    ,"adding object"},
+{ASN1_R_AUX_ERROR                        ,"aux error"},
+{ASN1_R_BAD_CLASS                        ,"bad class"},
+{ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
+{ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
+{ASN1_R_BAD_TAG                          ,"bad tag"},
+{ASN1_R_BN_LIB                           ,"bn lib"},
+{ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
+{ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER  ,"cipher has no object identifier"},
+{ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
+{ASN1_R_DECODE_ERROR                     ,"decode error"},
+{ASN1_R_DECODING_ERROR                   ,"decoding error"},
+{ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
+{ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
+{ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
+{ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
+{ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
+{ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
+{ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
+{ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
+{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
+{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
+{ASN1_R_FIELD_MISSING                    ,"field missing"},
+{ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
+{ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
+{ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
+{ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
+{ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
+{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
+{ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
+{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
+{ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
+{ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
+{ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
+{ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
+{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH   ,"invalid universalstring length"},
+{ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
+{ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
+{ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_MISSING_EOC                      ,"missing eoc"},
+{ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
+{ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
+{ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
+{ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
+{ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
+{ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
+{ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
+{ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
+{ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
+{ASN1_R_SHORT_LINE                       ,"short line"},
+{ASN1_R_STRING_TOO_LONG                  ,"string too long"},
+{ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
+{ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
+{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
+{ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
+{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
+{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
+{ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
+{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
+{ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
+{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
+{ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
+{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
+{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
+{ASN1_R_WRONG_TAG                        ,"wrong tag"},
+{ASN1_R_WRONG_TYPE                       ,"wrong type"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_ASN1_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
+                ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
new file mode 100644
index 0000000000..97b9b35f4b
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -0,0 +1,433 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
+static void asn1_put_length(unsigned char **pp, int length);
+const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+        {
+        /* If there is 0 or 1 byte left, the length check should pick
+         * things up */
+        if (len <= 0)
+                return(1);
+        else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
+                {
+                (*p)+=2;
+                return(1);
+                }
+        return(0);
+        }
+
+
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
+             long omax)
+        {
+        int i,ret;
+        long l;
+        unsigned char *p= *pp;
+        int tag,xclass,inf;
+        long max=omax;
+
+        if (!max) goto err;
+        ret=(*p&V_ASN1_CONSTRUCTED);
+        xclass=(*p&V_ASN1_PRIVATE);
+        i= *p&V_ASN1_PRIMITIVE_TAG;
+        if (i == V_ASN1_PRIMITIVE_TAG)
+                {               /* high-tag */
+                p++;
+                if (--max == 0) goto err;
+                l=0;
+                while (*p&0x80)
+                        {
+                        l<<=7L;
+                        l|= *(p++)&0x7f;
+                        if (--max == 0) goto err;
+                        if (l > (INT_MAX >> 7L)) goto err;
+                        }
+                l<<=7L;
+                l|= *(p++)&0x7f;
+                tag=(int)l;
+                if (--max == 0) goto err;
+                }
+        else
+                { 
+                tag=i;
+                p++;
+                if (--max == 0) goto err;
+                }
+        *ptag=tag;
+        *pclass=xclass;
+        if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+
+#if 0
+        fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
+                (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
+                (int)(omax+ *pp));
+
+#endif
+        if (*plength > (omax - (p - *pp)))
+                {
+                ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+                /* Set this so that even if things are not long enough
+                 * the values are set correctly */
+                ret|=0x80;
+                }
+        *pp=p;
+        return(ret|inf);
+err:
+        ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
+        return(0x80);
+        }
+
+static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
+        {
+        unsigned char *p= *pp;
+        unsigned long ret=0;
+        int i;
+
+        if (max-- < 1) return(0);
+        if (*p == 0x80)
+                {
+                *inf=1;
+                ret=0;
+                p++;
+                }
+        else
+                {
+                *inf=0;
+                i= *p&0x7f;
+                if (*(p++) & 0x80)
+                        {
+                        if (i > sizeof(long))
+                                return 0;
+                        if (max-- == 0) return(0);
+                        while (i-- > 0)
+                                {
+                                ret<<=8L;
+                                ret|= *(p++);
+                                if (max-- == 0) return(0);
+                                }
+                        }
+                else
+                        ret=i;
+                }
+        if (ret > LONG_MAX)
+                return 0;
+        *pp=p;
+        *rl=(long)ret;
+        return(1);
+        }
+
+/* class 0 is constructed
+ * constructed == 2 for indefinite length constructed */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+             int xclass)
+        {
+        unsigned char *p= *pp;
+        int i, ttag;
+
+        i=(constructed)?V_ASN1_CONSTRUCTED:0;
+        i|=(xclass&V_ASN1_PRIVATE);
+        if (tag < 31)
+                *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
+        else
+                {
+                *(p++)=i|V_ASN1_PRIMITIVE_TAG;
+                for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
+                ttag = i;
+                while(i-- > 0)
+                        {
+                        p[i] = tag & 0x7f;
+                        if(i != (ttag - 1)) p[i] |= 0x80;
+                        tag >>= 7;
+                        }
+                p += ttag;
+                }
+        if ((constructed == 2) && (length == 0))
+                *(p++)=0x80; /* der_put_length would output 0 instead */
+        else
+                asn1_put_length(&p,length);
+        *pp=p;
+        }
+
+static void asn1_put_length(unsigned char **pp, int length)
+        {
+        unsigned char *p= *pp;
+        int i,l;
+        if (length <= 127)
+                *(p++)=(unsigned char)length;
+        else
+                {
+                l=length;
+                for (i=0; l > 0; i++)
+                        l>>=8;
+                *(p++)=i|0x80;
+                l=i;
+                while (i-- > 0)
+                        {
+                        p[i]=length&0xff;
+                        length>>=8;
+                        }
+                p+=l;
+                }
+        *pp=p;
+        }
+
+int ASN1_object_size(int constructed, int length, int tag)
+        {
+        int ret;
+
+        ret=length;
+        ret++;
+        if (tag >= 31)
+                {
+                while (tag > 0)
+                        {
+                        tag>>=7;
+                        ret++;
+                        }
+                }
+        if ((length == 0) && (constructed == 2))
+                ret+=2;
+        ret++;
+        if (length > 127)
+                {
+                while (length > 0)
+                        {
+                        length>>=8;
+                        ret++;
+                        }
+                }
+        return(ret);
+        }
+
+int asn1_Finish(ASN1_CTX *c)
+        {
+        if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
+                {
+                if (!ASN1_check_infinite_end(&c->p,c->slen))
+                        {
+                        c->error=ERR_R_MISSING_ASN1_EOS;
+                        return(0);
+                        }
+                }
+        if (    ((c->slen != 0) && !(c->inf & 1)) ||
+                ((c->slen < 0) && (c->inf & 1)))
+                {
+                c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+                return(0);
+                }
+        return(1);
+        }
+
+int asn1_GetSequence(ASN1_CTX *c, long *length)
+        {
+        unsigned char *q;
+
+        q=c->p;
+        c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
+                *length);
+        if (c->inf & 0x80)
+                {
+                c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
+                return(0);
+                }
+        if (c->tag != V_ASN1_SEQUENCE)
+                {
+                c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
+                return(0);
+                }
+        (*length)-=(c->p-q);
+        if (c->max && (*length < 0))
+                {
+                c->error=ERR_R_ASN1_LENGTH_MISMATCH;
+                return(0);
+                }
+        if (c->inf == (1|V_ASN1_CONSTRUCTED))
+                c->slen= *length+ *(c->pp)-c->p;
+        c->eos=0;
+        return(1);
+        }
+
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+        {
+        ASN1_STRING *ret;
+
+        if (str == NULL) return(NULL);
+        if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
+                return(NULL);
+        if (!ASN1_STRING_set(ret,str->data,str->length))
+                {
+                ASN1_STRING_free(ret);
+                return(NULL);
+                }
+        ret->flags = str->flags;
+        return(ret);
+        }
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+        {
+        unsigned char *c;
+        const char *data=_data;
+
+        if (len < 0)
+                {
+                if (data == NULL)
+                        return(0);
+                else
+                        len=strlen(data);
+                }
+        if ((str->length < len) || (str->data == NULL))
+                {
+                c=str->data;
+                if (c == NULL)
+                        str->data=OPENSSL_malloc(len+1);
+                else
+                        str->data=OPENSSL_realloc(c,len+1);
+
+                if (str->data == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
+                        str->data=c;
+                        return(0);
+                        }
+                }
+        str->length=len;
+        if (data != NULL)
+                {
+                memcpy(str->data,data,len);
+                /* an allowance for strings :-) */
+                str->data[len]='\0';
+                }
+        return(1);
+        }
+
+ASN1_STRING *ASN1_STRING_new(void)
+        {
+        return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+        }
+
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+        {
+        ASN1_STRING *ret;
+
+        ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->type=type;
+        ret->data=NULL;
+        ret->flags=0;
+        return(ret);
+        }
+
+void ASN1_STRING_free(ASN1_STRING *a)
+        {
+        if (a == NULL) return;
+        if (a->data != NULL) OPENSSL_free(a->data);
+        OPENSSL_free(a);
+        }
+
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+        {
+        int i;
+
+        i=(a->length-b->length);
+        if (i == 0)
+                {
+                i=memcmp(a->data,b->data,a->length);
+                if (i == 0)
+                        return(a->type-b->type);
+                else
+                        return(i);
+                }
+        else
+                return(i);
+        }
+
+void asn1_add_error(unsigned char *address, int offset)
+        {
+        char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+
+        BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
+        BIO_snprintf(buf2,sizeof buf2,"%d",offset);
+        ERR_add_error_data(4,"address=",buf1," offset=",buf2);
+        }
+
+int ASN1_STRING_length(ASN1_STRING *x)
+{ return M_ASN1_STRING_length(x); }
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{ M_ASN1_STRING_length_set(x, len); return; }
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{ return M_ASN1_STRING_type(x); }
+
+unsigned char * ASN1_STRING_data(ASN1_STRING *x)
+{ return M_ASN1_STRING_data(x); }
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
new file mode 100644
index 0000000000..a48649ceeb
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_mac.h
@@ -0,0 +1,560 @@
+/* crypto/asn1/asn1_mac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_MAC_H
+#define HEADER_ASN1_MAC_H
+
+#include <openssl/asn1.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifndef ASN1_MAC_ERR_LIB
+#define ASN1_MAC_ERR_LIB        ERR_LIB_ASN1
+#endif 
+
+#define ASN1_MAC_H_err(f,r,line) \
+        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+
+#define M_ASN1_D2I_vars(a,type,func) \
+        ASN1_CTX c; \
+        type ret=NULL; \
+        \
+        c.pp=(unsigned char **)pp; \
+        c.q= *(unsigned char **)pp; \
+        c.error=ERR_R_NESTED_ASN1_ERROR; \
+        if ((a == NULL) || ((*a) == NULL)) \
+                { if ((ret=(type)func()) == NULL) \
+                        { c.line=__LINE__; goto err; } } \
+        else    ret=(*a);
+
+#define M_ASN1_D2I_Init() \
+        c.p= *(unsigned char **)pp; \
+        c.max=(length == 0)?0:(c.p+length);
+
+#define M_ASN1_D2I_Finish_2(a) \
+        if (!asn1_Finish(&c)) \
+                { c.line=__LINE__; goto err; } \
+        *(unsigned char **)pp=c.p; \
+        if (a != NULL) (*a)=ret; \
+        return(ret);
+
+#define M_ASN1_D2I_Finish(a,func,e) \
+        M_ASN1_D2I_Finish_2(a); \
+err:\
+        ASN1_MAC_H_err((e),c.error,c.line); \
+        asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+        return(NULL)
+
+#define M_ASN1_D2I_start_sequence() \
+        if (!asn1_GetSequence(&c,&length)) \
+                { c.line=__LINE__; goto err; }
+/* Begin reading ASN1 without a surrounding sequence */
+#define M_ASN1_D2I_begin() \
+        c.slen = length;
+
+/* End reading ASN1 with no check on length */
+#define M_ASN1_D2I_Finish_nolen(a, func, e) \
+        *pp=c.p; \
+        if (a != NULL) (*a)=ret; \
+        return(ret); \
+err:\
+        ASN1_MAC_H_err((e),c.error,c.line); \
+        asn1_add_error(*pp,(int)(c.q- *pp)); \
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+        return(NULL)
+
+#define M_ASN1_D2I_end_sequence() \
+        (((c.inf&1) == 0)?(c.slen <= 0): \
+                (c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+#define M_ASN1_D2I_get(b,func) \
+        c.q=c.p; \
+        if (func(&(b),&c.p,c.slen) == NULL) \
+                {c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+/* use this instead () */
+#define M_ASN1_D2I_get_int(b,func) \
+        c.q=c.p; \
+        if (func(&(b),&c.p,c.slen) < 0) \
+                {c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_opt(b,func,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+                == (V_ASN1_UNIVERSAL|(type)))) \
+                { \
+                M_ASN1_D2I_get(b,func); \
+                }
+
+#define M_ASN1_D2I_get_imp(b,func, type) \
+        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
+        c.q=c.p; \
+        if (func(&(b),&c.p,c.slen) == NULL) \
+                {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+        c.slen-=(c.p-c.q);\
+        M_ASN1_next_prev=_tmp;
+
+#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
+        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
+                (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
+                { \
+                unsigned char _tmp = M_ASN1_next; \
+                M_ASN1_D2I_get_imp(b,func, type);\
+                }
+
+#define M_ASN1_D2I_get_set(r,func,free_func) \
+                M_ASN1_D2I_get_imp_set(r,func,free_func, \
+                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+                { M_ASN1_D2I_get_set(r,func,free_func); }
+
+#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+                { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
+#define M_ASN1_I2D_len_SET_opt(a,f) \
+        if ((a != NULL) && (sk_num(a) != 0)) \
+                M_ASN1_I2D_len_SET(a,f);
+
+#define M_ASN1_I2D_put_SET_opt(a,f) \
+        if ((a != NULL) && (sk_num(a) != 0)) \
+                M_ASN1_I2D_put_SET(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+        if ((a != NULL) && (sk_num(a) != 0)) \
+                M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
+        if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
+        if ((c.slen != 0) && \
+                (M_ASN1_next == \
+                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+                { \
+                M_ASN1_D2I_get_imp_set(b,func,free_func,\
+                        tag,V_ASN1_CONTEXT_SPECIFIC); \
+                }
+
+#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
+        if ((c.slen != 0) && \
+                (M_ASN1_next == \
+                (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+                { \
+                M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
+                        tag,V_ASN1_CONTEXT_SPECIFIC); \
+                }
+
+#define M_ASN1_D2I_get_seq(r,func,free_func) \
+                M_ASN1_D2I_get_imp_set(r,func,free_func,\
+                        V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
+                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+                                            V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+                { M_ASN1_D2I_get_seq(r,func,free_func); }
+
+#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
+        if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+                V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+                { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
+
+#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
+                M_ASN1_D2I_get_imp_set(r,func,free_func,\
+                        x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
+                M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+                        x,V_ASN1_CONTEXT_SPECIFIC);
+
+#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
+                (void (*)())free_func,a,b) == NULL) \
+                { c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
+                                   free_func,a,b) == NULL) \
+                { c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
+        c.q=c.p; \
+        if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
+                { c.line=__LINE__; goto err; } \
+        c.slen-=(c.p-c.q);
+
+#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
+        if ((c.slen != 0L) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+                        c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+                                        Tlen = c.slen - (c.p - c.q) - 2; \
+                if (func(&(r),&c.p,Tlen) == NULL) \
+                        { c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+                        Tlen = c.slen - (c.p - c.q); \
+                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+                                { c.error=ERR_R_MISSING_ASN1_EOS; \
+                                c.line=__LINE__; goto err; } \
+                }\
+                c.slen-=(c.p-c.q); \
+                }
+
+#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
+        if ((c.slen != 0) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+                        c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+                                        Tlen = c.slen - (c.p - c.q) - 2; \
+                if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+                        (void (*)())free_func, \
+                        b,V_ASN1_UNIVERSAL) == NULL) \
+                        { c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+                        Tlen = c.slen - (c.p - c.q); \
+                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+                                { c.error=ERR_R_MISSING_ASN1_EOS; \
+                                c.line=__LINE__; goto err; } \
+                }\
+                c.slen-=(c.p-c.q); \
+                }
+
+#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
+        if ((c.slen != 0) && (M_ASN1_next == \
+                (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+                { \
+                int Tinf,Ttag,Tclass; \
+                long Tlen; \
+                \
+                c.q=c.p; \
+                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+                if (Tinf & 0x80) \
+                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+                        c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+                                        Tlen = c.slen - (c.p - c.q) - 2; \
+                if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
+                        free_func,b,V_ASN1_UNIVERSAL) == NULL) \
+                        { c.line=__LINE__; goto err; } \
+                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+                        Tlen = c.slen - (c.p - c.q); \
+                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+                                { c.error=ERR_R_MISSING_ASN1_EOS; \
+                                c.line=__LINE__; goto err; } \
+                }\
+                c.slen-=(c.p-c.q); \
+                }
+
+/* New macros */
+#define M_ASN1_New_Malloc(ret,type) \
+        if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
+                { c.line=__LINE__; goto err2; }
+
+#define M_ASN1_New(arg,func) \
+        if (((arg)=func()) == NULL) return(NULL)
+
+#define M_ASN1_New_Error(a) \
+/*      err:    ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+                return(NULL);*/ \
+        err2:   ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
+                return(NULL)
+
+
+#define M_ASN1_next             (*c.p)
+#define M_ASN1_next_prev        (*c.q)
+
+/*************************************************/
+
+#define M_ASN1_I2D_vars(a)      int r=0,ret=0; \
+                                unsigned char *p; \
+                                if (a == NULL) return(0)
+
+/* Length Macros */
+#define M_ASN1_I2D_len(a,f)     ret+=f(a,NULL)
+#define M_ASN1_I2D_len_IMP_opt(a,f)     if (a != NULL) M_ASN1_I2D_len(a,f)
+
+#define M_ASN1_I2D_len_SET(a,f) \
+                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SET_type(type,a,f) \
+                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+                                            V_ASN1_UNIVERSAL,IS_SET);
+
+#define M_ASN1_I2D_len_SEQUENCE(a,f) \
+                ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+                                  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
+                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
+                                            V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        M_ASN1_I2D_len_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
+#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
+                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
+                ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+                                            V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                          IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+                                               V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
+                ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                          IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+                                                    V_ASN1_CONTEXT_SPECIFIC, \
+                                                    IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
+                if (a != NULL)\
+                        { \
+                        v=f(a,NULL); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0))\
+                        { \
+                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0))\
+                        { \
+                        v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
+                                       IS_SEQUENCE); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0))\
+                        { \
+                        v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+                                                 V_ASN1_UNIVERSAL, \
+                                                 IS_SEQUENCE); \
+                        ret+=ASN1_object_size(1,v,mtag); \
+                        }
+
+/* Put Macros */
+#define M_ASN1_I2D_put(a,f)     f(a,&p)
+
+#define M_ASN1_I2D_put_IMP_opt(a,f,t)   \
+                if (a != NULL) \
+                        { \
+                        unsigned char *q=p; \
+                        f(a,&p); \
+                        *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
+                        }
+
+#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
+                        V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_SET_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+                        V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+                        V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+                                             V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+                            IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                       IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+                                                 V_ASN1_CONTEXT_SPECIFIC, \
+                                                 IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+                                       IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+                                                 V_ASN1_CONTEXT_SPECIFIC, \
+                                                 IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
+                if (a != NULL) \
+                        { \
+                        ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
+                        f(a,&p); \
+                        }
+
+#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { \
+                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+                        }
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_num(a) != 0)) \
+                        { \
+                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                        i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
+                        }
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+                if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+                        { \
+                        ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+                        i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+                                               IS_SEQUENCE); \
+                        }
+
+#define M_ASN1_I2D_seq_total() \
+                r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
+                if (pp == NULL) return(r); \
+                p= *pp; \
+                ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
+                *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
+                *(p++)=0x80
+
+#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
+
+#define M_ASN1_I2D_finish()     *pp=p; \
+                                return(r);
+
+int asn1_GetSequence(ASN1_CTX *c, long *length);
+void asn1_add_error(unsigned char *address,int offset);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
new file mode 100644
index 0000000000..676d434f03
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -0,0 +1,418 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
+        int indent);
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
+        int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+             int indent)
+        {
+        static const char fmt[]="%-18s";
+        static const char fmt2[]="%2d %-15s";
+        char str[128];
+        const char *p,*p2=NULL;
+
+        if (constructed & V_ASN1_CONSTRUCTED)
+                p="cons: ";
+        else
+                p="prim: ";
+        if (BIO_write(bp,p,6) < 6) goto err;
+        BIO_indent(bp,indent,128);
+
+        p=str;
+        if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+                BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
+        else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+                BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
+        else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+                BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
+        else p = ASN1_tag2str(tag);
+
+        if (p2 != NULL)
+                {
+                if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
+                }
+        else
+                {
+                if (BIO_printf(bp,fmt,p) <= 0) goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+
+int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
+        {
+        return(asn1_parse2(bp,&pp,len,0,0,indent,0));
+        }
+
+int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
+        {
+        return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
+        }
+
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
+             int depth, int indent, int dump)
+        {
+        unsigned char *p,*ep,*tot,*op,*opp;
+        long len;
+        int tag,xclass,ret=0;
+        int nl,hl,j,r;
+        ASN1_OBJECT *o=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        /* ASN1_BMPSTRING *bmp=NULL;*/
+        int dump_indent;
+
+#if 0
+        dump_indent = indent;
+#else
+        dump_indent = 6;        /* Because we know BIO_dump_indent() */
+#endif
+        p= *pp;
+        tot=p+length;
+        op=p-1;
+        while ((p < tot) && (op < p))
+                {
+                op=p;
+                j=ASN1_get_object(&p,&len,&tag,&xclass,length);
+#ifdef LINT
+                j=j;
+#endif
+                if (j & 0x80)
+                        {
+                        if (BIO_write(bp,"Error in encoding\n",18) <= 0)
+                                goto end;
+                        ret=0;
+                        goto end;
+                        }
+                hl=(p-op);
+                length-=hl;
+                /* if j == 0x21 it is a constructed indefinite length object */
+                if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
+                        <= 0) goto end;
+
+                if (j != (V_ASN1_CONSTRUCTED | 1))
+                        {
+                        if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
+                                depth,(long)hl,len) <= 0)
+                                goto end;
+                        }
+                else
+                        {
+                        if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
+                                depth,(long)hl) <= 0)
+                                goto end;
+                        }
+                if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
+                        goto end;
+                if (j & V_ASN1_CONSTRUCTED)
+                        {
+                        ep=p+len;
+                        if (BIO_write(bp,"\n",1) <= 0) goto end;
+                        if (len > length)
+                                {
+                                BIO_printf(bp,
+                                        "length is greater than %ld\n",length);
+                                ret=0;
+                                goto end;
+                                }
+                        if ((j == 0x21) && (len == 0))
+                                {
+                                for (;;)
+                                        {
+                                        r=asn1_parse2(bp,&p,(long)(tot-p),
+                                                offset+(p - *pp),depth+1,
+                                                indent,dump);
+                                        if (r == 0) { ret=0; goto end; }
+                                        if ((r == 2) || (p >= tot)) break;
+                                        }
+                                }
+                        else
+                                while (p < ep)
+                                        {
+                                        r=asn1_parse2(bp,&p,(long)len,
+                                                offset+(p - *pp),depth+1,
+                                                indent,dump);
+                                        if (r == 0) { ret=0; goto end; }
+                                        }
+                        }
+                else if (xclass != 0)
+                        {
+                        p+=len;
+                        if (BIO_write(bp,"\n",1) <= 0) goto end;
+                        }
+                else
+                        {
+                        nl=0;
+                        if (    (tag == V_ASN1_PRINTABLESTRING) ||
+                                (tag == V_ASN1_T61STRING) ||
+                                (tag == V_ASN1_IA5STRING) ||
+                                (tag == V_ASN1_VISIBLESTRING) ||
+                                (tag == V_ASN1_UTCTIME) ||
+                                (tag == V_ASN1_GENERALIZEDTIME))
+                                {
+                                if (BIO_write(bp,":",1) <= 0) goto end;
+                                if ((len > 0) &&
+                                        BIO_write(bp,(char *)p,(int)len)
+                                        != (int)len)
+                                        goto end;
+                                }
+                        else if (tag == V_ASN1_OBJECT)
+                                {
+                                opp=op;
+                                if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        i2a_ASN1_OBJECT(bp,o);
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,":BAD OBJECT",11) <= 0)
+                                                goto end;
+                                        }
+                                }
+                        else if (tag == V_ASN1_BOOLEAN)
+                                {
+                                int ii;
+
+                                opp=op;
+                                ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
+                                if (ii < 0)
+                                        {
+                                        if (BIO_write(bp,"Bad boolean\n",12))
+                                                goto end;
+                                        }
+                                BIO_printf(bp,":%d",ii);
+                                }
+                        else if (tag == V_ASN1_BMPSTRING)
+                                {
+                                /* do the BMP thang */
+                                }
+                        else if (tag == V_ASN1_OCTET_STRING)
+                                {
+                                int i,printable=1;
+
+                                opp=op;
+                                os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
+                                if (os != NULL)
+                                        {
+                                        opp=os->data;
+                                        for (i=0; i<os->length; i++)
+                                                {
+                                                if ((   (opp[i] < ' ') &&
+                                                        (opp[i] != '\n') &&
+                                                        (opp[i] != '\r') &&
+                                                        (opp[i] != '\t')) ||
+                                                        (opp[i] > '~'))
+                                                        {
+                                                        printable=0;
+                                                        break;
+                                                        }
+                                                }
+                                        if (printable && (os->length > 0))
+                                                {
+                                                if (BIO_write(bp,":",1) <= 0)
+                                                        goto end;
+                                                if (BIO_write(bp,(char *)opp,
+                                                        os->length) <= 0)
+                                                        goto end;
+                                                }
+                                        if (!printable && (os->length > 0)
+                                                && dump)
+                                                {
+                                                if (!nl) 
+                                                        {
+                                                        if (BIO_write(bp,"\n",1) <= 0)
+                                                                goto end;
+                                                        }
+                                                if (BIO_dump_indent(bp,(char *)opp,
+                                                        ((dump == -1 || dump > os->length)?os->length:dump),
+                                                        dump_indent) <= 0)
+                                                        goto end;
+                                                nl=1;
+                                                }
+                                        M_ASN1_OCTET_STRING_free(os);
+                                        os=NULL;
+                                        }
+                                }
+                        else if (tag == V_ASN1_INTEGER)
+                                {
+                                ASN1_INTEGER *bs;
+                                int i;
+
+                                opp=op;
+                                bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
+                                if (bs != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        if (bs->type == V_ASN1_NEG_INTEGER)
+                                                if (BIO_write(bp,"-",1) <= 0)
+                                                        goto end;
+                                        for (i=0; i<bs->length; i++)
+                                                {
+                                                if (BIO_printf(bp,"%02X",
+                                                        bs->data[i]) <= 0)
+                                                        goto end;
+                                                }
+                                        if (bs->length == 0)
+                                                {
+                                                if (BIO_write(bp,"00",2) <= 0)
+                                                        goto end;
+                                                }
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,"BAD INTEGER",11) <= 0)
+                                                goto end;
+                                        }
+                                M_ASN1_INTEGER_free(bs);
+                                }
+                        else if (tag == V_ASN1_ENUMERATED)
+                                {
+                                ASN1_ENUMERATED *bs;
+                                int i;
+
+                                opp=op;
+                                bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
+                                if (bs != NULL)
+                                        {
+                                        if (BIO_write(bp,":",1) <= 0) goto end;
+                                        if (bs->type == V_ASN1_NEG_ENUMERATED)
+                                                if (BIO_write(bp,"-",1) <= 0)
+                                                        goto end;
+                                        for (i=0; i<bs->length; i++)
+                                                {
+                                                if (BIO_printf(bp,"%02X",
+                                                        bs->data[i]) <= 0)
+                                                        goto end;
+                                                }
+                                        if (bs->length == 0)
+                                                {
+                                                if (BIO_write(bp,"00",2) <= 0)
+                                                        goto end;
+                                                }
+                                        }
+                                else
+                                        {
+                                        if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
+                                                goto end;
+                                        }
+                                M_ASN1_ENUMERATED_free(bs);
+                                }
+                        else if (len > 0 && dump)
+                                {
+                                if (!nl) 
+                                        {
+                                        if (BIO_write(bp,"\n",1) <= 0)
+                                                goto end;
+                                        }
+                                if (BIO_dump_indent(bp,(char *)p,
+                                        ((dump == -1 || dump > len)?len:dump),
+                                        dump_indent) <= 0)
+                                        goto end;
+                                nl=1;
+                                }
+
+                        if (!nl) 
+                                {
+                                if (BIO_write(bp,"\n",1) <= 0) goto end;
+                                }
+                        p+=len;
+                        if ((tag == V_ASN1_EOC) && (xclass == 0))
+                                {
+                                ret=2; /* End of sequence */
+                                goto end;
+                                }
+                        }
+                length-=len;
+                }
+        ret=1;
+end:
+        if (o != NULL) ASN1_OBJECT_free(o);
+        if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+        *pp=p;
+        return(ret);
+        }
+
+const char *ASN1_tag2str(int tag)
+{
+        const static char *tag2str[] = {
+         "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
+         "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
+         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
+        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",                /* 15-17 */
+        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",            /* 18-20 */
+        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
+        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",          /* 25-27 */
+        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"                 /* 28-30 */
+        };
+
+        if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+                                                        tag &= ~0x100;
+
+        if(tag < 0 || tag > 30) return "(unknown)";
+        return tag2str[tag];
+}
+
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
new file mode 100644
index 0000000000..ed372f8554
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1t.h
@@ -0,0 +1,846 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+#define HEADER_ASN1T_H
+
+#include <stddef.h>
+#include <openssl/e_os2.h>
+#include <openssl/asn1.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+        OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+                };
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM * itname##_it(void) \
+        { \
+                static const ASN1_ITEM local_it = { \
+
+#define ASN1_ITEM_end(itname) \
+                }; \
+        return &local_it; \
+        }
+
+#endif
+
+
+/* Macros to aid ASN1 template writing */
+
+#define ASN1_ITEM_TEMPLATE(tname) \
+        const static ASN1_TEMPLATE tname##_item_tt 
+
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+
+/* This is a ASN1 type which just embeds a template */
+ 
+/* This pair helps declare a SEQUENCE. We can do:
+ *
+ *      ASN1_SEQUENCE(stname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END(stname)
+ *
+ *      This will produce an ASN1_ITEM called stname_it
+ *      for a structure called stname.
+ *
+ *      If you want the same structure but a different
+ *      name then use:
+ *
+ *      ASN1_SEQUENCE(itname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *      This will create an item called itname_it using
+ *      a structure called stname.
+ */
+
+#define ASN1_SEQUENCE(tname) \
+        const static ASN1_TEMPLATE tname##_seq_tt[] 
+
+#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+#define ASN1_SEQUENCE_cb(tname, cb) \
+        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE(tname) \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_ref(tname, cb, lck) \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+
+/* This pair helps declare a CHOICE type. We can do:
+ *
+ *      ASN1_CHOICE(chname) = {
+ *              ... CHOICE options ...
+ *      ASN1_CHOICE_END(chname)
+ *
+ *      This will produce an ASN1_ITEM called chname_it
+ *      for a structure called chname. The structure
+ *      definition must look like this:
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ *      
+ *      the name of the selector must be 'type'.
+ *      to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+#define ASN1_CHOICE(tname) \
+        const static ASN1_TEMPLATE tname##_ch_tt[] 
+
+#define ASN1_CHOICE_cb(tname, cb) \
+        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_CHOICE(tname)
+
+#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+        (flags), (tag), 0,\
+        #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+        (flags), (tag), offsetof(stname, field),\
+        #field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+#define ASN1_EX_COMBINE(flags, tag, type) { \
+        (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+#define ASN1_IMP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+#define ASN1_EXP_EX(stname, field, type, tag, ex) \
+                ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
+/* Plain simple type */
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+#define ASN1_SEQUENCE_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+#define ASN1_SET_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+#define ASN1_SET_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+#define ASN1_IMP_SET_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_EXP_SET_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* Macros for the ASN1_ADB structure */
+
+#define ASN1_ADB(name) \
+        const static ASN1_ADB_TABLE name##_adbtbl[] 
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+        ;\
+        const static ASN1_ADB name##_adb = {\
+                flags,\
+                offsetof(name, field),\
+                app_table,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+        }
+
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+        ;\
+        const static ASN1_ITEM *name##_adb(void) \
+        { \
+        const static ASN1_ADB internal_adb = \
+                {\
+                flags,\
+                offsetof(name, field),\
+                app_table,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+                }; \
+                return (const ASN1_ITEM *) &internal_adb; \
+        } \
+        void dummy_function(void)
+
+#endif
+
+#define ADB_ENTRY(val, template) {val, template}
+
+#define ASN1_ADB_TEMPLATE(name) \
+        const static ASN1_TEMPLATE name##_tt 
+
+/* This is the ASN1 template structure that defines
+ * a wrapper round the actual type. It determines the
+ * actual position of the field in the value structure,
+ * various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+unsigned long flags;            /* Various flags */
+long tag;                       /* tag, not used if no tagging */
+unsigned long offset;           /* Offset of this field in structure */
+#ifndef NO_ASN1_FIELD_NAMES
+char *field_name;               /* Field name */
+#endif
+ASN1_ITEM_EXP *item;            /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+        unsigned long flags;    /* Various flags */
+        unsigned long offset;   /* Offset of selector field */
+        STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+        const ASN1_ADB_TABLE *tbl;      /* Table of possible types */
+        long tblcount;          /* Number of entries in tbl */
+        const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
+        const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+        long value;             /* NID for an object or value for an int */
+        const ASN1_TEMPLATE tt;         /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+#define ASN1_TFLG_OPTIONAL      (0x1)
+
+/* Field is a SET OF */
+#define ASN1_TFLG_SET_OF        (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+#define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
+
+/* Special case: this refers to a SET OF that
+ * will be sorted into DER order when encoded *and*
+ * the corresponding STACK will be modified to match
+ * the new order.
+ */
+#define ASN1_TFLG_SET_ORDER     (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+#define ASN1_TFLG_SK_MASK       (0x3 << 1)
+
+/* These flags mean the tag should be taken from the
+ * tag field. If EXPLICIT then the underlying type
+ * is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+#define ASN1_TFLG_IMPTAG        (0x1 << 3)
+
+
+/* EXPLICIT tagging, inner tag from underlying type */
+#define ASN1_TFLG_EXPTAG        (0x2 << 3)
+
+#define ASN1_TFLG_TAG_MASK      (0x3 << 3)
+
+/* context specific IMPLICIT */
+#define ASN1_TFLG_IMPLICIT      ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+#define ASN1_TFLG_EXPLICIT      ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/* If tagging is in force these determine the
+ * type of tag to use. Otherwise the tag is
+ * determined by the underlying type. These 
+ * values reflect the actual octet format.
+ */
+
+/* Universal tag */ 
+#define ASN1_TFLG_UNIVERSAL     (0x0<<6)
+/* Application tag */ 
+#define ASN1_TFLG_APPLICATION   (0x1<<6)
+/* Context specific tag */ 
+#define ASN1_TFLG_CONTEXT       (0x2<<6)
+/* Private tag */ 
+#define ASN1_TFLG_PRIVATE       (0x3<<6)
+
+#define ASN1_TFLG_TAG_CLASS     (0x3<<6)
+
+/* These are for ANY DEFINED BY type. In this case
+ * the 'item' field points to an ASN1_ADB structure
+ * which contains a table of values to decode the
+ * relevant type
+ */
+
+#define ASN1_TFLG_ADB_MASK      (0x3<<8)
+
+#define ASN1_TFLG_ADB_OID       (0x1<<8)
+
+#define ASN1_TFLG_ADB_INT       (0x1<<9)
+
+/* This flag means a parent structure is passed
+ * instead of the field: this is useful is a
+ * SEQUENCE is being combined with a CHOICE for
+ * example. Since this means the structure and
+ * item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+#define ASN1_TFLG_COMBINE       (0x1<<10)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+char itype;                     /* The item type, primitive, SEQUENCE, CHOICE or extern */
+long utype;                     /* underlying type */
+const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
+long tcount;                    /* Number of templates if SEQUENCE or CHOICE */
+const void *funcs;              /* functions that handle this type */
+long size;                      /* Structure size (usually)*/
+#ifndef NO_ASN1_FIELD_NAMES
+const char *sname;              /* Structure name */
+#endif
+};
+
+/* These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single 
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions. 
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ */
+
+#define ASN1_ITYPE_PRIMITIVE    0x0
+
+#define ASN1_ITYPE_SEQUENCE     0x1
+
+#define ASN1_ITYPE_CHOICE       0x2
+
+#define ASN1_ITYPE_COMPAT       0x3
+
+#define ASN1_ITYPE_EXTERN       0x4
+
+#define ASN1_ITYPE_MSTRING      0x5
+
+/* Cache for ASN1 tag and length, so we
+ * don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st{
+        char valid;     /* Values below are valid */
+        int ret;        /* return value */
+        long plen;      /* length */
+        int ptag;       /* class value */
+        int pclass;     /* class value */
+        int hdrlen;     /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE * ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
+typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+        ASN1_new_func *asn1_new;
+        ASN1_free_func *asn1_free;
+        ASN1_d2i_func *asn1_d2i;
+        ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+        void *app_data;
+        ASN1_ex_new_func *asn1_ex_new;
+        ASN1_ex_free_func *asn1_ex_free;
+        ASN1_ex_free_func *asn1_ex_clear;
+        ASN1_ex_d2i *asn1_ex_d2i;
+        ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+        void *app_data;
+        unsigned long flags;
+        ASN1_ex_new_func *prim_new;
+        ASN1_ex_free_func *prim_free;
+        ASN1_ex_free_func *prim_clear;
+        ASN1_primitive_c2i *prim_c2i;
+        ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/* This is the ASN1_AUX structure: it handles various
+ * miscellaneous requirements. For example the use of
+ * reference counts and an informational callback.
+ *
+ * The "informational callback" is called at various
+ * points during the ASN1 encoding and decoding. It can
+ * be used to provide minor customisation of the structures
+ * used. This is most useful where the supplied routines
+ * *almost* do the right thing but need some extra help
+ * at a few points. If the callback returns zero then
+ * it is assumed a fatal error has occurred and the 
+ * main operation should be abandoned.
+ *
+ * If major changes in the default behaviour are required
+ * then an external type is more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+        void *app_data;
+        int flags;
+        int ref_offset;         /* Offset of reference value */
+        int ref_lock;           /* Lock type to use */
+        ASN1_aux_cb *asn1_cb;
+        int enc_offset;         /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+#define ASN1_AFLG_REFCOUNT      1
+/* Save the encoding of structure (useful for signatures) */
+#define ASN1_AFLG_ENCODING      2
+/* The Sequence length is invalid */
+#define ASN1_AFLG_BROKEN        4
+
+/* operation values for asn1_cb */
+
+#define ASN1_OP_NEW_PRE         0
+#define ASN1_OP_NEW_POST        1
+#define ASN1_OP_FREE_PRE        2
+#define ASN1_OP_FREE_POST       3
+#define ASN1_OP_D2I_PRE         4
+#define ASN1_OP_D2I_POST        5
+#define ASN1_OP_I2D_PRE         6
+#define ASN1_OP_I2D_POST        7
+
+/* Macro to implement a primitive type */
+#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+        static const ASN1_COMPAT_FUNCS sname##_ff = { \
+                (ASN1_new_func *)sname##_new, \
+                (ASN1_free_func *)sname##_free, \
+                (ASN1_d2i_func *)d2i_##sname, \
+                (ASN1_i2d_func *)i2d_##sname, \
+        }; \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_COMPAT, \
+                tag, \
+                NULL, \
+                0, \
+                &sname##_ff, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_EXTERN, \
+                tag, \
+                NULL, \
+                0, \
+                &fptrs, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+        stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        } 
+
+/* This includes evil casts to remove const: they will go away when full
+ * ASN1 constification is done.
+ */
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(const stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        } 
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+        stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
new file mode 100644
index 0000000000..edb44c988f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn_moid.c
@@ -0,0 +1,100 @@
+/* asn_moid.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+        {
+        int i;
+        const char *oid_section;
+        STACK_OF(CONF_VALUE) *sktmp;
+        CONF_VALUE *oval;
+        oid_section = CONF_imodule_get_value(md);
+        if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+                {
+                ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+                return 0;
+                }
+        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+                {
+                oval = sk_CONF_VALUE_value(sktmp, i);
+                if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
+                        {
+                        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+                        return 0;
+                        }
+                }
+        return 1;
+        }
+
+static void oid_module_finish(CONF_IMODULE *md)
+        {
+        OBJ_cleanup();
+        }
+
+void ASN1_add_oid_module(void)
+        {
+        CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+        }
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
new file mode 100644
index 0000000000..e6051db2dc
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn_pack.c
@@ -0,0 +1,191 @@
+/* asn_pack.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_ASN1_OLD
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+             void (*free_func)(void *))
+{
+    STACK *sk;
+    unsigned char *pbuf;
+    pbuf =  buf;
+    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+                                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+                 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+    return sk;
+}
+
+/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+             int *len)
+{
+        int safelen;
+        unsigned char *safe, *p;
+        if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+                                              V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+                ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!(safe = OPENSSL_malloc (safelen))) {
+                ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p = safe;
+        i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+                                                                 IS_SEQUENCE);
+        if (len) *len = safelen;
+        if (buf) *buf = safe;
+        return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
+{
+        unsigned char *p;
+        char *ret;
+
+        p = oct->data;
+        if(!(ret = d2i(NULL, &p, oct->length)))
+                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+        return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
+{
+        unsigned char *p;
+        ASN1_STRING *octmp;
+
+        if (!oct || !*oct) {
+                if (!(octmp = ASN1_STRING_new ())) {
+                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                }
+                if (oct) *oct = octmp;
+        } else octmp = *oct;
+                
+        if (!(octmp->length = i2d(obj, NULL))) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!(p = OPENSSL_malloc (octmp->length))) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        octmp->data = p;
+        i2d (obj, &p);
+        return octmp;
+}
+
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+        ASN1_STRING *octmp;
+
+        if (!oct || !*oct) {
+                if (!(octmp = ASN1_STRING_new ())) {
+                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                }
+                if (oct) *oct = octmp;
+        } else octmp = *oct;
+
+        if(octmp->data) {
+                OPENSSL_free(octmp->data);
+                octmp->data = NULL;
+        }
+                
+        if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!octmp->data) {
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+        unsigned char *p;
+        void *ret;
+
+        p = oct->data;
+        if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+        return ret;
+}
diff --git a/src/lib/libcrypto/asn1/charmap.h b/src/lib/libcrypto/asn1/charmap.h
new file mode 100644
index 0000000000..bd020a9562
--- /dev/null
+++ b/src/lib/libcrypto/asn1/charmap.h
@@ -0,0 +1,15 @@
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
+};
+
diff --git a/src/lib/libcrypto/asn1/charmap.pl b/src/lib/libcrypto/asn1/charmap.pl
new file mode 100644
index 0000000000..2875c59867
--- /dev/null
+++ b/src/lib/libcrypto/asn1/charmap.pl
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl -w
+
+use strict;
+
+my ($i, @arr);
+
+# Set up an array with the type of ASCII characters
+# Each set bit represents a character property.
+
+# RFC2253 character properties
+my $RFC2253_ESC = 1;    # Character escaped with \
+my $ESC_CTRL    = 2;    # Escaped control character
+# These are used with RFC1779 quoting using "
+my $NOESC_QUOTE = 8;    # Not escaped if quoted
+my $PSTRING_CHAR = 0x10;        # Valid PrintableString character
+my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
+my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
+
+for($i = 0; $i < 128; $i++) {
+        # Set the RFC2253 escape characters (control)
+        $arr[$i] = 0;
+        if(($i < 32) || ($i > 126)) {
+                $arr[$i] |= $ESC_CTRL;
+        }
+
+        # Some PrintableString characters
+        if(                ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+                        || (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
+                        || (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
+                $arr[$i] |= $PSTRING_CHAR;
+        }
+}
+
+# Now setup the rest
+
+# Remaining RFC2253 escaped characters
+
+$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
+$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
+
+$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("\"")] |= $RFC2253_ESC;
+$arr[ord("\\")] |= $RFC2253_ESC;
+$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+
+# Remaining PrintableString characters
+
+$arr[ord(" ")] |= $PSTRING_CHAR;
+$arr[ord("'")] |= $PSTRING_CHAR;
+$arr[ord("(")] |= $PSTRING_CHAR;
+$arr[ord(")")] |= $PSTRING_CHAR;
+$arr[ord("+")] |= $PSTRING_CHAR;
+$arr[ord(",")] |= $PSTRING_CHAR;
+$arr[ord("-")] |= $PSTRING_CHAR;
+$arr[ord(".")] |= $PSTRING_CHAR;
+$arr[ord("/")] |= $PSTRING_CHAR;
+$arr[ord(":")] |= $PSTRING_CHAR;
+$arr[ord("=")] |= $PSTRING_CHAR;
+$arr[ord("?")] |= $PSTRING_CHAR;
+
+# Now generate the C code
+
+print <<EOF;
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+EOF
+
+for($i = 0; $i < 128; $i++) {
+        print("\n") if($i && (($i % 16) == 0));
+        printf("%2d", $arr[$i]);
+        print(",") if ($i != 127);
+}
+print("\n};\n\n");
+
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
new file mode 100644
index 0000000000..2e7d96af90
--- /dev/null
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -0,0 +1,145 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
+             long length)
+        {
+        EVP_PKEY *ret;
+
+        if ((a == NULL) || (*a == NULL))
+                {
+                if ((ret=EVP_PKEY_new()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
+                        return(NULL);
+                        }
+                }
+        else    ret= *a;
+
+        ret->save_type=type;
+        ret->type=EVP_PKEY_type(type);
+        switch (ret->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+                if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+                if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+        default:
+                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                /* break; */
+                }
+        if (a != NULL) (*a)=ret;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+        return(NULL);
+        }
+
+/* This works like d2i_PrivateKey() except it automatically works out the type */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
+             long length)
+{
+        STACK_OF(ASN1_TYPE) *inkey;
+        unsigned char *p;
+        int keytype;
+        p = *pp;
+        /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
+         * by analyzing it we can determine the passed structure: this
+         * assumes the input is surrounded by an ASN1 SEQUENCE.
+         */
+        inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
+                        ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        /* Since we only need to discern "traditional format" RSA and DSA
+         * keys we can just count the elements.
+         */
+        if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
+        else keytype = EVP_PKEY_RSA;
+        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+        return d2i_PrivateKey(keytype, a, pp, length);
+}
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
new file mode 100644
index 0000000000..71f2eb361b
--- /dev/null
+++ b/src/lib/libcrypto/asn1/d2i_pu.c
@@ -0,0 +1,122 @@
+/* crypto/asn1/d2i_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
+             long length)
+        {
+        EVP_PKEY *ret;
+
+        if ((a == NULL) || (*a == NULL))
+                {
+                if ((ret=EVP_PKEY_new()) == NULL)
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
+                        return(NULL);
+                        }
+                }
+        else    ret= *a;
+
+        ret->save_type=type;
+        ret->type=EVP_PKEY_type(type);
+        switch (ret->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+                if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+                if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
+                        {
+                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                break;
+#endif
+        default:
+                ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+                goto err;
+                /* break; */
+                }
+        if (a != NULL) (*a)=ret;
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
+        return(NULL);
+        }
+
diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c
new file mode 100644
index 0000000000..f92ce6cb5d
--- /dev/null
+++ b/src/lib/libcrypto/asn1/evp_asn1.c
@@ -0,0 +1,189 @@
+/* crypto/asn1/evp_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+        {
+        ASN1_STRING *os;
+
+        if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
+        if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+        ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
+        return(1);
+        }
+
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
+             int max_len)
+        {
+        int ret,num;
+        unsigned char *p;
+
+        if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
+                {
+                ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+                return(-1);
+                }
+        p=M_ASN1_STRING_data(a->value.octet_string);
+        ret=M_ASN1_STRING_length(a->value.octet_string);
+        if (ret < max_len)
+                num=ret;
+        else
+                num=max_len;
+        memcpy(data,p,num);
+        return(ret);
+        }
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+             int len)
+        {
+        int n,size;
+        ASN1_OCTET_STRING os,*osp;
+        ASN1_INTEGER in;
+        unsigned char *p;
+        unsigned char buf[32]; /* when they have 256bit longs, 
+                                * I'll be in trouble */
+        in.data=buf;
+        in.length=32;
+        os.data=data;
+        os.type=V_ASN1_OCTET_STRING;
+        os.length=len;
+        ASN1_INTEGER_set(&in,num);
+        n =  i2d_ASN1_INTEGER(&in,NULL);
+        n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
+
+        size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
+
+        if ((osp=ASN1_STRING_new()) == NULL) return(0);
+        /* Grow the 'string' */
+        if (!ASN1_STRING_set(osp,NULL,size))
+                {
+                ASN1_STRING_free(osp);
+                return(0);
+                }
+
+        M_ASN1_STRING_length_set(osp, size);
+        p=M_ASN1_STRING_data(osp);
+
+        ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+          i2d_ASN1_INTEGER(&in,&p);
+        M_i2d_ASN1_OCTET_STRING(&os,&p);
+
+        ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
+        return(1);
+        }
+
+/* we return the actual length..., num may be missing, in which
+ * case, set it to zero */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+             int max_len)
+        {
+        int ret= -1,n;
+        ASN1_INTEGER *ai=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+        unsigned char *p;
+        long length;
+        ASN1_CTX c;
+
+        if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
+                {
+                goto err;
+                }
+        p=M_ASN1_STRING_data(a->value.sequence);
+        length=M_ASN1_STRING_length(a->value.sequence);
+
+        c.pp= &p;
+        c.p=p;
+        c.max=p+length;
+        c.error=ASN1_R_DATA_IS_WRONG;
+
+        M_ASN1_D2I_start_sequence();
+        c.q=c.p;
+        if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+        c.q=c.p;
+        if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
+        c.slen-=(c.p-c.q);
+        if (!M_ASN1_D2I_end_sequence()) goto err;
+
+        if (num != NULL)
+                *num=ASN1_INTEGER_get(ai);
+
+        ret=M_ASN1_STRING_length(os);
+        if (max_len > ret)
+                n=ret;
+        else
+                n=max_len;
+
+        if (data != NULL)
+                memcpy(data,M_ASN1_STRING_data(os),n);
+        if (0)
+                {
+err:
+                ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
+                }
+        if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+        if (ai != NULL) M_ASN1_INTEGER_free(ai);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/f.c b/src/lib/libcrypto/asn1/f.c
new file mode 100644
index 0000000000..82bccdfd51
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/f.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+
+main()
+        {
+        ASN1_TYPE *at;
+        char buf[512];
+        int n;
+        long l;
+
+        at=ASN1_TYPE_new();
+
+        n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8);
+        printf("%d\n",n);
+        n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8);
+        buf[8]='\0';
+        printf("%ld %d %d\n",l,n,buf[8]);
+        buf[8]='\0';
+        printf("%s\n",buf);
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        }
diff --git a/src/lib/libcrypto/asn1/f_enum.c b/src/lib/libcrypto/asn1/f_enum.c
new file mode 100644
index 0000000000..56e3cc8df2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f_enum.c
@@ -0,0 +1,207 @@
+/* crypto/asn1/f_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+/* Based on a_int.c: equivalent ENUMERATED functions */
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+        {
+        int i,n=0;
+        static const char *h="0123456789ABCDEF";
+        char buf[2];
+
+        if (a == NULL) return(0);
+
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"00",2) != 2) goto err;
+                n=2;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+
+        bs->type=V_ASN1_ENUMERATED;
+
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1) goto err_sl;
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+
+                for (j=0; j<i; j++)
+                        {
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+
+                bufp=(unsigned char *)buf;
+                if (first)
+                        {
+                        first=0;
+                        if ((bufp[0] == '0') && (buf[1] == '0'))
+                                {
+                                bufp+=2;
+                                i-=2;
+                                }
+                        }
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)OPENSSL_malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=(unsigned char *)OPENSSL_realloc(s,
+                                        (unsigned int)num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) OPENSSL_free(s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c
new file mode 100644
index 0000000000..9494e597ab
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f_int.c
@@ -0,0 +1,219 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+        {
+        int i,n=0;
+        static const char *h="0123456789ABCDEF";
+        char buf[2];
+
+        if (a == NULL) return(0);
+
+        if (a->type & V_ASN1_NEG)
+                {
+                if (BIO_write(bp, "-", 1) != 1) goto err;
+                n = 1;
+                }
+
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"00",2) != 2) goto err;
+                n += 2;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+
+        bs->type=V_ASN1_INTEGER;
+
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1) goto err_sl;
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+
+                for (j=0; j<i; j++)
+                        {
+#ifndef CHARSET_EBCDIC
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+                        /* This #ifdef is not strictly necessary, since
+                         * the characters A...F a...f 0...9 are contiguous
+                         * (yes, even in EBCDIC - but not the whole alphabet).
+                         * Nevertheless, isxdigit() is faster.
+                         */
+                        if (!isxdigit(buf[j]))
+#endif
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+
+                bufp=(unsigned char *)buf;
+                if (first)
+                        {
+                        first=0;
+                        if ((bufp[0] == '0') && (buf[1] == '0'))
+                                {
+                                bufp+=2;
+                                i-=2;
+                                }
+                        }
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)OPENSSL_malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=OPENSSL_realloc_clean(s,slen,num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) OPENSSL_free(s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/f_string.c b/src/lib/libcrypto/asn1/f_string.c
new file mode 100644
index 0000000000..968698a798
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f_string.c
@@ -0,0 +1,212 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+        {
+        int i,n=0;
+        static const char *h="0123456789ABCDEF";
+        char buf[2];
+
+        if (a == NULL) return(0);
+
+        if (a->length == 0)
+                {
+                if (BIO_write(bp,"0",1) != 1) goto err;
+                n=1;
+                }
+        else
+                {
+                for (i=0; i<a->length; i++)
+                        {
+                        if ((i != 0) && (i%35 == 0))
+                                {
+                                if (BIO_write(bp,"\\\n",2) != 2) goto err;
+                                n+=2;
+                                }
+                        buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+                        buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+                        if (BIO_write(bp,buf,2) != 2) goto err;
+                        n+=2;
+                        }
+                }
+        return(n);
+err:
+        return(-1);
+        }
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+        {
+        int ret=0;
+        int i,j,k,m,n,again,bufsize;
+        unsigned char *s=NULL,*sp;
+        unsigned char *bufp;
+        int num=0,slen=0,first=1;
+
+        bufsize=BIO_gets(bp,buf,size);
+        for (;;)
+                {
+                if (bufsize < 1)
+                        {
+                        if (first)
+                                break;
+                        else
+                                goto err_sl;
+                        }
+                first=0;
+
+                i=bufsize;
+                if (buf[i-1] == '\n') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                if (buf[i-1] == '\r') buf[--i]='\0';
+                if (i == 0) goto err_sl;
+                again=(buf[i-1] == '\\');
+
+                for (j=i-1; j>0; j--)
+                        {
+#ifndef CHARSET_EBCDIC
+                        if (!(  ((buf[j] >= '0') && (buf[j] <= '9')) ||
+                                ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                                ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+                        /* This #ifdef is not strictly necessary, since
+                         * the characters A...F a...f 0...9 are contiguous
+                         * (yes, even in EBCDIC - but not the whole alphabet).
+                         * Nevertheless, isxdigit() is faster.
+                         */
+                        if (!isxdigit(buf[j]))
+#endif
+                                {
+                                i=j;
+                                break;
+                                }
+                        }
+                buf[i]='\0';
+                /* We have now cleared all the crap off the end of the
+                 * line */
+                if (i < 2) goto err_sl;
+
+                bufp=(unsigned char *)buf;
+
+                k=0;
+                i-=again;
+                if (i%2 != 0)
+                        {
+                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
+                        goto err;
+                        }
+                i/=2;
+                if (num+i > slen)
+                        {
+                        if (s == NULL)
+                                sp=(unsigned char *)OPENSSL_malloc(
+                                        (unsigned int)num+i*2);
+                        else
+                                sp=(unsigned char *)OPENSSL_realloc(s,
+                                        (unsigned int)num+i*2);
+                        if (sp == NULL)
+                                {
+                                ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
+                                if (s != NULL) OPENSSL_free(s);
+                                goto err;
+                                }
+                        s=sp;
+                        slen=num+i*2;
+                        }
+                for (j=0; j<i; j++,k+=2)
+                        {
+                        for (n=0; n<2; n++)
+                                {
+                                m=bufp[k+n];
+                                if ((m >= '0') && (m <= '9'))
+                                        m-='0';
+                                else if ((m >= 'a') && (m <= 'f'))
+                                        m=m-'a'+10;
+                                else if ((m >= 'A') && (m <= 'F'))
+                                        m=m-'A'+10;
+                                else
+                                        {
+                                        ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
+                                        goto err;
+                                        }
+                                s[num+j]<<=4;
+                                s[num+j]|=m;
+                                }
+                        }
+                num+=i;
+                if (again)
+                        bufsize=BIO_gets(bp,buf,size);
+                else
+                        break;
+                }
+        bs->length=num;
+        bs->data=s;
+        ret=1;
+err:
+        if (0)
+                {
+err_sl:
+                ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
new file mode 100644
index 0000000000..1e951ae01d
--- /dev/null
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -0,0 +1,90 @@
+/* crypto/asn1/i2d_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+        {
+#ifndef OPENSSL_NO_RSA
+        if (a->type == EVP_PKEY_RSA)
+                {
+                return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
+                }
+        else
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (a->type == EVP_PKEY_DSA)
+                {
+                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
+                }
+#endif
+
+        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return(-1);
+        }
+
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
new file mode 100644
index 0000000000..013d19bbf4
--- /dev/null
+++ b/src/lib/libcrypto/asn1/i2d_pu.c
@@ -0,0 +1,88 @@
+/* crypto/asn1/i2d_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+        {
+        switch (a->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+                return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+                return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+#endif
+        default:
+                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                return(-1);
+                }
+        }
+
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
new file mode 100644
index 0000000000..766b51c538
--- /dev/null
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -0,0 +1,333 @@
+/* crypto/asn1/n_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_RSA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+
+#ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st
+        {
+        long version;
+        X509_ALGOR *algor;
+        ASN1_OCTET_STRING *private_key;
+        } NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st
+        {
+        ASN1_OCTET_STRING *os;
+        /* This is the same structure as DigestInfo so use it:
+         * although this isn't really anything to do with
+         * digests.
+         */
+        X509_SIG *enckey;
+        } NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+             int (*cb)(), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
+{
+        return i2d_RSA_NET(a, pp, cb, 0);
+}
+
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+        {
+        int i, j, ret = 0;
+        int rsalen, pkeylen, olen;
+        NETSCAPE_PKEY *pkey = NULL;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+        unsigned char buf[256],*zz;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        EVP_CIPHER_CTX ctx;
+
+        if (a == NULL) return(0);
+
+        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+        pkey->version = 0;
+
+        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        pkey->algor->parameter->type=V_ASN1_NULL;
+
+        rsalen = i2d_RSAPrivateKey(a, NULL);
+
+        /* Fake some octet strings just for the initial length
+         * calculation.
+         */
+
+        pkey->private_key->length=rsalen;
+
+        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
+
+        enckey->enckey->digest->length = pkeylen;
+
+        enckey->os->length = 11;        /* "private-key" */
+
+        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
+
+        if (pp == NULL)
+                {
+                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+                NETSCAPE_PKEY_free(pkey);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return olen;
+                }
+
+
+        /* Since its RC4 encrypted length is actual length */
+        if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        pkey->private_key->data = zz;
+        /* Write out private key encoding */
+        i2d_RSAPrivateKey(a,&zz);
+
+        if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        enckey->enckey->digest->data = zz;
+        i2d_NETSCAPE_PKEY(pkey,&zz);
+
+        /* Wipe the private key encoding */
+        OPENSSL_cleanse(pkey->private_key->data, rsalen);
+                
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        i=cb(buf,256,"Enter Private Key password:",1);
+        if (i != 0)
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
+                goto err;
+                }
+        i = strlen((char *)buf);
+        /* If the key is used for SGC the algorithm is modified a little. */
+        if(sgckey) {
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+        OPENSSL_cleanse(buf,256);
+
+        /* Encrypt private key in place */
+        zz = enckey->enckey->digest->data;
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
+        EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
+        EVP_EncryptFinal_ex(&ctx,zz + i,&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+
+        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
+err:
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        NETSCAPE_PKEY_free(pkey);
+        return(ret);
+        }
+
+
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
+{
+        return d2i_RSA_NET(a, pp, length, cb, 0);
+}
+
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
+        {
+        RSA *ret=NULL;
+        const unsigned char *p, *kp;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+        p = *pp;
+
+        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+        if(!enckey) {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+                return NULL;
+        }
+
+        if ((enckey->os->length != 11) || (strncmp("private-key",
+                (char *)enckey->os->data,11) != 0))
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return NULL;
+                }
+        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                goto err;
+        }
+        kp = enckey->enckey->digest->data;
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+
+        *pp = p;
+
+        err:
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        return ret;
+
+        }
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+             int (*cb)(), int sgckey)
+        {
+        NETSCAPE_PKEY *pkey=NULL;
+        RSA *ret=NULL;
+        int i,j;
+        unsigned char buf[256];
+        const unsigned char *zz;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        EVP_CIPHER_CTX ctx;
+
+        i=cb(buf,256,"Enter Private Key password:",0);
+        if (i != 0)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ);
+                goto err;
+                }
+
+        i = strlen((char *)buf);
+        if(sgckey){
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+                
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+        OPENSSL_cleanse(buf,256);
+
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
+        EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
+        EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        os->length=i+j;
+
+        zz=os->data;
+
+        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                goto err;
+                }
+                
+        zz=pkey->private_key->data;
+        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
+                {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+                goto err;
+                }
+err:
+        NETSCAPE_PKEY_free(pkey);
+        return(ret);
+        }
+
+#endif /* OPENSSL_NO_RC4 */
+
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
new file mode 100644
index 0000000000..50e2d4d07a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/nsseq.c
@@ -0,0 +1,82 @@
+/* nsseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_POST) {
+                NETSCAPE_CERT_SEQUENCE *nsseq;
+                nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+                nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+        }
+        return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
new file mode 100644
index 0000000000..ec788267e0
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -0,0 +1,130 @@
+/* p5_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+             int saltlen)
+{
+        PBEPARAM *pbe=NULL;
+        ASN1_OBJECT *al;
+        X509_ALGOR *algor;
+        ASN1_TYPE *astype=NULL;
+
+        if (!(pbe = PBEPARAM_new ())) {
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!saltlen) saltlen = PKCS5_SALT_LEN;
+        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        pbe->salt->length = saltlen;
+        if (salt) memcpy (pbe->salt->data, salt, saltlen);
+        else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+                goto err;
+
+        if (!(astype = ASN1_TYPE_new())) {
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+
+        astype->type = V_ASN1_SEQUENCE;
+        if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        PBEPARAM_free (pbe);
+        pbe = NULL;
+        
+        al = OBJ_nid2obj(alg); /* never need to free al */
+        if (!(algor = X509_ALGOR_new())) {
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        ASN1_OBJECT_free(algor->algorithm);
+        algor->algorithm = al;
+        algor->parameter = astype;
+
+        return (algor);
+err:
+        if (pbe != NULL) PBEPARAM_free(pbe);
+        if (astype != NULL) ASN1_TYPE_free(astype);
+        return NULL;
+}
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
new file mode 100644
index 0000000000..e0dc0ec4ee
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -0,0 +1,205 @@
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999-2004.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+ * yes I know this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                 unsigned char *salt, int saltlen)
+{
+        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+        int alg_nid;
+        EVP_CIPHER_CTX ctx;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        PBKDF2PARAM *kdf = NULL;
+        PBE2PARAM *pbe2 = NULL;
+        ASN1_OCTET_STRING *osalt = NULL;
+        ASN1_OBJECT *obj;
+
+        alg_nid = EVP_CIPHER_type(cipher);
+        if(alg_nid == NID_undef) {
+                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                goto err;
+        }
+        obj = OBJ_nid2obj(alg_nid);
+
+        if(!(pbe2 = PBE2PARAM_new())) goto merr;
+
+        /* Setup the AlgorithmIdentifier for the encryption scheme */
+        scheme = pbe2->encryption;
+
+        scheme->algorithm = obj;
+        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+
+        /* Create random IV */
+        if (EVP_CIPHER_iv_length(cipher) &&
+                RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                goto err;
+
+        EVP_CIPHER_CTX_init(&ctx);
+
+        /* Dummy cipherinit to just setup the IV */
+        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+                ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+                EVP_CIPHER_CTX_cleanup(&ctx);
+                goto err;
+        }
+        EVP_CIPHER_CTX_cleanup(&ctx);
+
+        if(!(kdf = PBKDF2PARAM_new())) goto merr;
+        if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
+
+        if (!saltlen) saltlen = PKCS5_SALT_LEN;
+        if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
+        osalt->length = saltlen;
+        if (salt) memcpy (osalt->data, salt, saltlen);
+        else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
+
+        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+        /* Now include salt in kdf structure */
+        kdf->salt->value.octet_string = osalt;
+        kdf->salt->type = V_ASN1_OCTET_STRING;
+        osalt = NULL;
+
+        /* If its RC2 then we'd better setup the key length */
+
+        if(alg_nid == NID_rc2_cbc) {
+                if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
+                if(!ASN1_INTEGER_set (kdf->keylength,
+                                 EVP_CIPHER_key_length(cipher))) goto merr;
+        }
+
+        /* prf can stay NULL because we are using hmacWithSHA1 */
+
+        /* Now setup the PBE2PARAM keyfunc structure */
+
+        pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+        /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+
+        if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
+                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+        PBKDF2PARAM_free(kdf);
+        kdf = NULL;
+
+        /* Now set up top level AlgorithmIdentifier */
+
+        if(!(ret = X509_ALGOR_new())) goto merr;
+        if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+
+        ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+        /* Encode PBE2PARAM into parameter */
+
+        if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
+                                 &ret->parameter->value.sequence)) goto merr;
+        ret->parameter->type = V_ASN1_SEQUENCE;
+
+        PBE2PARAM_free(pbe2);
+        pbe2 = NULL;
+
+        return ret;
+
+        merr:
+        ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+
+        err:
+        PBE2PARAM_free(pbe2);
+        /* Note 'scheme' is freed as part of pbe2 */
+        M_ASN1_OCTET_STRING_free(osalt);
+        PBKDF2PARAM_free(kdf);
+        X509_ALGOR_free(kalg);
+        X509_ALGOR_free(ret);
+
+        return NULL;
+
+}
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
new file mode 100644
index 0000000000..24b409132f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -0,0 +1,84 @@
+/* p8_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+        if(operation == ASN1_OP_FREE_PRE) {
+                PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+                if (key->pkey->value.octet_string)
+                OPENSSL_cleanse(key->pkey->value.octet_string->data,
+                        key->pkey->value.octet_string->length);
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/asn1/t_bitst.c b/src/lib/libcrypto/asn1/t_bitst.c
new file mode 100644
index 0000000000..397332d9b8
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_bitst.c
@@ -0,0 +1,102 @@
+/* t_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                                BIT_STRING_BITNAME *tbl, int indent)
+{
+        BIT_STRING_BITNAME *bnam;
+        char first = 1;
+        BIO_printf(out, "%*s", indent, "");
+        for(bnam = tbl; bnam->lname; bnam++) {
+                if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+                        if(!first) BIO_puts(out, ", ");
+                        BIO_puts(out, bnam->lname);
+                        first = 0;
+                }
+        }
+        BIO_puts(out, "\n");
+        return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+                                BIT_STRING_BITNAME *tbl)
+{
+        int bitnum;
+        bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+        if(bitnum < 0) return 0;
+        if(bs) {
+                if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+                        return 0;
+        }
+        return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
+{
+        BIT_STRING_BITNAME *bnam;
+        for(bnam = tbl; bnam->lname; bnam++) {
+                if(!strcmp(bnam->sname, name) ||
+                        !strcmp(bnam->lname, name) ) return bnam->bitnum;
+        }
+        return -1;
+}
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
new file mode 100644
index 0000000000..757c148df8
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -0,0 +1,134 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_CRL_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+        STACK_OF(X509_REVOKED) *rev;
+        X509_REVOKED *r;
+        long l;
+        int i, n;
+        char *p;
+
+        BIO_printf(out, "Certificate Revocation List (CRL):\n");
+        l = X509_CRL_get_version(x);
+        BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+        i = OBJ_obj2nid(x->sig_alg->algorithm);
+        BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+                                 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+        p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
+        BIO_printf(out,"%8sIssuer: %s\n","",p);
+        OPENSSL_free(p);
+        BIO_printf(out,"%8sLast Update: ","");
+        ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+        BIO_printf(out,"\n%8sNext Update: ","");
+        if (X509_CRL_get_nextUpdate(x))
+                 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+        else BIO_printf(out,"NONE");
+        BIO_printf(out,"\n");
+
+        n=X509_CRL_get_ext_count(x);
+        X509V3_extensions_print(out, "CRL extensions",
+                                                x->crl->extensions, 0, 8);
+
+        rev = X509_CRL_get_REVOKED(x);
+
+        if(sk_X509_REVOKED_num(rev) > 0)
+            BIO_printf(out, "Revoked Certificates:\n");
+        else BIO_printf(out, "No Revoked Certificates.\n");
+
+        for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+                r = sk_X509_REVOKED_value(rev, i);
+                BIO_printf(out,"    Serial Number: ");
+                i2a_ASN1_INTEGER(out,r->serialNumber);
+                BIO_printf(out,"\n        Revocation Date: ","");
+                ASN1_TIME_print(out,r->revocationDate);
+                BIO_printf(out,"\n");
+                X509V3_extensions_print(out, "CRL entry extensions",
+                                                r->extensions, 0, 8);
+        }
+        X509_signature_print(out, x->sig_alg, x->signature);
+
+        return 1;
+
+}
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
new file mode 100644
index 0000000000..d15006e654
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -0,0 +1,387 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+static int print(BIO *fp,const char *str,BIGNUM *num,
+                unsigned char *buf,int off);
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=RSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+        {
+        char str[128];
+        const char *s;
+        unsigned char *m=NULL;
+        int ret=0;
+        size_t buf_len=0, i;
+
+        if (x->n)
+                buf_len = (size_t)BN_num_bytes(x->n);
+        if (x->e)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+                        buf_len = i;
+        if (x->d)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+                        buf_len = i;
+        if (x->p)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+                        buf_len = i;
+        if (x->q)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                        buf_len = i;
+        if (x->dmp1)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+                        buf_len = i;
+        if (x->dmq1)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+                        buf_len = i;
+        if (x->iqmp)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+                        buf_len = i;
+
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (x->d != NULL)
+                {
+                if(!BIO_indent(bp,off,128))
+                   goto err;
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
+                        <= 0) goto err;
+                }
+
+        if (x->d == NULL)
+                BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
+        else
+                BUF_strlcpy(str,"modulus:",sizeof str);
+        if (!print(bp,str,x->n,m,off)) goto err;
+        s=(x->d == NULL)?"Exponent:":"publicExponent:";
+        if (!print(bp,s,x->e,m,off)) goto err;
+        if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
+        if (!print(bp,"prime1:",x->p,m,off)) goto err;
+        if (!print(bp,"prime2:",x->q,m,off)) goto err;
+        if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
+        if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
+        if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+#endif /* OPENSSL_NO_RSA */
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSA_print(b,x,off);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+        {
+        unsigned char *m=NULL;
+        int ret=0;
+        size_t buf_len=0,i;
+
+        if (x->p)
+                buf_len = (size_t)BN_num_bytes(x->p);
+        if (x->q)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                        buf_len = i;
+        if (x->g)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                        buf_len = i;
+        if (x->priv_key)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+                        buf_len = i;
+        if (x->pub_key)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+                        buf_len = i;
+
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (x->priv_key != NULL)
+                {
+                if(!BIO_indent(bp,off,128))
+                   goto err;
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
+                        <= 0) goto err;
+                }
+
+        if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
+                goto err;
+        if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
+                goto err;
+        if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
+        if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
+        if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+#endif /* !OPENSSL_NO_DSA */
+
+static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
+             int off)
+        {
+        int n,i;
+        const char *neg;
+
+        if (num == NULL) return(1);
+        neg=(num->neg)?"-":"";
+        if(!BIO_indent(bp,off,128))
+                return 0;
+
+        if (BN_num_bytes(num) <= BN_BYTES)
+                {
+                if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
+                        (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
+                        <= 0) return(0);
+                }
+        else
+                {
+                buf[0]=0;
+                if (BIO_printf(bp,"%s%s",number,
+                        (neg[0] == '-')?" (Negative)":"") <= 0)
+                        return(0);
+                n=BN_bn2bin(num,&buf[1]);
+        
+                if (buf[1] & 0x80)
+                        n++;
+                else    buf++;
+
+                for (i=0; i<n; i++)
+                        {
+                        if ((i%15) == 0)
+                                {
+                                if(BIO_puts(bp,"\n") <= 0
+                                   || !BIO_indent(bp,off+4,128))
+                                    return 0;
+                                }
+                        if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
+                                <= 0) return(0);
+                        }
+                if (BIO_write(bp,"\n",1) <= 0) return(0);
+                }
+        return(1);
+        }
+
+#ifndef OPENSSL_NO_DH
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DHparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DHparams_print(BIO *bp, const DH *x)
+        {
+        unsigned char *m=NULL;
+        int reason=ERR_R_BUF_LIB,ret=0;
+        size_t buf_len=0, i;
+
+        if (x->p)
+                buf_len = (size_t)BN_num_bytes(x->p);
+        if (x->g)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                        buf_len = i;
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
+                BN_num_bits(x->p)) <= 0)
+                goto err;
+        if (!print(bp,"prime:",x->p,m,4)) goto err;
+        if (!print(bp,"generator:",x->g,m,4)) goto err;
+        if (x->length != 0)
+                {
+                if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
+                        (int)x->length) <= 0) goto err;
+                }
+        ret=1;
+        if (0)
+                {
+err:
+                DHerr(DH_F_DHPARAMS_PRINT,reason);
+                }
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=DSAparams_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int DSAparams_print(BIO *bp, const DSA *x)
+        {
+        unsigned char *m=NULL;
+        int reason=ERR_R_BUF_LIB,ret=0;
+        size_t buf_len=0,i;
+
+        if (x->p)
+                buf_len = (size_t)BN_num_bytes(x->p);
+        if (x->q)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+                        buf_len = i;
+        if (x->g)
+                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+                        buf_len = i;
+        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+        if (m == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
+                BN_num_bits(x->p)) <= 0)
+                goto err;
+        if (!print(bp,"p:",x->p,m,4)) goto err;
+        if (!print(bp,"q:",x->q,m,4)) goto err;
+        if (!print(bp,"g:",x->g,m,4)) goto err;
+        ret=1;
+err:
+        if (m != NULL) OPENSSL_free(m);
+        DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
+        return(ret);
+        }
+
+#endif /* !OPENSSL_NO_DSA */
+
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
new file mode 100644
index 0000000000..740cee80c0
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -0,0 +1,276 @@
+/* crypto/asn1/t_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_REQ_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
+        {
+        unsigned long l;
+        int i;
+        const char *neg;
+        X509_REQ_INFO *ri;
+        EVP_PKEY *pkey;
+        STACK_OF(X509_ATTRIBUTE) *sk;
+        STACK_OF(X509_EXTENSION) *exts;
+        char mlch = ' ';
+        int nmindent = 0;
+
+        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                mlch = '\n';
+                nmindent = 12;
+        }
+
+        if(nmflags == X509_FLAG_COMPAT)
+                nmindent = 16;
+
+
+        ri=x->req_info;
+        if(!(cflag & X509_FLAG_NO_HEADER))
+                {
+                if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_VERSION))
+                {
+                neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+                l=0;
+                for (i=0; i<ri->version->length; i++)
+                        { l<<=8; l+=ri->version->data[i]; }
+                if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
+                              l) <= 0)
+                    goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_PUBKEY))
+                {
+                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+                        goto err;
+                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+
+                pkey=X509_REQ_get_pubkey(x);
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
+                        ERR_print_errors(bp);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(bp,pkey->pkey.rsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        DSA_print(bp,pkey->pkey.dsa,16);
+                        }
+                else
+#endif
+                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+                EVP_PKEY_free(pkey);
+                }
+
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+                {
+                /* may not be */
+                if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
+                    goto err;
+
+                sk=x->req_info->attributes;
+                if (sk_X509_ATTRIBUTE_num(sk) == 0)
+                        {
+                        if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
+                            goto err;
+                        }
+                else
+                        {
+                        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                                {
+                                ASN1_TYPE *at;
+                                X509_ATTRIBUTE *a;
+                                ASN1_BIT_STRING *bs=NULL;
+                                ASN1_TYPE *t;
+                                int j,type=0,count=1,ii=0;
+
+                                a=sk_X509_ATTRIBUTE_value(sk,i);
+                                if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+                                                                        continue;
+                                if(BIO_printf(bp,"%12s","") <= 0)
+                                    goto err;
+                                if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+                                {
+                                if (a->single)
+                                        {
+                                        t=a->value.single;
+                                        type=t->type;
+                                        bs=t->value.bit_string;
+                                        }
+                                else
+                                        {
+                                        ii=0;
+                                        count=sk_ASN1_TYPE_num(a->value.set);
+get_next:
+                                        at=sk_ASN1_TYPE_value(a->value.set,ii);
+                                        type=at->type;
+                                        bs=at->value.asn1_string;
+                                        }
+                                }
+                                for (j=25-j; j>0; j--)
+                                        if (BIO_write(bp," ",1) != 1) goto err;
+                                if (BIO_puts(bp,":") <= 0) goto err;
+                                if (    (type == V_ASN1_PRINTABLESTRING) ||
+                                        (type == V_ASN1_T61STRING) ||
+                                        (type == V_ASN1_IA5STRING))
+                                        {
+                                        if (BIO_write(bp,(char *)bs->data,bs->length)
+                                                != bs->length)
+                                                goto err;
+                                        BIO_puts(bp,"\n");
+                                        }
+                                else
+                                        {
+                                        BIO_puts(bp,"unable to print attribute\n");
+                                        }
+                                if (++ii < count) goto get_next;
+                                }
+                        }
+                }
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+                {
+                exts = X509_REQ_get_extensions(x);
+                if(exts)
+                        {
+                        BIO_printf(bp,"%8sRequested Extensions:\n","");
+                        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+                                {
+                                ASN1_OBJECT *obj;
+                                X509_EXTENSION *ex;
+                                int j;
+                                ex=sk_X509_EXTENSION_value(exts, i);
+                                if (BIO_printf(bp,"%12s","") <= 0) goto err;
+                                obj=X509_EXTENSION_get_object(ex);
+                                i2a_ASN1_OBJECT(bp,obj);
+                                j=X509_EXTENSION_get_critical(ex);
+                                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
+                                        goto err;
+                                if(!X509V3_EXT_print(bp, ex, 0, 16))
+                                        {
+                                        BIO_printf(bp, "%16s", "");
+                                        M_ASN1_OCTET_STRING_print(bp,ex->value);
+                                        }
+                                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                                }
+                        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+                        }
+                }
+
+        if(!(cflag & X509_FLAG_NO_SIGDUMP))
+                {
+                if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
+                }
+
+        return(1);
+err:
+        X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
+        return(0);
+        }
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+        {
+        return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+        }
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
new file mode 100644
index 0000000000..5abfbc815e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_spki.c
@@ -0,0 +1,116 @@
+/* t_spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+        EVP_PKEY *pkey;
+        ASN1_IA5STRING *chal;
+        int i, n;
+        char *s;
+        BIO_printf(out, "Netscape SPKI:\n");
+        i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+        BIO_printf(out,"  Public Key Algorithm: %s\n",
+                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+        pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+        if(!pkey) BIO_printf(out, "  Unable to load public key\n");
+        else {
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(out,"  RSA Public Key: (%d bit)\n",
+                                BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(out,pkey->pkey.rsa,2);
+                        }
+                else 
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                {
+                BIO_printf(out,"  DSA Public Key:\n");
+                DSA_print(out,pkey->pkey.dsa,2);
+                }
+                else
+#endif
+                        BIO_printf(out,"  Unknown Public Key:\n");
+                EVP_PKEY_free(pkey);
+        }
+        chal = spki->spkac->challenge;
+        if(chal->length)
+                BIO_printf(out, "  Challenge String: %s\n", chal->data);
+        i=OBJ_obj2nid(spki->sig_algor->algorithm);
+        BIO_printf(out,"  Signature Algorithm: %s",
+                                (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+        n=spki->signature->length;
+        s=(char *)spki->signature->data;
+        for (i=0; i<n; i++)
+                {
+                if ((i%18) == 0) BIO_write(out,"\n      ",7);
+                BIO_printf(out,"%02x%s",(unsigned char)s[i],
+                                                ((i+1) == n)?"":":");
+                }
+        BIO_write(out,"\n",1);
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
new file mode 100644
index 0000000000..30f68561b7
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -0,0 +1,505 @@
+/* crypto/asn1/t_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_print_fp(FILE *fp, X509 *x)
+        {
+        return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+        }
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_print_ex(b, x, nmflag, cflag);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+        return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
+        {
+        long l;
+        int ret=0,i;
+        char *m=NULL,mlch = ' ';
+        int nmindent = 0;
+        X509_CINF *ci;
+        ASN1_INTEGER *bs;
+        EVP_PKEY *pkey=NULL;
+        const char *neg;
+        ASN1_STRING *str=NULL;
+
+        if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+                        mlch = '\n';
+                        nmindent = 12;
+        }
+
+        if(nmflags == X509_FLAG_COMPAT)
+                nmindent = 16;
+
+        ci=x->cert_info;
+        if(!(cflag & X509_FLAG_NO_HEADER))
+                {
+                if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+                if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_VERSION))
+                {
+                l=X509_get_version(x);
+                if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_SERIAL))
+                {
+
+                if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
+
+                bs=X509_get_serialNumber(x);
+                if (bs->length <= 4)
+                        {
+                        l=ASN1_INTEGER_get(bs);
+                        if (l < 0)
+                                {
+                                l= -l;
+                                neg="-";
+                                }
+                        else
+                                neg="";
+                        if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
+                                goto err;
+                        }
+                else
+                        {
+                        neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+                        if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+
+                        for (i=0; i<bs->length; i++)
+                                {
+                                if (BIO_printf(bp,"%02x%c",bs->data[i],
+                                        ((i+1 == bs->length)?'\n':':')) <= 0)
+                                        goto err;
+                                }
+                        }
+
+                }
+
+        if(!(cflag & X509_FLAG_NO_SIGNAME))
+                {
+                if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+                }
+
+        if(!(cflag & X509_FLAG_NO_ISSUER))
+                {
+                if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_VALIDITY))
+                {
+                if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
+                if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+                if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+                if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+                if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_PUBKEY))
+                {
+                if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+                        goto err;
+                if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+                        goto err;
+                if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+                        goto err;
+                if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+
+                pkey=X509_get_pubkey(x);
+                if (pkey == NULL)
+                        {
+                        BIO_printf(bp,"%12sUnable to load Public Key\n","");
+                        ERR_print_errors(bp);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                        {
+                        BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+                        BN_num_bits(pkey->pkey.rsa->n));
+                        RSA_print(bp,pkey->pkey.rsa,16);
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                        {
+                        BIO_printf(bp,"%12sDSA Public Key:\n","");
+                        DSA_print(bp,pkey->pkey.dsa,16);
+                        }
+                else
+#endif
+                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+                EVP_PKEY_free(pkey);
+                }
+
+        if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+                X509V3_extensions_print(bp, "X509v3 extensions",
+                                        ci->extensions, cflag, 8);
+
+        if(!(cflag & X509_FLAG_NO_SIGDUMP))
+                {
+                if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
+                }
+        if(!(cflag & X509_FLAG_NO_AUX))
+                {
+                if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
+                }
+        ret=1;
+err:
+        if (str != NULL) ASN1_STRING_free(str);
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+
+int X509_ocspid_print (BIO *bp, X509 *x)
+        {
+        unsigned char *der=NULL ;
+        unsigned char *dertmp;
+        int derlen;
+        int i;
+        unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+        /* display the hash of the subject as it would appear
+           in OCSP requests */
+        if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+                goto err;
+        derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+        if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+                goto err;
+        i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+        EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+        for (i=0; i < SHA_DIGEST_LENGTH; i++)
+                {
+                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+                }
+        OPENSSL_free (der);
+        der=NULL;
+
+        /* display the hash of the public key as it would appear
+           in OCSP requests */
+        if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+                goto err;
+
+        EVP_Digest(x->cert_info->key->public_key->data,
+                x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+        for (i=0; i < SHA_DIGEST_LENGTH; i++)
+                {
+                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+                        goto err;
+                }
+        BIO_printf(bp,"\n");
+
+        return (1);
+err:
+        if (der != NULL) OPENSSL_free(der);
+        return(0);
+        }
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+        unsigned char *s;
+        int i, n;
+        if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+        if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+        n=sig->length;
+        s=sig->data;
+        for (i=0; i<n; i++)
+                {
+                if ((i%18) == 0)
+                        if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+                        if (BIO_printf(bp,"%02x%s",s[i],
+                                ((i+1) == n)?"":":") <= 0) return 0;
+                }
+        if (BIO_write(bp,"\n",1) != 1) return 0;
+        return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
+        {
+        int i,n;
+        char buf[80],*p;
+
+        if (v == NULL) return(0);
+        n=0;
+        p=(char *)v->data;
+        for (i=0; i<v->length; i++)
+                {
+                if ((p[i] > '~') || ((p[i] < ' ') &&
+                        (p[i] != '\n') && (p[i] != '\r')))
+                        buf[n]='.';
+                else
+                        buf[n]=p[i];
+                n++;
+                if (n >= 80)
+                        {
+                        if (BIO_write(bp,buf,n) <= 0)
+                                return(0);
+                        n=0;
+                        }
+                }
+        if (n > 0)
+                if (BIO_write(bp,buf,n) <= 0)
+                        return(0);
+        return(1);
+        }
+
+int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+{
+        if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
+        if(tm->type == V_ASN1_GENERALIZEDTIME)
+                                return ASN1_GENERALIZEDTIME_print(bp, tm);
+        BIO_write(bp,"Bad time value",14);
+        return(0);
+}
+
+static const char *mon[12]=
+    {
+    "Jan","Feb","Mar","Apr","May","Jun",
+    "Jul","Aug","Sep","Oct","Nov","Dec"
+    };
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+        {
+        char *v;
+        int gmt=0;
+        int i;
+        int y=0,M=0,d=0,h=0,m=0,s=0;
+
+        i=tm->length;
+        v=(char *)tm->data;
+
+        if (i < 12) goto err;
+        if (v[i-1] == 'Z') gmt=1;
+        for (i=0; i<12; i++)
+                if ((v[i] > '9') || (v[i] < '0')) goto err;
+        y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
+        M= (v[4]-'0')*10+(v[5]-'0');
+        if ((M > 12) || (M < 1)) goto err;
+        d= (v[6]-'0')*10+(v[7]-'0');
+        h= (v[8]-'0')*10+(v[9]-'0');
+        m=  (v[10]-'0')*10+(v[11]-'0');
+        if (    (v[12] >= '0') && (v[12] <= '9') &&
+                (v[13] >= '0') && (v[13] <= '9'))
+                s=  (v[12]-'0')*10+(v[13]-'0');
+
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+                mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+                return(0);
+        else
+                return(1);
+err:
+        BIO_write(bp,"Bad time value",14);
+        return(0);
+        }
+
+int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+        {
+        char *v;
+        int gmt=0;
+        int i;
+        int y=0,M=0,d=0,h=0,m=0,s=0;
+
+        i=tm->length;
+        v=(char *)tm->data;
+
+        if (i < 10) goto err;
+        if (v[i-1] == 'Z') gmt=1;
+        for (i=0; i<10; i++)
+                if ((v[i] > '9') || (v[i] < '0')) goto err;
+        y= (v[0]-'0')*10+(v[1]-'0');
+        if (y < 50) y+=100;
+        M= (v[2]-'0')*10+(v[3]-'0');
+        if ((M > 12) || (M < 1)) goto err;
+        d= (v[4]-'0')*10+(v[5]-'0');
+        h= (v[6]-'0')*10+(v[7]-'0');
+        m=  (v[8]-'0')*10+(v[9]-'0');
+        if (    (v[10] >= '0') && (v[10] <= '9') &&
+                (v[11] >= '0') && (v[11] <= '9'))
+                s=  (v[10]-'0')*10+(v[11]-'0');
+
+        if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+                mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
+                return(0);
+        else
+                return(1);
+err:
+        BIO_write(bp,"Bad time value",14);
+        return(0);
+        }
+
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+        {
+        char *s,*c,*b;
+        int ret=0,l,ll,i,first=1;
+
+        ll=80-2-obase;
+
+        b=s=X509_NAME_oneline(name,NULL,0);
+        if (!*s)
+                {
+                OPENSSL_free(b);
+                return 1;
+                }
+        s++; /* skip the first slash */
+
+        l=ll;
+        c=s;
+        for (;;)
+                {
+#ifndef CHARSET_EBCDIC
+                if (    ((*s == '/') &&
+                                ((s[1] >= 'A') && (s[1] <= 'Z') && (
+                                        (s[2] == '=') ||
+                                        ((s[2] >= 'A') && (s[2] <= 'Z') &&
+                                        (s[3] == '='))
+                                 ))) ||
+                        (*s == '\0'))
+#else
+                if (    ((*s == '/') &&
+                                (isupper(s[1]) && (
+                                        (s[2] == '=') ||
+                                        (isupper(s[2]) &&
+                                        (s[3] == '='))
+                                 ))) ||
+                        (*s == '\0'))
+#endif
+                        {
+                        if ((l <= 0) && !first)
+                                {
+                                first=0;
+                                if (BIO_write(bp,"\n",1) != 1) goto err;
+                                for (i=0; i<obase; i++)
+                                        {
+                                        if (BIO_write(bp," ",1) != 1) goto err;
+                                        }
+                                l=ll;
+                                }
+                        i=s-c;
+                        if (BIO_write(bp,c,i) != i) goto err;
+                        c+=i;
+                        c++;
+                        if (*s != '\0')
+                                {
+                                if (BIO_write(bp,", ",2) != 2) goto err;
+                                }
+                        l--;
+                        }
+                if (*s == '\0') break;
+                s++;
+                l--;
+                }
+        
+        ret=1;
+        if (0)
+                {
+err:
+                X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
+                }
+        OPENSSL_free(b);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c
new file mode 100644
index 0000000000..ffbbfb51f4
--- /dev/null
+++ b/src/lib/libcrypto/asn1/t_x509a.c
@@ -0,0 +1,110 @@
+/* t_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX and string set routines
+ */
+
+int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
+{
+        char oidstr[80], first;
+        int i;
+        if(!aux) return 1;
+        if(aux->trust) {
+                first = 1;
+                BIO_printf(out, "%*sTrusted Uses:\n%*s",
+                                                indent, "", indent + 2, "");
+                for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
+                        if(!first) BIO_puts(out, ", ");
+                        else first = 0;
+                        OBJ_obj2txt(oidstr, sizeof oidstr,
+                                sk_ASN1_OBJECT_value(aux->trust, i), 0);
+                        BIO_puts(out, oidstr);
+                }
+                BIO_puts(out, "\n");
+        } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+        if(aux->reject) {
+                first = 1;
+                BIO_printf(out, "%*sRejected Uses:\n%*s",
+                                                indent, "", indent + 2, "");
+                for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
+                        if(!first) BIO_puts(out, ", ");
+                        else first = 0;
+                        OBJ_obj2txt(oidstr, sizeof oidstr,
+                                sk_ASN1_OBJECT_value(aux->reject, i), 0);
+                        BIO_puts(out, oidstr);
+                }
+                BIO_puts(out, "\n");
+        } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+        if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
+                                                        aux->alias->data);
+        if(aux->keyid) {
+                BIO_printf(out, "%*sKey Id: ", indent, "");
+                for(i = 0; i < aux->keyid->length; i++) 
+                        BIO_printf(out, "%s%02X", 
+                                i ? ":" : "",
+                                aux->keyid->data[i]);
+                BIO_write(out,"\n",1);
+        }
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
new file mode 100644
index 0000000000..2426cb6253
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -0,0 +1,965 @@
+/* tasn_dec.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+                        unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx);
+static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len,
+                                        const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static unsigned long tag2bit[32]={
+0,      0,      0,      B_ASN1_BIT_STRING,      /* tags  0 -  3 */
+B_ASN1_OCTET_STRING,    0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+0,      0,      B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,                        /* tags 23-24 */ 
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+        };
+
+unsigned long ASN1_tag2bit(int tag)
+{
+        if((tag < 0) || (tag > 30)) return 0;
+        return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)       if(c) (c)->valid = 0
+
+/* Decode an ASN1 item, this currently behaves just 
+ * like a standard 'd2i' function. 'in' points to 
+ * a buffer to read the data from, in future we will
+ * have more advanced versions that can input data
+ * a piece at a time and this will simply be a special
+ * case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it)
+{
+        ASN1_TLC c;
+        ASN1_VALUE *ptmpval = NULL;
+        if(!pval) pval = &ptmpval;
+        asn1_tlc_clear(&c);
+        if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+                return *pval;
+        return NULL;
+}
+
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+{
+        ASN1_TLC c;
+        asn1_tlc_clear(&c);
+        return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+
+/* Decode an item, taking care of IMPLICIT tagging, if any.
+ * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+        const ASN1_TEMPLATE *tt, *errtt = NULL;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        unsigned char *p, *q, imphack = 0, oclass;
+        char seq_eoc, seq_nolen, cst, isopt;
+        long tmplen;
+        int i;
+        int otag;
+        int ret = 0;
+        ASN1_VALUE *pchval, **pchptr, *ptmpval;
+        if(!pval) return 0;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) {
+                        /* tagging or OPTIONAL is currently illegal on an item template
+                         * because the flags can't get passed down. In practice this isn't
+                         * a problem: we include the relevant flags from the item template
+                         * in the template itself.
+                         */
+                        if ((tag != -1) || opt) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                                goto err;
+                        }
+                        return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
+                }
+                return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                p = *in;
+                /* Just read in tag and class */
+                ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } 
+                /* Must be UNIVERSAL class */
+                if(oclass != V_ASN1_UNIVERSAL) {
+                        /* If OPTIONAL, assume this is OK */
+                        if(opt) return -1;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+                        goto err;
+                } 
+                /* Check tag matches bit map */
+                if(!(ASN1_tag2bit(otag) & it->utype)) {
+                        /* If OPTIONAL, assume this is OK */
+                        if(opt) return -1;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+                        goto err;
+                } 
+                return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+                case ASN1_ITYPE_EXTERN:
+                /* Use new style d2i */
+                ef = it->funcs;
+                return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+                case ASN1_ITYPE_COMPAT:
+                /* we must resort to old style evil hackery */
+                cf = it->funcs;
+
+                /* If OPTIONAL see if it is there */
+                if(opt) {
+                        int exptag;
+                        p = *in;
+                        if(tag == -1) exptag = it->utype;
+                        else exptag = tag;
+                        /* Don't care about anything other than presence of expected tag */
+                        ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx);
+                        if(!ret) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                        if(ret == -1) return -1;
+                }
+                /* This is the old style evil hack IMPLICIT handling:
+                 * since the underlying code is expecting a tag and
+                 * class other than the one present we change the
+                 * buffer temporarily then change it back afterwards.
+                 * This doesn't and never did work for tags > 30.
+                 *
+                 * Yes this is *horrible* but it is only needed for
+                 * old style d2i which will hopefully not be around
+                 * for much longer.
+                 * FIXME: should copy the buffer then modify it so
+                 * the input buffer can be const: we should *always*
+                 * copy because the old style d2i might modify the
+                 * buffer.
+                 */
+
+                if(tag != -1) {
+                        p = *in;
+                        imphack = *p;
+                        *p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype);
+                }
+
+                ptmpval = cf->asn1_d2i(pval, in, len);
+
+                if(tag != -1) *p = imphack;
+
+                if(ptmpval) return 1;
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                                goto auxerr;
+
+                /* Allocate structure */
+                if(!*pval) {
+                        if(!ASN1_item_ex_new(pval, it)) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                }
+                /* CHOICE type, try each possibility in turn */
+                pchval = NULL;
+                p = *in;
+                for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
+                        pchptr = asn1_get_field_ptr(pval, tt);
+                        /* We mark field as OPTIONAL so its absence
+                         * can be recognised.
+                         */
+                        ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+                        /* If field not present, try the next one */
+                        if(ret == -1) continue;
+                        /* If positive return, read OK, break loop */
+                        if(ret > 0) break;
+                        /* Otherwise must be an ASN1 parsing error */
+                        errtt = tt;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                }
+                /* Did we fall off the end without reading anything? */
+                if(i == it->tcount) {
+                        /* If OPTIONAL, this is OK */
+                        if(opt) {
+                                /* Free and zero it */
+                                ASN1_item_ex_free(pval, it);
+                                return -1;
+                        }
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+                        goto err;
+                }
+                asn1_set_choice_selector(pval, i, it);
+                *in = p;
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                                goto auxerr;
+                return 1;
+
+                case ASN1_ITYPE_SEQUENCE:
+                p = *in;
+                tmplen = len;
+
+                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+                if(tag == -1) {
+                        tag = V_ASN1_SEQUENCE;
+                        aclass = V_ASN1_UNIVERSAL;
+                }
+                /* Get SEQUENCE length and update len, p */
+                ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } else if(ret == -1) return -1;
+                if(aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+                        len = tmplen - (p - *in);
+                        seq_nolen = 1;
+                } else seq_nolen = seq_eoc;     /* If indefinite we don't do a length check */
+                if(!cst) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+                        goto err;
+                }
+
+                if(!*pval) {
+                        if(!ASN1_item_ex_new(pval, it)) {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                }
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                                goto auxerr;
+
+                /* Get each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) goto err;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* Have we ran out of data? */
+                        if(!len) break;
+                        q = p;
+                        if(asn1_check_eoc(&p, len)) {
+                                if(!seq_eoc) {
+                                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+                                        goto err;
+                                }
+                                len -= p - q;
+                                seq_eoc = 0;
+                                q = p;
+                                break;
+                        }
+                        /* This determines the OPTIONAL flag value. The field cannot
+                         * be omitted if it is the last of a SEQUENCE and there is
+                         * still data to be read. This isn't strictly necessary but
+                         * it increases efficiency in some cases.
+                         */
+                        if(i == (it->tcount - 1)) isopt = 0;
+                        else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+                        /* attempt to read in field, allowing each to be OPTIONAL */
+                        ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+                        if(!ret) {
+                                errtt = seqtt;
+                                goto err;
+                        } else if(ret == -1) {
+                                /* OPTIONAL component absent. Free and zero the field
+                                 */
+                                ASN1_template_free(pseqval, seqtt);
+                                continue;
+                        }
+                        /* Update length */
+                        len -= p - q;
+                }
+                /* Check for EOC if expecting one */
+                if(seq_eoc && !asn1_check_eoc(&p, len)) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+                        goto err;
+                }
+                /* Check all data read */
+                if(!seq_nolen && len) {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+                        goto err;
+                }
+
+                /* If we get here we've got no more data in the SEQUENCE,
+                 * however we may not have read all fields so check all
+                 * remaining are OPTIONAL and clear any that are.
+                 */
+                for(; i < it->tcount; tt++, i++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) goto err;
+                        if(seqtt->flags & ASN1_TFLG_OPTIONAL) {
+                                ASN1_VALUE **pseqval;
+                                pseqval = asn1_get_field_ptr(pval, seqtt);
+                                ASN1_template_free(pseqval, seqtt);
+                        } else {
+                                errtt = seqtt;
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+                                goto err;
+                        }
+                }
+                /* Save encoding */
+                if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr;
+                *in = p;
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                                goto auxerr;
+                return 1;
+
+                default:
+                return 0;
+        }
+        auxerr:
+        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+        err:
+        ASN1_item_ex_free(pval, it);
+        if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
+        else ERR_add_error_data(2, "Type=", it->sname);
+        return 0;
+}
+
+/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the
+ * rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+        int flags, aclass;
+        int ret;
+        long len;
+        unsigned char *p, *q;
+        char exp_eoc;
+        if(!val) return 0;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+        p = *in;
+
+        /* Check if EXPLICIT tag expected */
+        if(flags & ASN1_TFLG_EXPTAG) {
+                char cst;
+                /* Need to work out amount of data available to the inner content and where it
+                 * starts: so read in EXPLICIT header to get the info.
+                 */
+                ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx);
+                q = p;
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                } else if(ret == -1) return -1;
+                if(!cst) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+                        return 0;
+                }
+                /* We've found the field so it can't be OPTIONAL now */
+                ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                }
+                /* We read the field in OK so update length */
+                len -= p - q;
+                if(exp_eoc) {
+                        /* If NDEF we must have an EOC here */
+                        if(!asn1_check_eoc(&p, len)) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+                                goto err;
+                        }
+                } else {
+                        /* Otherwise we must hit the EXPLICIT tag end or its an error */
+                        if(len) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                                goto err;
+                        }
+                }
+        } else 
+                return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+        *in = p;
+        return 1;
+
+        err:
+        ASN1_template_free(val, tt);
+        *val = NULL;
+        return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+        int flags, aclass;
+        int ret;
+        unsigned char *p, *q;
+        if(!val) return 0;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+        p = *in;
+        q = p;
+
+        if(flags & ASN1_TFLG_SK_MASK) {
+                /* SET OF, SEQUENCE OF */
+                int sktag, skaclass;
+                char sk_eoc;
+                /* First work out expected inner tag value */
+                if(flags & ASN1_TFLG_IMPTAG) {
+                        sktag = tt->tag;
+                        skaclass = aclass;
+                } else {
+                        skaclass = V_ASN1_UNIVERSAL;
+                        if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET;
+                        else sktag = V_ASN1_SEQUENCE;
+                }
+                /* Get the tag */
+                ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                } else if(ret == -1) return -1;
+                if(!*val) *val = (ASN1_VALUE *)sk_new_null();
+                else {
+                        /* We've got a valid STACK: free up any items present */
+                        STACK *sktmp = (STACK *)*val;
+                        ASN1_VALUE *vtmp;
+                        while(sk_num(sktmp) > 0) {
+                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+                                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+                        }
+                }
+                                
+                if(!*val) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                /* Read as many items as we can */
+                while(len > 0) {
+                        ASN1_VALUE *skfield;
+                        q = p;
+                        /* See if EOC found */
+                        if(asn1_check_eoc(&p, len)) {
+                                if(!sk_eoc) {
+                                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC);
+                                        goto err;
+                                }
+                                len -= p - q;
+                                sk_eoc = 0;
+                                break;
+                        }
+                        skfield = NULL;
+                        if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
+                        }
+                        len -= p - q;
+                        if(!sk_push((STACK *)*val, (char *)skfield)) {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE);
+                                goto err;
+                        }
+                }
+                if(sk_eoc) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+                        goto err;
+                }
+        } else if(flags & ASN1_TFLG_IMPTAG) {
+                /* IMPLICIT tagging */
+                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } else if(ret == -1) return -1;
+        } else {
+                /* Nothing special */
+                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+                        goto err;
+                } else if(ret == -1) return -1;
+        }
+
+        *in = p;
+        return 1;
+
+        err:
+        ASN1_template_free(val, tt);
+        *val = NULL;
+        return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, 
+                                                const ASN1_ITEM *it,
+                                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+        int ret = 0, utype;
+        long plen;
+        char cst, inf, free_cont = 0;
+        unsigned char *p;
+        BUF_MEM buf;
+        unsigned char *cont = NULL;
+        long len; 
+        if(!pval) {
+                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+                return 0; /* Should never happen */
+        }
+
+        if(it->itype == ASN1_ITYPE_MSTRING) {
+                utype = tag;
+                tag = -1;
+        } else utype = it->utype;
+
+        if(utype == V_ASN1_ANY) {
+                /* If type is ANY need to figure out type from tag */
+                unsigned char oclass;
+                if(tag >= 0) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+                        return 0;
+                }
+                if(opt) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY);
+                        return 0;
+                }
+                p = *in;
+                ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx);
+                if(!ret) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                }
+                if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER;
+        }
+        if(tag == -1) {
+                tag = utype;
+                aclass = V_ASN1_UNIVERSAL;
+        }
+        p = *in;
+        /* Check header */
+        ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx);
+        if(!ret) {
+                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+                return 0;
+        } else if(ret == -1) return -1;
+        /* SEQUENCE, SET and "OTHER" are left in encoded form */
+        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+                /* Clear context cache for type OTHER because the auto clear when
+                 * we have a exact match wont work
+                 */
+                if(utype == V_ASN1_OTHER) {
+                        asn1_tlc_clear(ctx);
+                /* SEQUENCE and SET must be constructed */
+                } else if(!cst) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
+                        return 0;
+                }
+
+                cont = *in;
+                /* If indefinite length constructed find the real end */
+                if(inf) {
+                        if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+                        len = p - cont;
+                } else {
+                        len = p - cont + plen;
+                        p += plen;
+                        buf.data = NULL;
+                }
+        } else if(cst) {
+                buf.length = 0;
+                buf.max = 0;
+                buf.data = NULL;
+                /* Should really check the internal tags are correct but
+                 * some things may get this wrong. The relevant specs
+                 * say that constructed string types should be OCTET STRINGs
+                 * internally irrespective of the type. So instead just check
+                 * for UNIVERSAL class and ignore the tag.
+                 */
+                if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
+                len = buf.length;
+                /* Append a final null to string */
+                if(!BUF_MEM_grow_clean(&buf, len + 1)) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                buf.data[len] = 0;
+                cont = (unsigned char *)buf.data;
+                free_cont = 1;
+        } else {
+                cont = p;
+                len = plen;
+                p += plen;
+        }
+
+        /* We now have content length and type: translate into a structure */
+        if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err;
+
+        *in = p;
+        ret = 1;
+        err:
+        if(free_cont && buf.data) OPENSSL_free(buf.data);
+        return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        ASN1_VALUE **opval = NULL;
+        ASN1_STRING *stmp;
+        ASN1_TYPE *typ = NULL;
+        int ret = 0;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        ASN1_INTEGER **tint;
+        pf = it->funcs;
+        if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+        /* If ANY type clear type and set pointer to internal value */
+        if(it->utype == V_ASN1_ANY) {
+                if(!*pval) {
+                        typ = ASN1_TYPE_new();
+                        *pval = (ASN1_VALUE *)typ;
+                } else typ = (ASN1_TYPE *)*pval;
+                if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+                opval = pval;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
+        }
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err;
+                break;
+
+                case V_ASN1_NULL:
+                if(len) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH);
+                        goto err;
+                }
+                *pval = (ASN1_VALUE *)1;
+                break;
+
+                case V_ASN1_BOOLEAN:
+                if(len != 1) {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+                        goto err;
+                } else {
+                        ASN1_BOOLEAN *tbool;
+                        tbool = (ASN1_BOOLEAN *)pval;
+                        *tbool = *cont;
+                }
+                break;
+
+                case V_ASN1_BIT_STRING:
+                if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err;
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_NEG_INTEGER:
+                case V_ASN1_ENUMERATED:
+                case V_ASN1_NEG_ENUMERATED:
+                tint = (ASN1_INTEGER **)pval;
+                if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
+                /* Fixup type to match the expected form */
+                (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+                break;
+
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_VIDEOTEXSTRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_UTCTIME:
+                case V_ASN1_GENERALIZEDTIME:
+                case V_ASN1_GRAPHICSTRING:
+                case V_ASN1_VISIBLESTRING:
+                case V_ASN1_GENERALSTRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_BMPSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_OTHER:
+                case V_ASN1_SET:
+                case V_ASN1_SEQUENCE:
+                default:
+                /* All based on ASN1_STRING and handled the same */
+                if(!*pval) {
+                        stmp = ASN1_STRING_type_new(utype);
+                        if(!stmp) {
+                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+                                goto err;
+                        }
+                        *pval = (ASN1_VALUE *)stmp;
+                } else {
+                        stmp = (ASN1_STRING *)*pval;
+                        stmp->type = utype;
+                }
+                /* If we've already allocated a buffer use it */
+                if(*free_cont) {
+                        if(stmp->data) OPENSSL_free(stmp->data);
+                        stmp->data = cont;
+                        stmp->length = len;
+                        *free_cont = 0;
+                } else {
+                        if(!ASN1_STRING_set(stmp, cont, len)) {
+                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+                                ASN1_STRING_free(stmp); 
+                                *pval = NULL;
+                                goto err;
+                        }
+                }
+                break;
+        }
+        /* If ASN1_ANY and NULL type fix up value */
+        if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL;
+
+        ret = 1;
+        err:
+        if(!ret)
+                {
+                ASN1_TYPE_free(typ);
+                if (opval)
+                        *opval = NULL;
+                }
+        return ret;
+}
+
+/* This function collects the asn1 data from a constructred string
+ * type into a buffer. The values of 'in' and 'len' should refer
+ * to the contents of the constructed type and 'inf' should be set
+ * if it is indefinite length. If 'buf' is NULL then we just want
+ * to find the end of the current structure: useful for indefinite
+ * length constructed stuff.
+ */
+
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
+{
+        unsigned char *p, *q;
+        long plen;
+        char cst, ininf;
+        p = *in;
+        inf &= 1;
+        /* If no buffer and not indefinite length constructed just pass over the encoded data */
+        if(!buf && !inf) {
+                *in += len;
+                return 1;
+        }
+        while(len > 0) {
+                q = p;
+                /* Check for EOC */
+                if(asn1_check_eoc(&p, len)) {
+                        /* EOC is illegal outside indefinite length constructed form */
+                        if(!inf) {
+                                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+                                return 0;
+                        }
+                        inf = 0;
+                        break;
+                }
+                if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) {
+                        ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+                        return 0;
+                }
+                /* If indefinite length constructed update max length */
+                if(cst) {
+                        if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+                } else {
+                        if(!collect_data(buf, &p, plen)) return 0;
+                }
+                len -= p - q;
+        }
+        if(inf) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+                return 0;
+        }
+        *in = p;
+        return 1;
+}
+
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
+{
+                int len;
+                if(buf) {
+                        len = buf->length;
+                        if(!BUF_MEM_grow_clean(buf, len + plen)) {
+                                ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                        }
+                        memcpy(buf->data + len, *p, plen);
+                }
+                *p += plen;
+                return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(unsigned char **in, long len)
+{
+        unsigned char *p;
+        if(len < 2) return 0;
+        p = *in;
+        if(!p[0] && !p[1]) {
+                *in += 2;
+                return 1;
+        }
+        return 0;
+}
+
+/* Check an ASN1 tag and length: a bit like ASN1_get_object
+ * but it sets the length for indefinite length constructed
+ * form, we don't know the exact length but we can set an
+ * upper bound to the amount of data available minus the
+ * header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+                unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+        int i;
+        int ptag, pclass;
+        long plen;
+        unsigned char *p, *q;
+        p = *in;
+        q = p;
+
+        if(ctx && ctx->valid) {
+                i = ctx->ret;
+                plen = ctx->plen;
+                pclass = ctx->pclass;
+                ptag = ctx->ptag;
+                p += ctx->hdrlen;
+        } else {
+                i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+                if(ctx) {
+                        ctx->ret = i;
+                        ctx->plen = plen;
+                        ctx->pclass = pclass;
+                        ctx->ptag = ptag;
+                        ctx->hdrlen = p - q;
+                        ctx->valid = 1;
+                        /* If definite length, and no error, length +
+                         * header can't exceed total amount of data available. 
+                         */
+                        if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+                                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+                                asn1_tlc_clear(ctx);
+                                return 0;
+                        }
+                }
+        }
+
+        if(i & 0x80) {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+                asn1_tlc_clear(ctx);
+                return 0;
+        }
+        if(exptag >= 0) {
+                if((exptag != ptag) || (expclass != pclass)) {
+                        /* If type is OPTIONAL, not an error, but indicate missing
+                         * type.
+                         */
+                        if(opt) return -1;
+                        asn1_tlc_clear(ctx);
+                        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+                        return 0;
+                }
+                /* We have a tag and class match, so assume we are going to do something with it */
+                asn1_tlc_clear(ctx);
+        }
+
+        if(i & 1) plen = len - (p - q);
+
+        if(inf) *inf = i & 1;
+
+        if(cst) *cst = i & V_ASN1_CONSTRUCTED;
+
+        if(olen) *olen = plen;
+        if(oclass) *oclass = pclass;
+        if(otag) *otag = ptag;
+
+        *in = p;
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
new file mode 100644
index 0000000000..f6c8ddef0a
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -0,0 +1,497 @@
+/* tasn_enc.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset);
+
+/* Encode an ASN1 item, this is compatible with the
+ * standard 'i2d' function. 'out' points to 
+ * a buffer to output the data to, in future we will
+ * have more advanced versions that can output data
+ * a piece at a time and this will simply be a special
+ * case.
+ *
+ * The new i2d has one additional feature. If the output
+ * buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+        if(out && !*out) {
+                unsigned char *p, *buf;
+                int len;
+                len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0);
+                if(len <= 0) return len;
+                buf = OPENSSL_malloc(len);
+                if(!buf) return -1;
+                p = buf;
+                ASN1_item_ex_i2d(&val, &p, it, -1, 0);
+                *out = buf;
+                return len;
+        }
+                
+        return ASN1_item_ex_i2d(&val, out, it, -1, 0);
+}
+
+/* Encode an item, taking care of IMPLICIT tagging (if any).
+ * This function performs the normal item handling: it can be
+ * used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+        const ASN1_TEMPLATE *tt = NULL;
+        unsigned char *p = NULL;
+        int i, seqcontlen, seqlen;
+        ASN1_STRING *strtmp;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates)
+                        return ASN1_template_i2d(pval, out, it->templates);
+                return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                strtmp = (ASN1_STRING *)*pval;
+                return asn1_i2d_ex_primitive(pval, out, it, -1, 0);
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                                return 0;
+                i = asn1_get_choice_selector(pval, it);
+                if((i >= 0) && (i < it->tcount)) {
+                        ASN1_VALUE **pchval;
+                        const ASN1_TEMPLATE *chtt;
+                        chtt = it->templates + i;
+                        pchval = asn1_get_field_ptr(pval, chtt);
+                        return ASN1_template_i2d(pchval, out, chtt);
+                } 
+                /* Fixme: error condition if selector out of range */
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                                return 0;
+                break;
+
+                case ASN1_ITYPE_EXTERN:
+                /* If new style i2d it does all the work */
+                ef = it->funcs;
+                return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+                case ASN1_ITYPE_COMPAT:
+                /* old style hackery... */
+                cf = it->funcs;
+                if(out) p = *out;
+                i = cf->asn1_i2d(*pval, out);
+                /* Fixup for IMPLICIT tag: note this messes up for tags > 30,
+                 * but so did the old code. Tags > 30 are very rare anyway.
+                 */
+                if(out && (tag != -1))
+                        *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+                return i;
+                
+                case ASN1_ITYPE_SEQUENCE:
+                i = asn1_enc_restore(&seqcontlen, out, pval, it);
+                /* An error occurred */
+                if(i < 0) return 0;
+                /* We have a valid cached encoding... */
+                if(i > 0) return seqcontlen;
+                /* Otherwise carry on */
+                seqcontlen = 0;
+                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+                if(tag == -1) {
+                        tag = V_ASN1_SEQUENCE;
+                        aclass = V_ASN1_UNIVERSAL;
+                }
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                                return 0;
+                /* First work out sequence content length */
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) return 0;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* FIXME: check for errors in enhanced version */
+                        /* FIXME: special handling of indefinite length encoding */
+                        seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
+                }
+                seqlen = ASN1_object_size(1, seqcontlen, tag);
+                if(!out) return seqlen;
+                /* Output SEQUENCE header */
+                ASN1_put_object(out, 1, seqcontlen, tag, aclass);
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+                        const ASN1_TEMPLATE *seqtt;
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 1);
+                        if(!seqtt) return 0;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        /* FIXME: check for errors in enhanced version */
+                        ASN1_template_i2d(pseqval, out, seqtt);
+                }
+                if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                                return 0;
+                return seqlen;
+
+                default:
+                return 0;
+        }
+        return 0;
+}
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
+{
+        int i, ret, flags, aclass;
+        flags = tt->flags;
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
+        if(flags & ASN1_TFLG_SK_MASK) {
+                /* SET OF, SEQUENCE OF */
+                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+                int isset, sktag, skaclass;
+                int skcontlen, sklen;
+                ASN1_VALUE *skitem;
+                if(!*pval) return 0;
+                if(flags & ASN1_TFLG_SET_OF) {
+                        isset = 1;
+                        /* 2 means we reorder */
+                        if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
+                } else isset = 0;
+                /* First work out inner tag value */
+                if(flags & ASN1_TFLG_IMPTAG) {
+                        sktag = tt->tag;
+                        skaclass = aclass;
+                } else {
+                        skaclass = V_ASN1_UNIVERSAL;
+                        if(isset) sktag = V_ASN1_SET;
+                        else sktag = V_ASN1_SEQUENCE;
+                }
+                /* Now work out length of items */
+                skcontlen = 0;
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+                        skitem = sk_ASN1_VALUE_value(sk, i);
+                        skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+                }
+                sklen = ASN1_object_size(1, skcontlen, sktag);
+                /* If EXPLICIT need length of surrounding tag */
+                if(flags & ASN1_TFLG_EXPTAG)
+                        ret = ASN1_object_size(1, sklen, tt->tag);
+                else ret = sklen;
+
+                if(!out) return ret;
+
+                /* Now encode this lot... */
+                /* EXPLICIT tag */
+                if(flags & ASN1_TFLG_EXPTAG)
+                        ASN1_put_object(out, 1, sklen, tt->tag, aclass);
+                /* SET or SEQUENCE and IMPLICIT tag */
+                ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
+                /* And finally the stuff itself */
+                asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
+
+                return ret;
+        }
+                        
+        if(flags & ASN1_TFLG_EXPTAG) {
+                /* EXPLICIT tagging */
+                /* Find length of tagged item */
+                i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
+                if(!i) return 0;
+                /* Find length of EXPLICIT tag */
+                ret = ASN1_object_size(1, i, tt->tag);
+                if(out) {
+                        /* Output tag and item */
+                        ASN1_put_object(out, 1, i, tt->tag, aclass);
+                        ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+                }
+                return ret;
+        }
+        if(flags & ASN1_TFLG_IMPTAG) {
+                /* IMPLICIT tagging */
+                return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
+        }
+        /* Nothing special: treat as normal */
+        return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+        unsigned char *data;
+        int length;
+        ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+        const DER_ENC *d1 = a, *d2 = b;
+        int cmplen, i;
+        cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+        i = memcmp(d1->data, d2->data, cmplen);
+        if(i) return i;
+        return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort)
+{
+        int i;
+        ASN1_VALUE *skitem;
+        unsigned char *tmpdat = NULL, *p = NULL;
+        DER_ENC *derlst = NULL, *tder;
+        if(do_sort) {
+                /* Don't need to sort less than 2 items */
+                if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0;
+                else {
+                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst));
+                        tmpdat = OPENSSL_malloc(skcontlen);
+                        if(!derlst || !tmpdat) return 0;
+                }
+        }
+        /* If not sorting just output each item */
+        if(!do_sort) {
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+                        skitem = sk_ASN1_VALUE_value(sk, i);
+                        ASN1_item_i2d(skitem, out, item);
+                }
+                return 1;
+        }
+        p = tmpdat;
+        /* Doing sort: build up a list of each member's DER encoding */
+        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+                skitem = sk_ASN1_VALUE_value(sk, i);
+                tder->data = p;
+                tder->length = ASN1_item_i2d(skitem, &p, item);
+                tder->field = skitem;
+        }
+        /* Now sort them */
+        qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+        /* Output sorted DER encoding */        
+        p = *out;
+        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+                memcpy(p, tder->data, tder->length);
+                p += tder->length;
+        }
+        *out = p;
+        /* If do_sort is 2 then reorder the STACK */
+        if(do_sort == 2) {
+                for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+                        sk_ASN1_VALUE_set(sk, i, tder->field);
+        }
+        OPENSSL_free(derlst);
+        OPENSSL_free(tmpdat);
+        return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+        int len;
+        int utype;
+        int usetag;
+
+        utype = it->utype;
+
+        /* Get length of content octets and maybe find
+         * out the underlying type.
+         */
+
+        len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+        /* If SEQUENCE, SET or OTHER then header is
+         * included in pseudo content octets so don't
+         * include tag+length. We need to check here
+         * because the call to asn1_ex_i2c() could change
+         * utype.
+         */
+        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+           (utype == V_ASN1_OTHER))
+                usetag = 0;
+        else usetag = 1;
+
+        /* -1 means omit type */
+
+        if(len == -1) return 0;
+
+        /* If not implicitly tagged get tag from underlying type */
+        if(tag == -1) tag = utype;
+
+        /* Output tag+length followed by content octets */
+        if(out) {
+                if(usetag) ASN1_put_object(out, 0, len, tag, aclass);
+                asn1_ex_i2c(pval, *out, &utype, it);
+                *out += len;
+        }
+
+        if(usetag) return ASN1_object_size(0, len, tag);
+        return len;
+}
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it)
+{
+        ASN1_BOOLEAN *tbool = NULL;
+        ASN1_STRING *strtmp;
+        ASN1_OBJECT *otmp;
+        int utype;
+        unsigned char *cont, c;
+        int len;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it);
+
+        /* Should type be omitted? */
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
+                if(!*pval) return -1;
+        }
+
+        if(it->itype == ASN1_ITYPE_MSTRING) {
+                /* If MSTRING type set the underlying type */
+                strtmp = (ASN1_STRING *)*pval;
+                utype = strtmp->type;
+                *putype = utype;
+        } else if(it->utype == V_ASN1_ANY) {
+                /* If ANY set type and pointer to value */
+                ASN1_TYPE *typ;
+                typ = (ASN1_TYPE *)*pval;
+                utype = typ->type;
+                *putype = utype;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
+        } else utype = *putype;
+
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                otmp = (ASN1_OBJECT *)*pval;
+                cont = otmp->data;
+                len = otmp->length;
+                break;
+
+                case V_ASN1_NULL:
+                cont = NULL;
+                len = 0;
+                break;
+
+                case V_ASN1_BOOLEAN:
+                tbool = (ASN1_BOOLEAN *)pval;
+                if(*tbool == -1) return -1;
+                /* Default handling if value == size field then omit */
+                if(*tbool && (it->size > 0)) return -1;
+                if(!*tbool && !it->size) return -1;
+                c = (unsigned char)*tbool;
+                cont = &c;
+                len = 1;
+                break;
+
+                case V_ASN1_BIT_STRING:
+                return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
+                break;
+
+                case V_ASN1_INTEGER:
+                case V_ASN1_NEG_INTEGER:
+                case V_ASN1_ENUMERATED:
+                case V_ASN1_NEG_ENUMERATED:
+                /* These are all have the same content format
+                 * as ASN1_INTEGER
+                 */
+                return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+                break;
+
+                case V_ASN1_OCTET_STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_VIDEOTEXSTRING:
+                case V_ASN1_IA5STRING:
+                case V_ASN1_UTCTIME:
+                case V_ASN1_GENERALIZEDTIME:
+                case V_ASN1_GRAPHICSTRING:
+                case V_ASN1_VISIBLESTRING:
+                case V_ASN1_GENERALSTRING:
+                case V_ASN1_UNIVERSALSTRING:
+                case V_ASN1_BMPSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_SEQUENCE:
+                case V_ASN1_SET:
+                default:
+                /* All based on ASN1_STRING and handled the same */
+                strtmp = (ASN1_STRING *)*pval;
+                cont = strtmp->data;
+                len = strtmp->length;
+
+                break;
+
+        }
+        if(cout && len) memcpy(cout, cont, len);
+        return len;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
new file mode 100644
index 0000000000..2dd844159e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_fre.c
@@ -0,0 +1,229 @@
+/* tasn_fre.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+        asn1_item_combine_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        asn1_item_combine_free(pval, it, 0);
+}
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+        const ASN1_TEMPLATE *tt = NULL, *seqtt;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        int i;
+        if(!pval) return;
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) ASN1_template_free(pval, it->templates);
+                else ASN1_primitive_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                ASN1_primitive_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        if(i == 2) return;
+                }
+                i = asn1_get_choice_selector(pval, it);
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                if((i >= 0) && (i < it->tcount)) {
+                        ASN1_VALUE **pchval;
+                        tt = it->templates + i;
+                        pchval = asn1_get_field_ptr(pval, tt);
+                        ASN1_template_free(pchval, tt);
+                }
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if(!combine) {
+                        OPENSSL_free(*pval);
+                        *pval = NULL;
+                }
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                cf = it->funcs;
+                if(cf && cf->asn1_free) cf->asn1_free(*pval);
+                break;
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
+                break;
+
+                case ASN1_ITYPE_SEQUENCE:
+                if(asn1_do_lock(pval, -1, it) > 0) return;
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+                        if(i == 2) return;
+                }               
+                asn1_enc_free(pval, it);
+                /* If we free up as normal we will invalidate any
+                 * ANY DEFINED BY field and we wont be able to 
+                 * determine the type of the field it defines. So
+                 * free up in reverse order.
+                 */
+                tt = it->templates + it->tcount - 1;
+                for(i = 0; i < it->tcount; tt--, i++) {
+                        ASN1_VALUE **pseqval;
+                        seqtt = asn1_do_adb(pval, tt, 0);
+                        if(!seqtt) continue;
+                        pseqval = asn1_get_field_ptr(pval, seqtt);
+                        ASN1_template_free(pseqval, seqtt);
+                }
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if(!combine) {
+                        OPENSSL_free(*pval);
+                        *pval = NULL;
+                }
+                break;
+        }
+}
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        int i;
+        if(tt->flags & ASN1_TFLG_SK_MASK) {
+                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+                        ASN1_VALUE *vtmp;
+                        vtmp = sk_ASN1_VALUE_value(sk, i);
+                        asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+                }
+                sk_ASN1_VALUE_free(sk);
+                *pval = NULL;
+        } else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+                                                tt->flags & ASN1_TFLG_COMBINE);
+}
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        int utype;
+        if(it) {
+                const ASN1_PRIMITIVE_FUNCS *pf;
+                pf = it->funcs;
+                if(pf && pf->prim_free) {
+                        pf->prim_free(pval, it);
+                        return;
+                }
+        }
+        /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+        if(!it) {
+                ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+                utype = typ->type;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
+                if(!*pval) return;
+        } else if(it->itype == ASN1_ITYPE_MSTRING) {
+                utype = -1;
+                if(!*pval) return;
+        } else {
+                utype = it->utype;
+                if((utype != V_ASN1_BOOLEAN) && !*pval) return;
+        }
+
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+                break;
+
+                case V_ASN1_BOOLEAN:
+                if (it)
+                        *(ASN1_BOOLEAN *)pval = it->size;
+                else
+                        *(ASN1_BOOLEAN *)pval = -1;
+                return;
+
+                case V_ASN1_NULL:
+                break;
+
+                case V_ASN1_ANY:
+                ASN1_primitive_free(pval, NULL);
+                OPENSSL_free(*pval);
+                break;
+
+                default:
+                ASN1_STRING_free((ASN1_STRING *)*pval);
+                *pval = NULL;
+                break;
+        }
+        *pval = NULL;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
new file mode 100644
index 0000000000..a0e3db574f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -0,0 +1,351 @@
+/* tasn_new.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+        ASN1_VALUE *ret = NULL;
+        if(ASN1_item_ex_new(&ret, it) > 0) return ret;
+        return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        return asn1_item_ex_combine_new(pval, it, 0);
+}
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+        const ASN1_TEMPLATE *tt = NULL;
+        const ASN1_COMPAT_FUNCS *cf;
+        const ASN1_EXTERN_FUNCS *ef;
+        const ASN1_AUX *aux = it->funcs;
+        ASN1_aux_cb *asn1_cb;
+        ASN1_VALUE **pseqval;
+        int i;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
+
+        if(!combine) *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_push_info(it->sname);
+#endif
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if(ef && ef->asn1_ex_new) {
+                        if(!ef->asn1_ex_new(pval, it))
+                                goto memerr;
+                }
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                cf = it->funcs;
+                if(cf && cf->asn1_new) {
+                        *pval = cf->asn1_new();
+                        if(!*pval) goto memerr;
+                }
+                break;
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) {
+                        if(!ASN1_template_new(pval, it->templates))
+                                goto memerr;
+                } else {
+                        if(!ASN1_primitive_new(pval, it))
+                                goto memerr;
+                }
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                if(!ASN1_primitive_new(pval, it))
+                                goto memerr;
+                break;
+
+                case ASN1_ITYPE_CHOICE:
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        if(!i) goto auxerr;
+                        if(i==2) {
+#ifdef CRYPTO_MDEBUG
+                                if(it->sname) CRYPTO_pop_info();
+#endif
+                                return 1;
+                        }
+                }
+                if(!combine) {
+                        *pval = OPENSSL_malloc(it->size);
+                        if(!*pval) goto memerr;
+                        memset(*pval, 0, it->size);
+                }
+                asn1_set_choice_selector(pval, -1, it);
+                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                                goto auxerr;
+                break;
+
+                case ASN1_ITYPE_SEQUENCE:
+                if(asn1_cb) {
+                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+                        if(!i) goto auxerr;
+                        if(i==2) {
+#ifdef CRYPTO_MDEBUG
+                                if(it->sname) CRYPTO_pop_info();
+#endif
+                                return 1;
+                        }
+                }
+                if(!combine) {
+                        *pval = OPENSSL_malloc(it->size);
+                        if(!*pval) goto memerr;
+                        memset(*pval, 0, it->size);
+                        asn1_do_lock(pval, 0, it);
+                        asn1_enc_init(pval, it);
+                }
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+                        pseqval = asn1_get_field_ptr(pval, tt);
+                        if(!ASN1_template_new(pseqval, tt)) goto memerr;
+                }
+                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                                goto auxerr;
+                break;
+        }
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return 1;
+
+        memerr:
+        ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return 0;
+
+        auxerr:
+        ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
+        ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        const ASN1_EXTERN_FUNCS *ef;
+
+        switch(it->itype) {
+
+                case ASN1_ITYPE_EXTERN:
+                ef = it->funcs;
+                if(ef && ef->asn1_ex_clear) 
+                        ef->asn1_ex_clear(pval, it);
+                else *pval = NULL;
+                break;
+
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates) 
+                        asn1_template_clear(pval, it->templates);
+                else
+                        asn1_primitive_clear(pval, it);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                asn1_primitive_clear(pval, it);
+                break;
+
+                case ASN1_ITYPE_COMPAT:
+                case ASN1_ITYPE_CHOICE:
+                case ASN1_ITYPE_SEQUENCE:
+                *pval = NULL;
+                break;
+        }
+}
+
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+        int ret;
+        if(tt->flags & ASN1_TFLG_OPTIONAL) {
+                asn1_template_clear(pval, tt);
+                return 1;
+        }
+        /* If ANY DEFINED BY nothing to do */
+
+        if(tt->flags & ASN1_TFLG_ADB_MASK) {
+                *pval = NULL;
+                return 1;
+        }
+#ifdef CRYPTO_MDEBUG
+        if(tt->field_name) CRYPTO_push_info(tt->field_name);
+#endif
+        /* If SET OF or SEQUENCE OF, its a STACK */
+        if(tt->flags & ASN1_TFLG_SK_MASK) {
+                STACK_OF(ASN1_VALUE) *skval;
+                skval = sk_ASN1_VALUE_new_null();
+                if(!skval) {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+                        ret = 0;
+                        goto done;
+                }
+                *pval = (ASN1_VALUE *)skval;
+                ret = 1;
+                goto done;
+        }
+        /* Otherwise pass it back to the item routine */
+        ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+        done:
+#ifdef CRYPTO_MDEBUG
+        if(it->sname) CRYPTO_pop_info();
+#endif
+        return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        /* If ADB or STACK just NULL the field */
+        if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
+                *pval = NULL;
+        else
+                asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+
+/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old
+ * functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_TYPE *typ;
+        int utype;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if(pf && pf->prim_new) return pf->prim_new(pval, it);
+        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+        else utype = it->utype;
+        switch(utype) {
+                case V_ASN1_OBJECT:
+                *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+                return 1;
+
+                case V_ASN1_BOOLEAN:
+                if (it)
+                        *(ASN1_BOOLEAN *)pval = it->size;
+                else
+                        *(ASN1_BOOLEAN *)pval = -1;
+                return 1;
+
+                case V_ASN1_NULL:
+                *pval = (ASN1_VALUE *)1;
+                return 1;
+
+                case V_ASN1_ANY:
+                typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+                if(!typ) return 0;
+                typ->value.ptr = NULL;
+                typ->type = -1;
+                *pval = (ASN1_VALUE *)typ;
+                break;
+
+                default:
+                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+                break;
+        }
+        if(*pval) return 1;
+        return 0;
+}
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        int utype;
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if(pf) {
+                if(pf->prim_clear)
+                        pf->prim_clear(pval, it);
+                else 
+                        *pval = NULL;
+                return;
+        }
+        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+        else utype = it->utype;
+        if(utype == V_ASN1_BOOLEAN)
+                *(ASN1_BOOLEAN *)pval = it->size;
+        else *pval = NULL;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
new file mode 100644
index 0000000000..719639b511
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -0,0 +1,198 @@
+/* tasn_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/* Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+        return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+{
+        ASN1_STRING *str;
+        const ASN1_TEMPLATE *tt;
+        void *tmpfld;
+        int i;
+        if(!fld) {
+                BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+                return 1;
+        }
+        switch(it->itype) {
+
+                case ASN1_ITYPE_PRIMITIVE:
+                if(it->templates)
+                        return ASN1_template_print(out, fld, indent, it->templates);
+                return asn1_primitive_print(out, fld, it->utype, indent, name);
+                break;
+
+                case ASN1_ITYPE_MSTRING:
+                str = fld;
+                return asn1_primitive_print(out, fld, str->type, indent, name);
+
+                case ASN1_ITYPE_EXTERN:
+                BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                return 1;
+                case ASN1_ITYPE_COMPAT:
+                BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+                return 1;
+
+
+                case ASN1_ITYPE_CHOICE:
+                /* CHOICE type, get selector */
+                i = asn1_get_choice_selector(fld, it);
+                /* This should never happen... */
+                if((i < 0) || (i >= it->tcount)) {
+                        BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+                        return 1;
+                }
+                tt = it->templates + i;
+                tmpfld = asn1_get_field(fld, tt);
+                return ASN1_template_print(out, tmpfld, indent, tt);
+
+                case ASN1_ITYPE_SEQUENCE:
+                BIO_printf(out, "%*s%s {\n", indent, "", name);
+                /* Get each field entry */
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+                        tmpfld = asn1_get_field(fld, tt);
+                        ASN1_template_print(out, tmpfld, indent + 2, tt);
+                }
+                BIO_printf(out, "%*s}\n", indent, "");
+                return 1;
+
+                default:
+                return 0;
+        }
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+{
+        int i, flags;
+#if 0
+        if(!fld) return 0; 
+#endif
+        flags = tt->flags;
+        if(flags & ASN1_TFLG_SK_MASK) {
+                char *tname;
+                void *skitem;
+                /* SET OF, SEQUENCE OF */
+                if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+                else tname = "SEQUENCE";
+                if(fld) {
+                        BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+                        for(i = 0; i < sk_num(fld); i++) {
+                                skitem = sk_value(fld, i);
+                                asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+                        }
+                        BIO_printf(out, "%*s}\n", indent, "");
+                } else 
+                        BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
+                return 1;
+        }
+        return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+{
+        ASN1_STRING *str = fld;
+        if(fld) {
+                if(utype == V_ASN1_BOOLEAN) {
+                        int *bool = fld;
+if(*bool == -1) printf("BOOL MISSING\n");
+                        BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+                } else if((utype == V_ASN1_INTEGER) 
+                          || (utype == V_ASN1_ENUMERATED)) {
+                        char *s, *nm;
+                        s = i2s_ASN1_INTEGER(NULL, fld);
+                        if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+                        else nm = "ENUMERATED";
+                        BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+                        OPENSSL_free(s);
+                } else if(utype == V_ASN1_NULL) {
+                        BIO_printf(out, "%*s%s", indent, "", "NULL");
+                } else if(utype == V_ASN1_UTCTIME) {
+                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+                        ASN1_UTCTIME_print(out, str);
+                } else if(utype == V_ASN1_GENERALIZEDTIME) {
+                        BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+                        ASN1_GENERALIZEDTIME_print(out, str);
+                } else if(utype == V_ASN1_OBJECT) {
+                        char objbuf[80], *ln;
+                        ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+                        if(!ln) ln = "";
+                        OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
+                        BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
+                } else {
+                        BIO_printf(out, "%*s%s:", indent, "", name);
+                        ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+                }
+                BIO_printf(out, "\n");
+        } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
new file mode 100644
index 0000000000..804d2eeba2
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_typ.c
@@ -0,0 +1,133 @@
+/* tasn_typ.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
new file mode 100644
index 0000000000..8996ce8c13
--- /dev/null
+++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -0,0 +1,253 @@
+/* tasn_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/* Given an ASN1_ITEM CHOICE type return
+ * the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        int *sel = offset2ptr(*pval, it->utype);
+        return *sel;
+}
+
+/* Given an ASN1_ITEM CHOICE type set
+ * the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
+{       
+        int *sel, ret;
+        sel = offset2ptr(*pval, it->utype);
+        ret = *sel;
+        *sel = value;
+        return ret;
+}
+
+/* Do reference counting. The value 'op' decides what to do. 
+ * if it is +1 then the count is incremented. If op is 0 count is
+ * set to 1. If op is -1 count is decremented and the return value
+ * is the current refrence count or 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+        const ASN1_AUX *aux;
+        int *lck, ret;
+        if(it->itype != ASN1_ITYPE_SEQUENCE) return 0;
+        aux = it->funcs;
+        if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
+        lck = offset2ptr(*pval, aux->ref_offset);
+        if(op == 0) {
+                *lck = 1;
+                return 1;
+        }
+        ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+        fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+        if(ret < 0) 
+                fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+        return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        const ASN1_AUX *aux;
+        if(!pval || !*pval) return NULL;
+        aux = it->funcs;
+        if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL;
+        return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(enc) {
+                enc->enc = NULL;
+                enc->len = 0;
+                enc->modified = 1;
+        }
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(enc) {
+                if(enc->enc) OPENSSL_free(enc->enc);
+                enc->enc = NULL;
+                enc->len = 0;
+                enc->modified = 1;
+        }
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(!enc) return 1;
+
+        if(enc->enc) OPENSSL_free(enc->enc);
+        enc->enc = OPENSSL_malloc(inlen);
+        if(!enc->enc) return 0;
+        memcpy(enc->enc, in, inlen);
+        enc->len = inlen;
+        enc->modified = 0;
+
+        return 1;
+}
+                
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        ASN1_ENCODING *enc;
+        enc = asn1_get_enc_ptr(pval, it);
+        if(!enc || enc->modified) return 0;
+        if(out) {
+                memcpy(*out, enc->enc, enc->len);
+                *out += enc->len;
+        }
+        if(len) *len = enc->len;
+        return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+        ASN1_VALUE **pvaltmp;
+        if(tt->flags & ASN1_TFLG_COMBINE) return pval;
+        pvaltmp = offset2ptr(*pval, tt->offset);
+        /* NOTE for BOOLEAN types the field is just a plain
+         * int so we can't return int **, so settle for
+         * (int *).
+         */
+        return pvaltmp;
+}
+
+/* Handle ANY DEFINED BY template, find the selector, look up
+ * the relevant ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
+{
+        const ASN1_ADB *adb;
+        const ASN1_ADB_TABLE *atbl;
+        long selector;
+        ASN1_VALUE **sfld;
+        int i;
+        if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
+
+        /* Else ANY DEFINED BY ... get the table */
+        adb = ASN1_ADB_ptr(tt->item);
+
+        /* Get the selector field */
+        sfld = offset2ptr(*pval, adb->offset);
+
+        /* Check if NULL */
+        if(!sfld) {
+                if(!adb->null_tt) goto err;
+                return adb->null_tt;
+        }
+
+        /* Convert type to a long:
+         * NB: don't check for NID_undef here because it
+         * might be a legitimate value in the table
+         */
+        if(tt->flags & ASN1_TFLG_ADB_OID) 
+                selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+        else 
+                selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+        /* Try to find matching entry in table
+         * Maybe should check application types first to
+         * allow application override? Might also be useful
+         * to have a flag which indicates table is sorted and
+         * we can do a binary search. For now stick to a
+         * linear search.
+         */
+
+        for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+                if(atbl->value == selector) return &atbl->tt;
+
+        /* FIXME: need to search application table too */
+
+        /* No match, return default type */
+        if(!adb->default_tt) goto err;          
+        return adb->default_tt;
+        
+        err:
+        /* FIXME: should log the value or OID of unsupported type */
+        if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+        return NULL;
+}
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
new file mode 100644
index 0000000000..00b9ea54a1
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -0,0 +1,73 @@
+/* x_algor.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_ALGOR) = {
+        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
+
+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c
new file mode 100644
index 0000000000..1e3713f18f
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_attrib.c
@@ -0,0 +1,118 @@
+/* crypto/asn1/x_attrib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *      {
+ *      ASN1_OBJECT *object;
+ *      int single;
+ *      union   {
+ *              char            *ptr;
+ *              STACK_OF(ASN1_TYPE) *set;
+ *              ASN1_TYPE       *single;
+ *              } value;
+ *      } X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
+ */
+
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+        ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+        ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        /* CHOICE type merged with parent */
+        ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+        {
+        X509_ATTRIBUTE *ret=NULL;
+        ASN1_TYPE *val=NULL;
+
+        if ((ret=X509_ATTRIBUTE_new()) == NULL)
+                return(NULL);
+        ret->object=OBJ_nid2obj(nid);
+        ret->single=0;
+        if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
+        if ((val=ASN1_TYPE_new()) == NULL) goto err;
+        if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+
+        ASN1_TYPE_set(val,atrtype,value);
+        return(ret);
+err:
+        if (ret != NULL) X509_ATTRIBUTE_free(ret);
+        if (val != NULL) ASN1_TYPE_free(val);
+        return(NULL);
+        }
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
new file mode 100644
index 0000000000..848c7a0877
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_bignum.c
@@ -0,0 +1,137 @@
+/* x_bignum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
+ * BIGNUMs used are non negative and anything that looks negative is normally due
+ * to an encoding error.
+ */
+
+#define BN_SENSITIVE    1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+        NULL, 0,
+        bn_new,
+        bn_free,
+        0,
+        bn_c2i,
+        bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *pval = (ASN1_VALUE *)BN_new();
+        if(*pval) return 1;
+        else return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(!*pval) return;
+        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+        else BN_free((BIGNUM *)*pval);
+        *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+        BIGNUM *bn;
+        int pad;
+        if(!*pval) return -1;
+        bn = (BIGNUM *)*pval;
+        /* If MSB set in an octet we need a padding byte */
+        if(BN_num_bits(bn) & 0x7) pad = 0;
+        else pad = 1;
+        if(cont) {
+                if(pad) *cont++ = 0;
+                BN_bn2bin(bn, cont);
+        }
+        return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        BIGNUM *bn;
+        if(!*pval) bn_new(pval, it);
+        bn  = (BIGNUM *)*pval;
+        if(!BN_bin2bn(cont, len, bn)) {
+                bn_free(pval, it);
+                return 0;
+        }
+        return 1;
+}
+
+
diff --git a/src/lib/libcrypto/asn1/x_cinf.c b/src/lib/libcrypto/asn1/x_cinf.c
new file mode 100644
index 0000000000..339a110eef
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_cinf.c
@@ -0,0 +1,201 @@
+/* crypto/asn1/x_cinf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
+        {
+        int v1=0,v2=0;
+        M_ASN1_I2D_vars(a);
+
+        M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_len(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_len(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_len(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_len_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+                                             i2d_X509_EXTENSION,3,
+                                             V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_seq_total();
+
+        M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_put(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_put(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_put(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_put_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING,1);
+        M_ASN1_I2D_put_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING,2);
+        M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+                                             i2d_X509_EXTENSION,3,
+                                             V_ASN1_SEQUENCE,v2);
+
+        M_ASN1_I2D_finish();
+        }
+
+X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length)
+        {
+        int ver=0;
+        M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        /* we have the optional version field */
+        if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+                {
+                M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
+                if (ret->version->data != NULL)
+                        ver=ret->version->data[0];
+                }
+        else
+                {
+                if (ret->version != NULL)
+                        {
+                        M_ASN1_INTEGER_free(ret->version);
+                        ret->version=NULL;
+                        }
+                }
+        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
+        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
+        if (ver >= 1) /* version 2 extensions */
+                {
+                if (ret->issuerUID != NULL)
+                        {
+                        M_ASN1_BIT_STRING_free(ret->issuerUID);
+                        ret->issuerUID=NULL;
+                        }
+                if (ret->subjectUID != NULL)
+                        {
+                        M_ASN1_BIT_STRING_free(ret->subjectUID);
+                        ret->subjectUID=NULL;
+                        }
+                M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
+                        V_ASN1_BIT_STRING);
+                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
+                        V_ASN1_BIT_STRING);
+                }
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
+        if (ver >= 2) /* version 3 extensions */
+#endif
+                {
+                if (ret->extensions != NULL)
+                        while (sk_X509_EXTENSION_num(ret->extensions))
+                                X509_EXTENSION_free(
+                                      sk_X509_EXTENSION_pop(ret->extensions));
+                M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+                                                d2i_X509_EXTENSION,
+                                                X509_EXTENSION_free,3,
+                                                V_ASN1_SEQUENCE);
+                }
+        M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
+        }
+
+X509_CINF *X509_CINF_new(void)
+        {
+        X509_CINF *ret=NULL;
+        ASN1_CTX c;
+
+        M_ASN1_New_Malloc(ret,X509_CINF);
+        ret->version=NULL;
+        M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
+        M_ASN1_New(ret->signature,X509_ALGOR_new);
+        M_ASN1_New(ret->issuer,X509_NAME_new);
+        M_ASN1_New(ret->validity,X509_VAL_new);
+        M_ASN1_New(ret->subject,X509_NAME_new);
+        M_ASN1_New(ret->key,X509_PUBKEY_new);
+        ret->issuerUID=NULL;
+        ret->subjectUID=NULL;
+        ret->extensions=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
+        }
+
+void X509_CINF_free(X509_CINF *a)
+        {
+        if (a == NULL) return;
+        M_ASN1_INTEGER_free(a->version);
+        M_ASN1_INTEGER_free(a->serialNumber);
+        X509_ALGOR_free(a->signature);
+        X509_NAME_free(a->issuer);
+        X509_VAL_free(a->validity);
+        X509_NAME_free(a->subject);
+        X509_PUBKEY_free(a->key);
+        M_ASN1_BIT_STRING_free(a->issuerUID);
+        M_ASN1_BIT_STRING_free(a->subjectUID);
+        sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+        OPENSSL_free(a);
+        }
+
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
new file mode 100644
index 0000000000..b99f8fc522
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -0,0 +1,140 @@
+/* crypto/asn1/x_crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+                                const X509_REVOKED * const *b);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/* The X509_CRL_INFO structure needs a bit of customisation.
+ * Since we cache the original encoding the signature wont be affected by
+ * reordering of the revoked field.
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+        if(!a || !a->revoked) return 1;
+        switch(operation) {
+                /* Just set cmp function here. We don't sort because that
+                 * would affect the output of X509_CRL_print().
+                 */
+                case ASN1_OP_D2I_POST:
+                sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                break;
+        }
+        return 1;
+}
+
+
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+                        const X509_REVOKED * const *b)
+        {
+        return(ASN1_STRING_cmp(
+                (ASN1_STRING *)(*a)->serialNumber,
+                (ASN1_STRING *)(*b)->serialNumber));
+        }
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+        X509_CRL_INFO *inf;
+        inf = crl->crl;
+        if(!inf->revoked)
+                inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        inf->enc.modified = 1;
+        return 1;
+}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
new file mode 100644
index 0000000000..702421b6c8
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_exten.c
@@ -0,0 +1,71 @@
+/* x_exten.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
new file mode 100644
index 0000000000..d44f6cdb01
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_info.c
@@ -0,0 +1,114 @@
+/* crypto/asn1/x_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+X509_INFO *X509_INFO_new(void)
+        {
+        X509_INFO *ret=NULL;
+
+        ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+ 
+        ret->enc_cipher.cipher=NULL;
+        ret->enc_len=0;
+        ret->enc_data=NULL;
+ 
+        ret->references=1;
+        ret->x509=NULL;
+        ret->crl=NULL;
+        ret->x_pkey=NULL;
+        return(ret);
+        }
+
+void X509_INFO_free(X509_INFO *x)
+        {
+        int i;
+
+        if (x == NULL) return;
+
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+#ifdef REF_PRINT
+        REF_PRINT("X509_INFO",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_INFO_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (x->x509 != NULL) X509_free(x->x509);
+        if (x->crl != NULL) X509_CRL_free(x->crl);
+        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+        if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
+        OPENSSL_free(x);
+        }
+
+IMPLEMENT_STACK_OF(X509_INFO)
+
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
new file mode 100644
index 0000000000..c5f25956cb
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -0,0 +1,169 @@
+/* x_long.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
+ * and a long directly.
+ */
+
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+        NULL, 0,
+        long_new,
+        long_free,
+        long_free,      /* Clear should set to initial value */
+        long_c2i,
+        long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *(long *)pval = it->size;
+        return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        *(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+        long ltmp;
+        unsigned long utmp;
+        int clen, pad, i;
+        /* this exists to bypass broken gcc optimization */
+        char *cp = (char *)pval;
+
+        /* use memcpy, because we may not be long aligned */
+        memcpy(&ltmp, cp, sizeof(long));
+
+        if(ltmp == it->size) return -1;
+        /* Convert the long to positive: we subtract one if negative so
+         * we can cleanly handle the padding if only the MSB of the leading
+         * octet is set. 
+         */
+        if(ltmp < 0) utmp = -ltmp - 1;
+        else utmp = ltmp;
+        clen = BN_num_bits_word(utmp);
+        /* If MSB of leading octet set we need to pad */
+        if(!(clen & 0x7)) pad = 1;
+        else pad = 0;
+
+        /* Convert number of bits to number of octets */
+        clen = (clen + 7) >> 3;
+
+        if(cont) {
+                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+                for(i = clen - 1; i >= 0; i--) {
+                        cont[i] = (unsigned char)(utmp & 0xff);
+                        if(ltmp < 0) cont[i] ^= 0xff;
+                        utmp >>= 8;
+                }
+        }
+        return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+        int neg, i;
+        long ltmp;
+        unsigned long utmp = 0;
+        char *cp = (char *)pval;
+        if(len > sizeof(long)) {
+                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                return 0;
+        }
+        /* Is it negative? */
+        if(len && (cont[0] & 0x80)) neg = 1;
+        else neg = 0;
+        utmp = 0;
+        for(i = 0; i < len; i++) {
+                utmp <<= 8;
+                if(neg) utmp |= cont[i] ^ 0xff;
+                else utmp |= cont[i];
+        }
+        ltmp = (long)utmp;
+        if(neg) {
+                ltmp++;
+                ltmp = -ltmp;
+        }
+        if(ltmp == it->size) {
+                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+                return 0;
+        }
+        memcpy(cp, &ltmp, sizeof(long));
+        return 1;
+}
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
new file mode 100644
index 0000000000..31f3377b64
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -0,0 +1,275 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
+ * so declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/* Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and convert
+ * to the external form.
+ */
+
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+        NULL,
+        x509_name_ex_new,
+        x509_name_ex_free,
+        0,      /* Default clear behaviour is OK */
+        x509_name_ex_d2i,
+        x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+        X509_NAME *ret = NULL;
+        ret = OPENSSL_malloc(sizeof(X509_NAME));
+        if(!ret) goto memerr;
+        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+        ret->modified=1;
+        *val = (ASN1_VALUE *)ret;
+        return 1;
+
+ memerr:
+        ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
+        if (ret)
+                {
+                if (ret->entries)
+                        sk_X509_NAME_ENTRY_free(ret->entries);
+                OPENSSL_free(ret);
+                }
+        return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_NAME *a;
+        if(!pval || !*pval)
+            return;
+        a = (X509_NAME *)*pval;
+
+        BUF_MEM_free(a->bytes);
+        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        OPENSSL_free(a);
+        *pval = NULL;
+}
+
+/* Used with sk_pop_free() to free up the internal representation.
+ * NB: we only free the STACK and not its contents because it is
+ * already present in the X509_NAME structure.
+ */
+
+static void sk_internal_free(void *a)
+{
+        sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+        unsigned char *p = *in, *q;
+        STACK *intname = NULL, **intname_pp = &intname;
+        int i, j, ret;
+        X509_NAME *nm = NULL, **nm_pp = &nm;
+        STACK_OF(X509_NAME_ENTRY) *entries;
+        X509_NAME_ENTRY *entry;
+        q = p;
+
+        /* Get internal representation of Name */
+        ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
+                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                               tag, aclass, opt, ctx);
+        
+        if(ret <= 0) return ret;
+
+        if(*val) x509_name_ex_free(val, NULL);
+        if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;
+        /* We've decoded it: now cache encoding */
+        if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
+        memcpy(nm->bytes->data, q, p - q);
+
+        /* Convert internal representation to X509_NAME structure */
+        for(i = 0; i < sk_num(intname); i++) {
+                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
+                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+                        entry = sk_X509_NAME_ENTRY_value(entries, j);
+                        entry->set = i;
+                        if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
+                                goto err;
+                }
+                sk_X509_NAME_ENTRY_free(entries);
+        }
+        sk_free(intname);
+        nm->modified = 0;
+        *val = (ASN1_VALUE *)nm;
+        *in = p;
+        return ret;
+        err:
+        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+        int ret;
+        X509_NAME *a = (X509_NAME *)*val;
+        if(a->modified) {
+                ret = x509_name_encode((X509_NAME *)a);
+                if(ret < 0) return ret;
+        }
+        ret = a->bytes->length;
+        if(out != NULL) {
+                memcpy(*out,a->bytes->data,ret);
+                *out+=ret;
+        }
+        return ret;
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+        STACK *intname = NULL, **intname_pp = &intname;
+        int len;
+        unsigned char *p;
+        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+        X509_NAME_ENTRY *entry;
+        int i, set = -1;
+        intname = sk_new_null();
+        if(!intname) goto memerr;
+        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+                if(entry->set != set) {
+                        entries = sk_X509_NAME_ENTRY_new_null();
+                        if(!entries) goto memerr;
+                        if(!sk_push(intname, (char *)entries)) goto memerr;
+                        set = entry->set;
+                }
+                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
+        }
+        len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
+                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+        p=(unsigned char *)a->bytes->data;
+        ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
+                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        sk_pop_free(intname, sk_internal_free);
+        a->modified = 0;
+        return len;
+        memerr:
+        sk_pop_free(intname, sk_internal_free);
+        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
+        return -1;
+}
+
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+        {
+        X509_NAME *in;
+
+        if (!xn || !name) return(0);
+
+        if (*xn != name)
+                {
+                in=X509_NAME_dup(name);
+                if (in != NULL)
+                        {
+                        X509_NAME_free(*xn);
+                        *xn=in;
+                        }
+                }
+        return(*xn != NULL);
+        }
+        
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
new file mode 100644
index 0000000000..f1c6221ac3
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_pkey.c
@@ -0,0 +1,151 @@
+/* crypto/asn1/x_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+/* need to implement */
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+        {
+        return(0);
+        }
+
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length)
+        {
+        int i;
+        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+
+        ret->cipher.cipher=EVP_get_cipherbyname(
+                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+        if (ret->cipher.cipher == NULL)
+                {
+                c.error=ASN1_R_UNSUPPORTED_CIPHER;
+                c.line=__LINE__;
+                goto err;
+                }
+        if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
+                {
+                i=ret->enc_algor->parameter->value.octet_string->length;
+                if (i > EVP_MAX_IV_LENGTH)
+                        {
+                        c.error=ASN1_R_IV_TOO_LARGE;
+                        c.line=__LINE__;
+                        goto err;
+                        }
+                memcpy(ret->cipher.iv,
+                        ret->enc_algor->parameter->value.octet_string->data,i);
+                }
+        else
+                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+        }
+
+X509_PKEY *X509_PKEY_new(void)
+        {
+        X509_PKEY *ret=NULL;
+        ASN1_CTX c;
+
+        M_ASN1_New_Malloc(ret,X509_PKEY);
+        ret->version=0;
+        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+        M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
+        ret->dec_pkey=NULL;
+        ret->key_length=0;
+        ret->key_data=NULL;
+        ret->key_free=0;
+        ret->cipher.cipher=NULL;
+        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        ret->references=1;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+        }
+
+void X509_PKEY_free(X509_PKEY *x)
+        {
+        int i;
+
+        if (x == NULL) return;
+
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("X509_PKEY",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_PKEY_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+        if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
+        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+        if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
+        OPENSSL_free(x);
+        }
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
new file mode 100644
index 0000000000..7d6d71af88
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -0,0 +1,360 @@
+/* crypto/asn1/x_pubkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_FREE_POST) {
+                X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+                EVP_PKEY_free(pubkey->pkey);
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+        {
+        X509_PUBKEY *pk=NULL;
+        X509_ALGOR *a;
+        ASN1_OBJECT *o;
+        unsigned char *s,*p = NULL;
+        int i;
+
+        if (x == NULL) return(0);
+
+        if ((pk=X509_PUBKEY_new()) == NULL) goto err;
+        a=pk->algor;
+
+        /* set the algorithm id */
+        if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm=o;
+
+        /* Set the parameter list */
+        if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
+                {
+                if ((a->parameter == NULL) ||
+                        (a->parameter->type != V_ASN1_NULL))
+                        {
+                        ASN1_TYPE_free(a->parameter);
+                        if (!(a->parameter=ASN1_TYPE_new()))
+                                {
+                                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        a->parameter->type=V_ASN1_NULL;
+                        }
+                }
+        else
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                {
+                unsigned char *pp;
+                DSA *dsa;
+
+                dsa=pkey->pkey.dsa;
+                dsa->write_params=0;
+                ASN1_TYPE_free(a->parameter);
+                if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
+                        goto err;
+                if (!(p=(unsigned char *)OPENSSL_malloc(i)))
+                        {
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                pp=p;
+                i2d_DSAparams(dsa,&pp);
+                if (!(a->parameter=ASN1_TYPE_new()))
+                        {
+                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                a->parameter->type=V_ASN1_SEQUENCE;
+                if (!(a->parameter->value.sequence=ASN1_STRING_new()))
+                        {
+                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+                        {
+                        OPENSSL_free(p);
+                        X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                OPENSSL_free(p);
+                }
+        else
+#endif
+                {
+                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+                goto err;
+                }
+
+        if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
+        if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+                {
+                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=s;
+        i2d_PublicKey(pkey,&p);
+        if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
+                {
+                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        /* Set number of unused bits to zero */
+        pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+
+        OPENSSL_free(s);
+
+#if 0
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        pk->pkey=pkey;
+#endif
+
+        if (*x != NULL)
+                X509_PUBKEY_free(*x);
+
+        *x=pk;
+
+        return 1;
+err:
+        if (pk != NULL) X509_PUBKEY_free(pk);
+        return 0;
+        }
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+        {
+        EVP_PKEY *ret=NULL;
+        long j;
+        int type;
+        unsigned char *p;
+#ifndef OPENSSL_NO_DSA
+        const unsigned char *cp;
+        X509_ALGOR *a;
+#endif
+
+        if (key == NULL) goto err;
+
+        if (key->pkey != NULL)
+            {
+            CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+            return(key->pkey);
+            }
+
+        if (key->public_key == NULL) goto err;
+
+        type=OBJ_obj2nid(key->algor->algorithm);
+        p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
+                {
+                X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
+                goto err;
+                }
+        ret->save_parameters=0;
+
+#ifndef OPENSSL_NO_DSA
+        a=key->algor;
+        if (ret->type == EVP_PKEY_DSA)
+                {
+                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+                        {
+                        ret->pkey.dsa->write_params=0;
+                        cp=p=a->parameter->value.sequence->data;
+                        j=a->parameter->value.sequence->length;
+                        if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
+                                goto err;
+                        }
+                ret->save_parameters=1;
+                }
+#endif
+        key->pkey=ret;
+        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
+        return(ret);
+err:
+        if (ret != NULL)
+                EVP_PKEY_free(ret);
+        return(NULL);
+        }
+
+/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
+ * and encode or decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
+             long length)
+{
+        X509_PUBKEY *xpk;
+        EVP_PKEY *pktmp;
+        xpk = d2i_X509_PUBKEY(NULL, pp, length);
+        if(!xpk) return NULL;
+        pktmp = X509_PUBKEY_get(xpk);
+        X509_PUBKEY_free(xpk);
+        if(!pktmp) return NULL;
+        if(a) {
+                EVP_PKEY_free(*a);
+                *a = pktmp;
+        }
+        return pktmp;
+}
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+{
+        X509_PUBKEY *xpk=NULL;
+        int ret;
+        if(!a) return 0;
+        if(!X509_PUBKEY_set(&xpk, a)) return 0;
+        ret = i2d_X509_PUBKEY(xpk, pp);
+        X509_PUBKEY_free(xpk);
+        return ret;
+}
+
+/* The following are equivalents but which return RSA and DSA
+ * keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
+             long length)
+{
+        EVP_PKEY *pkey;
+        RSA *key;
+        unsigned char *q;
+        q = *pp;
+        pkey = d2i_PUBKEY(NULL, &q, length);
+        if(!pkey) return NULL;
+        key = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_free(pkey);
+        if(!key) return NULL;
+        *pp = q;
+        if(a) {
+                RSA_free(*a);
+                *a = key;
+        }
+        return key;
+}
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+{
+        EVP_PKEY *pktmp;
+        int ret;
+        if(!a) return 0;
+        pktmp = EVP_PKEY_new();
+        if(!pktmp) {
+                ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        EVP_PKEY_set1_RSA(pktmp, a);
+        ret = i2d_PUBKEY(pktmp, pp);
+        EVP_PKEY_free(pktmp);
+        return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
+             long length)
+{
+        EVP_PKEY *pkey;
+        DSA *key;
+        unsigned char *q;
+        q = *pp;
+        pkey = d2i_PUBKEY(NULL, &q, length);
+        if(!pkey) return NULL;
+        key = EVP_PKEY_get1_DSA(pkey);
+        EVP_PKEY_free(pkey);
+        if(!key) return NULL;
+        *pp = q;
+        if(a) {
+                DSA_free(*a);
+                *a = key;
+        }
+        return key;
+}
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+{
+        EVP_PKEY *pktmp;
+        int ret;
+        if(!a) return 0;
+        pktmp = EVP_PKEY_new();
+        if(!pktmp) {
+                ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        EVP_PKEY_set1_DSA(pktmp, a);
+        ret = i2d_PUBKEY(pktmp, pp);
+        EVP_PKEY_free(pktmp);
+        return ret;
+}
+#endif
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
new file mode 100644
index 0000000000..b3f18ebc12
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -0,0 +1,112 @@
+/* crypto/asn1/x_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK. 
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+        if(operation == ASN1_OP_NEW_POST) {
+                rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+                if(!rinf->attributes) return 0;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
+         */
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
+        ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c
new file mode 100644
index 0000000000..42efa86c1c
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_sig.c
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_sig.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_SIG) = {
+        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c
new file mode 100644
index 0000000000..2aece077c5
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_spki.c
@@ -0,0 +1,81 @@
+/* crypto/asn1/x_spki.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+ /* This module was send to me my Pat Richards <patr@x509.com> who
+  * wrote it.  It is under my Copyright with his permission
+  */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+        ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c
new file mode 100644
index 0000000000..dc17c67758
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_val.c
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_val.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_VAL) = {
+        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
new file mode 100644
index 0000000000..b50167ce43
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -0,0 +1,189 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(X509_CINF) = {
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END(X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        X509 *ret = (X509 *)*pval;
+
+        switch(operation) {
+
+                case ASN1_OP_NEW_POST:
+                ret->valid=0;
+                ret->name = NULL;
+                ret->ex_flags = 0;
+                ret->ex_pathlen = -1;
+                ret->skid = NULL;
+                ret->akid = NULL;
+                ret->aux = NULL;
+                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+                break;
+
+                case ASN1_OP_D2I_POST:
+                if (ret->name != NULL) OPENSSL_free(ret->name);
+                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+                break;
+
+                case ASN1_OP_FREE_POST:
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+                X509_CERT_AUX_free(ret->aux);
+                ASN1_OCTET_STRING_free(ret->skid);
+                AUTHORITY_KEYID_free(ret->akid);
+
+                if (ret->name != NULL) OPENSSL_free(ret->name);
+                break;
+
+        }
+
+        return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+        ASN1_SIMPLE(X509, cert_info, X509_CINF),
+        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+static ASN1_METHOD meth={
+        (int (*)())  i2d_X509,
+        (char *(*)())d2i_X509,
+        (char *(*)())X509_new,
+        (void (*)()) X509_free};
+
+ASN1_METHOD *X509_asn1_meth(void)
+        {
+        return(&meth);
+        }
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *X509_get_ex_data(X509 *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+/* X509_AUX ASN1 routines. X509_AUX is the name given to
+ * a certificate with extra info tagged on the end. Since these
+ * functions set how a certificate is trusted they should only
+ * be used when the certificate comes from a reliable source
+ * such as local storage.
+ *
+ */
+
+X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length)
+{
+        unsigned char *q;
+        X509 *ret;
+        /* Save start position */
+        q = *pp;
+        ret = d2i_X509(a, pp, length);
+        /* If certificate unreadable then forget it */
+        if(!ret) return NULL;
+        /* update length */
+        length -= *pp - q;
+        if(!length) return ret;
+        if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+        return ret;
+        err:
+        X509_free(ret);
+        return NULL;
+}
+
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+        int length;
+        length = i2d_X509(a, pp);
+        if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+        return length;
+}
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
new file mode 100644
index 0000000000..f244768b7e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_x509a.c
@@ -0,0 +1,151 @@
+/* a_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX routines. These are used to encode additional
+ * user modifiable data about a certificate. This data is
+ * appended to the X509 encoding when the *_X509_AUX routines
+ * are used. This means that the "traditional" X509 routines
+ * will simply ignore the extra data. 
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+        if(!x) return NULL;
+        if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+        return x->aux;
+}
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len)
+{
+        X509_CERT_AUX *aux;
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+        return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+        X509_CERT_AUX *aux;
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+        return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+        if(!x->aux || !x->aux->alias) return NULL;
+        if(len) *len = x->aux->alias->length;
+        return x->aux->alias->data;
+}
+
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+{
+        X509_CERT_AUX *aux;
+        ASN1_OBJECT *objtmp;
+        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->trust
+                && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+        return sk_ASN1_OBJECT_push(aux->trust, objtmp);
+}
+
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+{
+        X509_CERT_AUX *aux;
+        ASN1_OBJECT *objtmp;
+        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if(!(aux = aux_get(x))) return 0;
+        if(!aux->reject
+                && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+        return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+}
+
+void X509_trust_clear(X509 *x)
+{
+        if(x->aux && x->aux->trust) {
+                sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+                x->aux->trust = NULL;
+        }
+}
+
+void X509_reject_clear(X509 *x)
+{
+        if(x->aux && x->aux->reject) {
+                sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+                x->aux->reject = NULL;
+        }
+}
+
diff --git a/src/lib/libcrypto/bf/COPYRIGHT b/src/lib/libcrypto/bf/COPYRIGHT
new file mode 100644
index 0000000000..6857223506
--- /dev/null
+++ b/src/lib/libcrypto/bf/COPYRIGHT
@@ -0,0 +1,46 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an Blowfish implementation written
+by Eric Young (eay@cryptsoft.com).
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/src/lib/libcrypto/bf/INSTALL b/src/lib/libcrypto/bf/INSTALL
new file mode 100644
index 0000000000..3b25923532
--- /dev/null
+++ b/src/lib/libcrypto/bf/INSTALL
@@ -0,0 +1,14 @@
+This Eric Young's blowfish implementation, taken from his SSLeay library
+and made available as a separate library.
+ 
+The version number (0.7.2m) is the SSLeay version that this library was
+taken from.
+ 
+To build, just unpack and type make.
+If you are not using gcc, edit the Makefile.
+If you are compiling for an x86 box, try the assembler (it needs improving).
+There are also some compile time options that can improve performance,
+these are documented in the Makefile.
+ 
+eric 15-Apr-1997
+ 
diff --git a/src/lib/libcrypto/bf/Makefile.ssl b/src/lib/libcrypto/bf/Makefile.ssl
new file mode 100644
index 0000000000..be3ad77a05
--- /dev/null
+++ b/src/lib/libcrypto/bf/Makefile.ssl
@@ -0,0 +1,115 @@
+#
+# SSLeay/crypto/blowfish/Makefile
+#
+
+DIR=    bf
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BF_ENC=         bf_enc.o
+# or use
+#DES_ENC=       bx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s)
+
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+        $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+        $(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
+
+asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libcrypto/bf/README b/src/lib/libcrypto/bf/README
new file mode 100644
index 0000000000..f2712fd0e7
--- /dev/null
+++ b/src/lib/libcrypto/bf/README
@@ -0,0 +1,8 @@
+This is a quick packaging up of my blowfish code into a library.
+It has been lifted from SSLeay.
+The copyright notices seem a little harsh because I have not spent the
+time to rewrite the conditions from the normal SSLeay ones.
+
+Basically if you just want to play with the library, not a problem.
+
+eric 15-Apr-1997
diff --git a/src/lib/libcrypto/bf/VERSION b/src/lib/libcrypto/bf/VERSION
new file mode 100644
index 0000000000..be995855e4
--- /dev/null
+++ b/src/lib/libcrypto/bf/VERSION
@@ -0,0 +1,6 @@
+The version numbers will follow my SSL implementation
+
+0.7.2r - Some reasonable default compiler options from 
+        Peter Gutman <pgut001@cs.auckland.ac.nz>
+
+0.7.2m - the first release
diff --git a/src/lib/libcrypto/bf/asm/bf-586.pl b/src/lib/libcrypto/bf/asm/bf-586.pl
new file mode 100644
index 0000000000..b5a4760d09
--- /dev/null
+++ b/src/lib/libcrypto/bf/asm/bf-586.pl
@@ -0,0 +1,136 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
+
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="edi";
+$R="esi";
+$P="ebp";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ecx";
+$tmp4="edx";
+
+&BF_encrypt("BF_encrypt",1);
+&BF_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
+&asm_finish();
+
+sub BF_encrypt
+        {
+        local($name,$enc)=@_;
+
+        &function_begin_B($name,"");
+
+        &comment("");
+
+        &push("ebp");
+        &push("ebx");
+        &mov($tmp2,&wparam(0));
+        &mov($P,&wparam(1));
+        &push("esi");
+        &push("edi");
+
+        &comment("Load the 2 words");
+        &mov($L,&DWP(0,$tmp2,"",0));
+        &mov($R,&DWP(4,$tmp2,"",0));
+
+        &xor(   $tmp1,  $tmp1);
+
+        # encrypting part
+
+        if ($enc)
+                {
+                 &mov($tmp2,&DWP(0,$P,"",0));
+                &xor(   $tmp3,  $tmp3);
+
+                &xor($L,$tmp2);
+                for ($i=0; $i<$BF_ROUNDS; $i+=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i+1));
+                        &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
+                        }
+                # &mov($tmp1,&wparam(0)); In last loop
+                &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                }
+        else
+                {
+                 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                &xor(   $tmp3,  $tmp3);
+
+                &xor($L,$tmp2);
+                for ($i=$BF_ROUNDS; $i>0; $i-=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i-1));
+                        &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
+                        }
+                # &mov($tmp1,&wparam(0)); In last loop
+                &mov($tmp4,&DWP(0,$P,"",0));
+                }
+
+        &xor($R,$tmp4);
+        &mov(&DWP(4,$tmp1,"",0),$L);
+
+        &mov(&DWP(0,$tmp1,"",0),$R);
+        &function_end($name);
+        }
+
+sub BF_ENCRYPT
+        {
+        local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
+
+        &mov(   $tmp4,          &DWP(&n2a($i*4),$P,"",0)); # for next round
+
+        &mov(   $tmp2,          $R);
+        &xor(   $L,             $tmp4);
+
+        &shr(   $tmp2,          16);
+        &mov(   $tmp4,          $R);
+
+        &movb(  &LB($tmp1),     &HB($tmp2));    # A
+        &and(   $tmp2,          0xff);          # B
+
+        &movb(  &LB($tmp3),     &HB($tmp4));    # C
+        &and(   $tmp4,          0xff);          # D
+
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+        &mov(   $tmp2,          &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+
+        &add(   $tmp2,          $tmp1);
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
+
+        &xor(   $tmp2,          $tmp1);
+        &mov(   $tmp4,          &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
+
+        &add(   $tmp2,          $tmp4);
+        if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
+                { &xor( $tmp1,          $tmp1); }
+        else
+                {
+                &comment("Load parameter 0 ($i) enc=$enc");
+                &mov($tmp1,&wparam(0));
+                } # In last loop
+
+        &xor(   $L,             $tmp2);
+        # delay
+        }
+
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
+
diff --git a/src/lib/libcrypto/bf/bf_cbc.c b/src/lib/libcrypto/bf/bf_cbc.c
new file mode 100644
index 0000000000..f949629dc6
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_cbc.c
@@ -0,0 +1,143 @@
+/* crypto/bf/bf_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+             const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+        {
+        register BF_LONG tin0,tin1;
+        register BF_LONG tout0,tout1,xor0,xor1;
+        register long l=length;
+        BF_LONG tin[2];
+
+        if (encrypt)
+                {
+                n2l(ivec,tout0);
+                n2l(ivec,tout1);
+                ivec-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,schedule);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        n2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,schedule);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                l2n(tout0,ivec);
+                l2n(tout1,ivec);
+                }
+        else
+                {
+                n2l(ivec,xor0);
+                n2l(ivec,xor1);
+                ivec-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,schedule);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,schedule);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2nn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2n(xor0,ivec);
+                l2n(xor1,ivec);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/bf/bf_cfb64.c b/src/lib/libcrypto/bf/bf_cfb64.c
new file mode 100644
index 0000000000..6451c8d407
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_cfb64.c
@@ -0,0 +1,121 @@
+/* crypto/bf/bf_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+             const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
+        {
+        register BF_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        BF_LONG ti[2];
+        unsigned char *iv,c,cc;
+
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                BF_encrypt((BF_LONG *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                BF_encrypt((BF_LONG *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/bf/bf_ecb.c b/src/lib/libcrypto/bf/bf_ecb.c
new file mode 100644
index 0000000000..341991636f
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_ecb.c
@@ -0,0 +1,96 @@
+/* crypto/bf/bf_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include <openssl/opensslv.h>
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT;
+
+const char *BF_options(void)
+        {
+#ifdef BF_PTR
+        return("blowfish(ptr)");
+#elif defined(BF_PTR2)
+        return("blowfish(ptr2)");
+#else
+        return("blowfish(idx)");
+#endif
+        }
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+             const BF_KEY *key, int encrypt)
+        {
+        BF_LONG l,d[2];
+
+        n2l(in,l); d[0]=l;
+        n2l(in,l); d[1]=l;
+        if (encrypt)
+                BF_encrypt(d,key);
+        else
+                BF_decrypt(d,key);
+        l=d[0]; l2n(l,out);
+        l=d[1]; l2n(l,out);
+        l=d[0]=d[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/bf/bf_enc.c b/src/lib/libcrypto/bf/bf_enc.c
new file mode 100644
index 0000000000..b380acf959
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_enc.c
@@ -0,0 +1,306 @@
+/* crypto/bf/bf_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+        {
+#ifndef BF_PTR2
+        register BF_LONG l,r;
+    const register BF_LONG *p,*s;
+
+        p=key->P;
+        s= &(key->S[0]);
+        l=data[0];
+        r=data[1];
+
+        l^=p[0];
+        BF_ENC(r,l,s,p[ 1]);
+        BF_ENC(l,r,s,p[ 2]);
+        BF_ENC(r,l,s,p[ 3]);
+        BF_ENC(l,r,s,p[ 4]);
+        BF_ENC(r,l,s,p[ 5]);
+        BF_ENC(l,r,s,p[ 6]);
+        BF_ENC(r,l,s,p[ 7]);
+        BF_ENC(l,r,s,p[ 8]);
+        BF_ENC(r,l,s,p[ 9]);
+        BF_ENC(l,r,s,p[10]);
+        BF_ENC(r,l,s,p[11]);
+        BF_ENC(l,r,s,p[12]);
+        BF_ENC(r,l,s,p[13]);
+        BF_ENC(l,r,s,p[14]);
+        BF_ENC(r,l,s,p[15]);
+        BF_ENC(l,r,s,p[16]);
+#if BF_ROUNDS == 20
+        BF_ENC(r,l,s,p[17]);
+        BF_ENC(l,r,s,p[18]);
+        BF_ENC(r,l,s,p[19]);
+        BF_ENC(l,r,s,p[20]);
+#endif
+        r^=p[BF_ROUNDS+1];
+
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+#else
+        register BF_LONG l,r,t,*k;
+
+        l=data[0];
+        r=data[1];
+        k=(BF_LONG*)key;
+
+        l^=k[0];
+        BF_ENC(r,l,k, 1);
+        BF_ENC(l,r,k, 2);
+        BF_ENC(r,l,k, 3);
+        BF_ENC(l,r,k, 4);
+        BF_ENC(r,l,k, 5);
+        BF_ENC(l,r,k, 6);
+        BF_ENC(r,l,k, 7);
+        BF_ENC(l,r,k, 8);
+        BF_ENC(r,l,k, 9);
+        BF_ENC(l,r,k,10);
+        BF_ENC(r,l,k,11);
+        BF_ENC(l,r,k,12);
+        BF_ENC(r,l,k,13);
+        BF_ENC(l,r,k,14);
+        BF_ENC(r,l,k,15);
+        BF_ENC(l,r,k,16);
+#if BF_ROUNDS == 20
+        BF_ENC(r,l,k,17);
+        BF_ENC(l,r,k,18);
+        BF_ENC(r,l,k,19);
+        BF_ENC(l,r,k,20);
+#endif
+        r^=k[BF_ROUNDS+1];
+
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+#endif
+        }
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+        {
+#ifndef BF_PTR2
+        register BF_LONG l,r;
+    const register BF_LONG *p,*s;
+
+        p=key->P;
+        s= &(key->S[0]);
+        l=data[0];
+        r=data[1];
+
+        l^=p[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+        BF_ENC(r,l,s,p[20]);
+        BF_ENC(l,r,s,p[19]);
+        BF_ENC(r,l,s,p[18]);
+        BF_ENC(l,r,s,p[17]);
+#endif
+        BF_ENC(r,l,s,p[16]);
+        BF_ENC(l,r,s,p[15]);
+        BF_ENC(r,l,s,p[14]);
+        BF_ENC(l,r,s,p[13]);
+        BF_ENC(r,l,s,p[12]);
+        BF_ENC(l,r,s,p[11]);
+        BF_ENC(r,l,s,p[10]);
+        BF_ENC(l,r,s,p[ 9]);
+        BF_ENC(r,l,s,p[ 8]);
+        BF_ENC(l,r,s,p[ 7]);
+        BF_ENC(r,l,s,p[ 6]);
+        BF_ENC(l,r,s,p[ 5]);
+        BF_ENC(r,l,s,p[ 4]);
+        BF_ENC(l,r,s,p[ 3]);
+        BF_ENC(r,l,s,p[ 2]);
+        BF_ENC(l,r,s,p[ 1]);
+        r^=p[0];
+
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+#else
+        register BF_LONG l,r,t,*k;
+
+        l=data[0];
+        r=data[1];
+        k=(BF_LONG *)key;
+
+        l^=k[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+        BF_ENC(r,l,k,20);
+        BF_ENC(l,r,k,19);
+        BF_ENC(r,l,k,18);
+        BF_ENC(l,r,k,17);
+#endif
+        BF_ENC(r,l,k,16);
+        BF_ENC(l,r,k,15);
+        BF_ENC(r,l,k,14);
+        BF_ENC(l,r,k,13);
+        BF_ENC(r,l,k,12);
+        BF_ENC(l,r,k,11);
+        BF_ENC(r,l,k,10);
+        BF_ENC(l,r,k, 9);
+        BF_ENC(r,l,k, 8);
+        BF_ENC(l,r,k, 7);
+        BF_ENC(r,l,k, 6);
+        BF_ENC(l,r,k, 5);
+        BF_ENC(r,l,k, 4);
+        BF_ENC(l,r,k, 3);
+        BF_ENC(r,l,k, 2);
+        BF_ENC(l,r,k, 1);
+        r^=k[0];
+
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+#endif
+        }
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+             const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+        {
+        register BF_LONG tin0,tin1;
+        register BF_LONG tout0,tout1,xor0,xor1;
+        register long l=length;
+        BF_LONG tin[2];
+
+        if (encrypt)
+                {
+                n2l(ivec,tout0);
+                n2l(ivec,tout1);
+                ivec-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,schedule);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        n2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_encrypt(tin,schedule);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                l2n(tout0,ivec);
+                l2n(tout1,ivec);
+                }
+        else
+                {
+                n2l(ivec,xor0);
+                n2l(ivec,xor1);
+                ivec-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,schedule);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        BF_decrypt(tin,schedule);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2nn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2n(xor0,ivec);
+                l2n(xor1,ivec);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/bf/bf_locl.h b/src/lib/libcrypto/bf/bf_locl.h
new file mode 100644
index 0000000000..cc7c3ec992
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_locl.h
@@ -0,0 +1,219 @@
+/* crypto/bf/bf_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BF_LOCL_H
+#define HEADER_BF_LOCL_H
+#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* This is actually a big endian algorithm, the most significant byte
+ * is used to lookup array 0 */
+
+#if defined(BF_PTR2)
+
+/*
+ * This is basically a special Intel version. Point is that Intel
+ * doesn't have many registers, but offers a reach choice of addressing
+ * modes. So we spare some registers by directly traversing BF_KEY
+ * structure and hiring the most decorated addressing mode. The code
+ * generated by EGCS is *perfectly* competitive with assembler
+ * implementation!
+ */
+#define BF_ENC(LL,R,KEY,Pi) (\
+        LL^=KEY[Pi], \
+        t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \
+        t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
+        t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
+        t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \
+        LL^=t \
+        )
+
+#elif defined(BF_PTR)
+
+#ifndef BF_LONG_LOG2
+#define BF_LONG_LOG2  2       /* default to BF_LONG being 32 bits */
+#endif
+#define BF_M  (0xFF<<BF_LONG_LOG2)
+#define BF_0  (24-BF_LONG_LOG2)
+#define BF_1  (16-BF_LONG_LOG2)
+#define BF_2  ( 8-BF_LONG_LOG2)
+#define BF_3  BF_LONG_LOG2 /* left shift */
+
+/*
+ * This is normally very good on RISC platforms where normally you
+ * have to explicitly "multiply" array index by sizeof(BF_LONG)
+ * in order to calculate the effective address. This implementation
+ * excuses CPU from this extra work. Power[PC] uses should have most
+ * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
+ * rlwinm. So let'em double-check if their compiler does it.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+        LL^=P, \
+        LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
+                *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+                *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+                *(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
+        )
+#else
+
+/*
+ * This is a *generic* version. Seem to perform best on platforms that
+ * offer explicit support for extraction of 8-bit nibbles preferably
+ * complemented with "multiplying" of array index by sizeof(BF_LONG).
+ * For the moment of this writing the list comprises Alpha CPU featuring
+ * extbl and s[48]addq instructions.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+        LL^=P, \
+        LL^=((( S[       ((int)(R>>24)&0xff)] + \
+                S[0x0100+((int)(R>>16)&0xff)])^ \
+                S[0x0200+((int)(R>> 8)&0xff)])+ \
+                S[0x0300+((int)(R    )&0xff)])&0xffffffffL \
+        )
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/bf/bf_ofb64.c b/src/lib/libcrypto/bf/bf_ofb64.c
new file mode 100644
index 0000000000..f2a9ff6e41
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_ofb64.c
@@ -0,0 +1,110 @@
+/* crypto/bf/bf_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+             const BF_KEY *schedule, unsigned char *ivec, int *num)
+        {
+        register BF_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        BF_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv=(unsigned char *)ivec;
+        n2l(iv,v0);
+        n2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2n(v0,dp);
+        l2n(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        BF_encrypt((BF_LONG *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2n(t,dp);
+                        t=ti[1]; l2n(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2n(v0,iv);
+                l2n(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/bf/bf_pi.h b/src/lib/libcrypto/bf/bf_pi.h
new file mode 100644
index 0000000000..9949513c68
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_pi.h
@@ -0,0 +1,325 @@
+/* crypto/bf/bf_pi.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const BF_KEY bf_init= {
+        {
+        0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+        0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+        0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+        0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+        0x9216d5d9L, 0x8979fb1b
+        },{
+        0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 
+        0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 
+        0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, 
+        0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, 
+        0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, 
+        0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 
+        0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, 
+        0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, 
+        0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, 
+        0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, 
+        0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 
+        0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 
+        0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, 
+        0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, 
+        0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, 
+        0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 
+        0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 
+        0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, 
+        0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, 
+        0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, 
+        0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 
+        0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 
+        0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, 
+        0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, 
+        0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, 
+        0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 
+        0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 
+        0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, 
+        0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, 
+        0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, 
+        0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 
+        0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 
+        0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, 
+        0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, 
+        0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, 
+        0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 
+        0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 
+        0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, 
+        0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, 
+        0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, 
+        0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 
+        0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 
+        0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, 
+        0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, 
+        0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, 
+        0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 
+        0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 
+        0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, 
+        0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, 
+        0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, 
+        0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 
+        0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 
+        0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, 
+        0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, 
+        0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, 
+        0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 
+        0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 
+        0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, 
+        0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, 
+        0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, 
+        0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 
+        0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 
+        0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, 
+        0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, 
+        0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, 
+        0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 
+        0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 
+        0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, 
+        0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, 
+        0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, 
+        0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 
+        0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 
+        0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, 
+        0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, 
+        0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, 
+        0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 
+        0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 
+        0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, 
+        0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, 
+        0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, 
+        0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 
+        0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 
+        0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, 
+        0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, 
+        0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, 
+        0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 
+        0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 
+        0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, 
+        0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, 
+        0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, 
+        0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 
+        0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 
+        0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, 
+        0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, 
+        0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, 
+        0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 
+        0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 
+        0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, 
+        0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, 
+        0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, 
+        0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 
+        0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 
+        0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, 
+        0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, 
+        0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, 
+        0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 
+        0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 
+        0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, 
+        0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, 
+        0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, 
+        0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 
+        0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 
+        0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, 
+        0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, 
+        0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, 
+        0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 
+        0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 
+        0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, 
+        0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, 
+        0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, 
+        0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 
+        0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 
+        0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, 
+        0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, 
+        0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, 
+        0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 
+        0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 
+        0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, 
+        0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, 
+        0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, 
+        0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 
+        0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, 
+        0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, 
+        0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, 
+        0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, 
+        0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 
+        0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 
+        0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, 
+        0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, 
+        0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, 
+        0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 
+        0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 
+        0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, 
+        0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, 
+        0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, 
+        0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 
+        0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 
+        0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, 
+        0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, 
+        0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, 
+        0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 
+        0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 
+        0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, 
+        0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, 
+        0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, 
+        0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 
+        0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 
+        0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, 
+        0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, 
+        0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, 
+        0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 
+        0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 
+        0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, 
+        0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, 
+        0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, 
+        0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 
+        0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 
+        0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, 
+        0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, 
+        0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, 
+        0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 
+        0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 
+        0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, 
+        0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, 
+        0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, 
+        0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 
+        0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 
+        0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, 
+        0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, 
+        0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, 
+        0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 
+        0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 
+        0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, 
+        0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, 
+        0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, 
+        0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 
+        0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 
+        0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, 
+        0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, 
+        0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, 
+        0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 
+        0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, 
+        0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, 
+        0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, 
+        0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, 
+        0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 
+        0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 
+        0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, 
+        0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, 
+        0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, 
+        0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 
+        0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 
+        0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, 
+        0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, 
+        0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, 
+        0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 
+        0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 
+        0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, 
+        0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, 
+        0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, 
+        0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 
+        0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 
+        0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, 
+        0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, 
+        0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, 
+        0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 
+        0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 
+        0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, 
+        0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, 
+        0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, 
+        0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 
+        0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 
+        0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, 
+        0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, 
+        0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, 
+        0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 
+        0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 
+        0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, 
+        0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, 
+        0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, 
+        0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 
+        0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 
+        0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, 
+        0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, 
+        0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, 
+        0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 
+        0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 
+        0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, 
+        0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, 
+        0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, 
+        0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 
+        0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 
+        0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, 
+        0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, 
+        0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, 
+        0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 
+        0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 
+        0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, 
+        0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, 
+        0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, 
+        0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 
+        0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 
+        0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
+        0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
+        0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
+        0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
+        }
+        };
+
diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c
new file mode 100644
index 0000000000..fc5bebefce
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_skey.c
@@ -0,0 +1,117 @@
+/* crypto/bf/bf_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+FIPS_NON_FIPS_VCIPHER_Init(BF)
+        {
+        int i;
+        BF_LONG *p,ri,in[2];
+        const unsigned char *d,*end;
+
+
+        memcpy(key,&bf_init,sizeof(BF_KEY));
+        p=key->P;
+
+        if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+
+        d=data;
+        end= &(data[len]);
+        for (i=0; i<(BF_ROUNDS+2); i++)
+                {
+                ri= *(d++);
+                if (d >= end) d=data;
+
+                ri<<=8;
+                ri|= *(d++);
+                if (d >= end) d=data;
+
+                ri<<=8;
+                ri|= *(d++);
+                if (d >= end) d=data;
+
+                ri<<=8;
+                ri|= *(d++);
+                if (d >= end) d=data;
+
+                p[i]^=ri;
+                }
+
+        in[0]=0L;
+        in[1]=0L;
+        for (i=0; i<(BF_ROUNDS+2); i+=2)
+                {
+                BF_encrypt(in,key);
+                p[i  ]=in[0];
+                p[i+1]=in[1];
+                }
+
+        p=key->S;
+        for (i=0; i<4*256; i+=2)
+                {
+                BF_encrypt(in,key);
+                p[i  ]=in[0];
+                p[i+1]=in[1];
+                }
+        }
+
diff --git a/src/lib/libcrypto/bf/blowfish.h b/src/lib/libcrypto/bf/blowfish.h
new file mode 100644
index 0000000000..b4d8774961
--- /dev/null
+++ b/src/lib/libcrypto/bf/blowfish.h
@@ -0,0 +1,130 @@
+/* crypto/bf/blowfish.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BLOWFISH_H
+#define HEADER_BLOWFISH_H
+
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_BF
+#error BF is disabled.
+#endif
+
+#define BF_ENCRYPT      1
+#define BF_DECRYPT      0
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! BF_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define BF_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define BF_LONG unsigned long
+#define BF_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *                                      <appro@fy.chalmers.se>
+ */
+#else
+#define BF_LONG unsigned int
+#endif
+
+#define BF_ROUNDS       16
+#define BF_BLOCK        8
+
+typedef struct bf_key_st
+        {
+        BF_LONG P[BF_ROUNDS+2];
+        BF_LONG S[4*256];
+        } BF_KEY;
+
+
+#ifdef OPENSSL_FIPS 
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+        const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+        const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+        const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+        const BF_KEY *schedule, unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/bio/Makefile.ssl b/src/lib/libcrypto/bio/Makefile.ssl
new file mode 100644
index 0000000000..d0b9e297b0
--- /dev/null
+++ b/src/lib/libcrypto/bio/Makefile.ssl
@@ -0,0 +1,216 @@
+#
+# SSLeay/crypto/bio/Makefile
+#
+
+DIR=    bio
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c \
+        b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+#       bf_lbuf.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+        bss_mem.o bss_null.o bss_fd.o \
+        bss_file.o bss_sock.o bss_conn.o \
+        bf_null.o bf_buff.o b_print.o b_dump.o \
+        b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+#       bf_lbuf.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bio.h
+HEADER= bss_file.c $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER); \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_dump.o: ../cryptlib.h b_dump.c
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_print.o: ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_sock.o: ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_buff.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_buff.o: ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_null.o: ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_cb.o: ../cryptlib.h bio_cb.c
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_err.o: bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_lib.o: ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_acpt.o: ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/symhacks.h bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_conn.o: ../cryptlib.h bss_conn.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_fd.o: ../cryptlib.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_file.o: ../cryptlib.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_log.o: ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_mem.o: ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_null.o: ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_sock.o: ../cryptlib.h bss_sock.c
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
new file mode 100644
index 0000000000..f671e722fa
--- /dev/null
+++ b/src/lib/libcrypto/bio/b_dump.c
@@ -0,0 +1,156 @@
+/* crypto/bio/b_dump.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#define TRUNCATE
+#define DUMP_WIDTH      16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
+
+int BIO_dump(BIO *bio, const char *s, int len)
+        {
+        return BIO_dump_indent(bio, s, len, 0);
+        }
+
+int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
+        {
+        int ret=0;
+        char buf[288+1],tmp[20],str[128+1];
+        int i,j,rows,trunc;
+        unsigned char ch;
+        int dump_width;
+        
+        trunc=0;
+        
+#ifdef TRUNCATE
+        for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
+                trunc++;
+#endif
+
+        if (indent < 0)
+                indent = 0;
+        if (indent)
+                {
+                if (indent > 128) indent=128;
+                memset(str,' ',indent);
+                }
+        str[indent]='\0';
+        
+        dump_width=DUMP_WIDTH_LESS_INDENT(indent);
+        rows=(len/dump_width);
+        if ((rows*dump_width)<len)
+                rows++;
+        for(i=0;i<rows;i++)
+                {
+                buf[0]='\0';    /* start with empty string */
+                BUF_strlcpy(buf,str,sizeof buf);
+                BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
+                BUF_strlcat(buf,tmp,sizeof buf);
+                for(j=0;j<dump_width;j++)
+                        {
+                        if (((i*dump_width)+j)>=len)
+                                {
+                                BUF_strlcat(buf,"   ",sizeof buf);
+                                }
+                        else
+                                {
+                                ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+                                BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
+                                         j==7?'-':' ');
+                                BUF_strlcat(buf,tmp,sizeof buf);
+                                }
+                        }
+                BUF_strlcat(buf,"  ",sizeof buf);
+                for(j=0;j<dump_width;j++)
+                        {
+                        if (((i*dump_width)+j)>=len)
+                                break;
+                        ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+                        BIO_snprintf(tmp,sizeof tmp,"%c",
+                                 ((ch>=' ')&&(ch<='~'))?ch:'.');
+#else
+                        BIO_snprintf(tmp,sizeof tmp,"%c",
+                                 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+                                 ? os_toebcdic[ch]
+                                 : '.');
+#endif
+                        BUF_strlcat(buf,tmp,sizeof buf);
+                        }
+                BUF_strlcat(buf,"\n",sizeof buf);
+                /* if this is the last call then update the ddt_dump thing so that
+                 * we will move the selection point in the debug window 
+                 */
+                ret+=BIO_write(bio,(char *)buf,strlen(buf));
+                }
+#ifdef TRUNCATE
+        if (trunc > 0)
+                {
+                BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
+                         len+trunc);
+                ret+=BIO_write(bio,(char *)buf,strlen(buf));
+                }
+#endif
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
new file mode 100644
index 0000000000..8b753e7ca0
--- /dev/null
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -0,0 +1,841 @@
+/* crypto/bio/b_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+
+/* 
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <limits.h>
+#include "cryptlib.h"
+#ifndef NO_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
+#include <openssl/bio.h>
+
+#ifdef BN_LLONG
+# ifndef HAVE_LONG_LONG
+#  define HAVE_LONG_LONG 1
+# endif
+#endif
+
+/***************************************************************************/
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell@astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+/*
+ * This code contains numerious changes and enhancements which were
+ * made by lots of contributors over the last years to Patrick Powell's
+ * original code:
+ *
+ * o Patrick Powell <papowell@astart.com>      (1995)
+ * o Brandon Long <blong@fiction.net>          (1996, for Mutt)
+ * o Thomas Roessler <roessler@guug.de>        (1998, for Mutt)
+ * o Michael Elkins <me@cs.hmc.edu>            (1998, for Mutt)
+ * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
+ * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
+ * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
+ * o ...                                       (for OpenSSL)
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+#define LDOUBLE long double
+#else
+#define LDOUBLE double
+#endif
+
+#if HAVE_LONG_LONG
+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# define LLONG _int64
+# else
+# define LLONG long long
+# endif
+#else
+#define LLONG long
+#endif
+
+static void fmtstr     (char **, char **, size_t *, size_t *,
+                        const char *, int, int, int);
+static void fmtint     (char **, char **, size_t *, size_t *,
+                        LLONG, int, int, int, int);
+static void fmtfp      (char **, char **, size_t *, size_t *,
+                        LDOUBLE, int, int, int);
+static void doapr_outch (char **, char **, size_t *, size_t *, int);
+static void _dopr(char **sbuffer, char **buffer,
+                  size_t *maxlen, size_t *retlen, int *truncated,
+                  const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT    0
+#define DP_S_FLAGS      1
+#define DP_S_MIN        2
+#define DP_S_DOT        3
+#define DP_S_MAX        4
+#define DP_S_MOD        5
+#define DP_S_CONV       6
+#define DP_S_DONE       7
+
+/* format flags - Bits */
+#define DP_F_MINUS      (1 << 0)
+#define DP_F_PLUS       (1 << 1)
+#define DP_F_SPACE      (1 << 2)
+#define DP_F_NUM        (1 << 3)
+#define DP_F_ZERO       (1 << 4)
+#define DP_F_UP         (1 << 5)
+#define DP_F_UNSIGNED   (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT      1
+#define DP_C_LONG       2
+#define DP_C_LDOUBLE    3
+#define DP_C_LLONG      4
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static void
+_dopr(
+    char **sbuffer,
+    char **buffer,
+    size_t *maxlen,
+    size_t *retlen,
+    int *truncated,
+    const char *format,
+    va_list args)
+{
+    char ch;
+    LLONG value;
+    LDOUBLE fvalue;
+    char *strvalue;
+    int min;
+    int max;
+    int state;
+    int flags;
+    int cflags;
+    size_t currlen;
+
+    state = DP_S_DEFAULT;
+    flags = currlen = cflags = min = 0;
+    max = -1;
+    ch = *format++;
+
+    while (state != DP_S_DONE) {
+        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+            state = DP_S_DONE;
+
+        switch (state) {
+        case DP_S_DEFAULT:
+            if (ch == '%')
+                state = DP_S_FLAGS;
+            else
+                doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);
+            ch = *format++;
+            break;
+        case DP_S_FLAGS:
+            switch (ch) {
+            case '-':
+                flags |= DP_F_MINUS;
+                ch = *format++;
+                break;
+            case '+':
+                flags |= DP_F_PLUS;
+                ch = *format++;
+                break;
+            case ' ':
+                flags |= DP_F_SPACE;
+                ch = *format++;
+                break;
+            case '#':
+                flags |= DP_F_NUM;
+                ch = *format++;
+                break;
+            case '0':
+                flags |= DP_F_ZERO;
+                ch = *format++;
+                break;
+            default:
+                state = DP_S_MIN;
+                break;
+            }
+            break;
+        case DP_S_MIN:
+            if (isdigit((unsigned char)ch)) {
+                min = 10 * min + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                min = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_DOT;
+            } else
+                state = DP_S_DOT;
+            break;
+        case DP_S_DOT:
+            if (ch == '.') {
+                state = DP_S_MAX;
+                ch = *format++;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MAX:
+            if (isdigit((unsigned char)ch)) {
+                if (max < 0)
+                    max = 0;
+                max = 10 * max + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                max = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_MOD;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MOD:
+            switch (ch) {
+            case 'h':
+                cflags = DP_C_SHORT;
+                ch = *format++;
+                break;
+            case 'l':
+                if (*format == 'l') {
+                    cflags = DP_C_LLONG;
+                    format++;
+                } else
+                    cflags = DP_C_LONG;
+                ch = *format++;
+                break;
+            case 'q':
+                cflags = DP_C_LLONG;
+                ch = *format++;
+                break;
+            case 'L':
+                cflags = DP_C_LDOUBLE;
+                ch = *format++;
+                break;
+            default:
+                break;
+            }
+            state = DP_S_CONV;
+            break;
+        case DP_S_CONV:
+            switch (ch) {
+            case 'd':
+            case 'i':
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (short int)va_arg(args, int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, LLONG);
+                    break;
+                default:
+                    value = va_arg(args, int);
+                    break;
+                }
+                fmtint(sbuffer, buffer, &currlen, maxlen,
+                       value, 10, min, max, flags);
+                break;
+            case 'X':
+                flags |= DP_F_UP;
+                /* FALLTHROUGH */
+            case 'x':
+            case 'o':
+            case 'u':
+                flags |= DP_F_UNSIGNED;
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (unsigned short int)va_arg(args, unsigned int);
+                    break;
+                case DP_C_LONG:
+                    value = (LLONG) va_arg(args,
+                        unsigned long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, unsigned LLONG);
+                    break;
+                default:
+                    value = (LLONG) va_arg(args,
+                        unsigned int);
+                    break;
+                }
+                fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                       min, max, flags);
+                break;
+            case 'f':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                fmtfp(sbuffer, buffer, &currlen, maxlen,
+                      fvalue, min, max, flags);
+                break;
+            case 'E':
+                flags |= DP_F_UP;
+            case 'e':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'G':
+                flags |= DP_F_UP;
+            case 'g':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'c':
+                doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                    va_arg(args, int));
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (max < 0) {
+                    if (buffer)
+                        max = INT_MAX;
+                    else
+                        max = *maxlen;
+                }
+                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                       flags, min, max);
+                break;
+            case 'p':
+                value = (long)va_arg(args, void *);
+                fmtint(sbuffer, buffer, &currlen, maxlen,
+                    value, 16, min, max, flags|DP_F_NUM);
+                break;
+            case 'n': /* XXX */
+                if (cflags == DP_C_SHORT) {
+                    short int *num;
+                    num = va_arg(args, short int *);
+                    *num = currlen;
+                } else if (cflags == DP_C_LONG) { /* XXX */
+                    long int *num;
+                    num = va_arg(args, long int *);
+                    *num = (long int) currlen;
+                } else if (cflags == DP_C_LLONG) { /* XXX */
+                    LLONG *num;
+                    num = va_arg(args, LLONG *);
+                    *num = (LLONG) currlen;
+                } else {
+                    int    *num;
+                    num = va_arg(args, int *);
+                    *num = currlen;
+                }
+                break;
+            case '%':
+                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+                break;
+            case 'w':
+                /* not supported yet, treat as next char */
+                ch = *format++;
+                break;
+            default:
+                /* unknown, skip */
+                break;
+            }
+            ch = *format++;
+            state = DP_S_DEFAULT;
+            flags = cflags = min = 0;
+            max = -1;
+            break;
+        case DP_S_DONE:
+            break;
+        default:
+            break;
+        }
+    }
+    *truncated = (currlen > *maxlen - 1);
+    if (*truncated)
+        currlen = *maxlen - 1;
+    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+    *retlen = currlen - 1;
+    return;
+}
+
+static void
+fmtstr(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    const char *value,
+    int flags,
+    int min,
+    int max)
+{
+    int padlen, strln;
+    int cnt = 0;
+
+    if (value == 0)
+        value = "<NULL>";
+    for (strln = 0; value[strln]; ++strln)
+        ;
+    padlen = min - strln;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    while ((padlen > 0) && (cnt < max)) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        --padlen;
+        ++cnt;
+    }
+    while (*value && (cnt < max)) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+        ++cnt;
+    }
+    while ((padlen < 0) && (cnt < max)) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        ++padlen;
+        ++cnt;
+    }
+}
+
+static void
+fmtint(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    LLONG value,
+    int base,
+    int min,
+    int max,
+    int flags)
+{
+    int signvalue = 0;
+    char *prefix = "";
+    unsigned LLONG uvalue;
+    char convert[DECIMAL_SIZE(value)+3];
+    int place = 0;
+    int spadlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+
+    if (max < 0)
+        max = 0;
+    uvalue = value;
+    if (!(flags & DP_F_UNSIGNED)) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = -value;
+        } else if (flags & DP_F_PLUS)
+            signvalue = '+';
+        else if (flags & DP_F_SPACE)
+            signvalue = ' ';
+    }
+    if (flags & DP_F_NUM) {
+        if (base == 8) prefix = "0";
+        if (base == 16) prefix = "0x";
+    }
+    if (flags & DP_F_UP)
+        caps = 1;
+    do {
+        convert[place++] =
+            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned) base];
+        uvalue = (uvalue / (unsigned) base);
+    } while (uvalue && (place < sizeof convert));
+    if (place == sizeof convert)
+        place--;
+    convert[place] = 0;
+
+    zpadlen = max - place;
+    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (spadlen < 0)
+        spadlen = 0;
+    if (flags & DP_F_ZERO) {
+        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        spadlen = 0;
+    }
+    if (flags & DP_F_MINUS)
+        spadlen = -spadlen;
+
+    /* spaces */
+    while (spadlen > 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        --spadlen;
+    }
+
+    /* sign */
+    if (signvalue)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+    /* prefix */
+    while (*prefix) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+        prefix++;
+    }
+
+    /* zeros */
+    if (zpadlen > 0) {
+        while (zpadlen > 0) {
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            --zpadlen;
+        }
+    }
+    /* digits */
+    while (place > 0)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+
+    /* left justified spaces */
+    while (spadlen < 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        ++spadlen;
+    }
+    return;
+}
+
+static LDOUBLE
+abs_val(LDOUBLE value)
+{
+    LDOUBLE result = value;
+    if (value < 0)
+        result = -value;
+    return result;
+}
+
+static LDOUBLE
+pow10(int in_exp)
+{
+    LDOUBLE result = 1;
+    while (in_exp) {
+        result *= 10;
+        in_exp--;
+    }
+    return result;
+}
+
+static long
+roundv(LDOUBLE value)
+{
+    long intpart;
+    intpart = (long) value;
+    value = value - intpart;
+    if (value >= 0.5)
+        intpart++;
+    return intpart;
+}
+
+static void
+fmtfp(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    LDOUBLE fvalue,
+    int min,
+    int max,
+    int flags)
+{
+    int signvalue = 0;
+    LDOUBLE ufvalue;
+    char iconvert[20];
+    char fconvert[20];
+    int iplace = 0;
+    int fplace = 0;
+    int padlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+    long intpart;
+    long fracpart;
+
+    if (max < 0)
+        max = 6;
+    ufvalue = abs_val(fvalue);
+    if (fvalue < 0)
+        signvalue = '-';
+    else if (flags & DP_F_PLUS)
+        signvalue = '+';
+    else if (flags & DP_F_SPACE)
+        signvalue = ' ';
+
+    intpart = (long)ufvalue;
+
+    /* sorry, we only support 9 digits past the decimal because of our
+       conversion method */
+    if (max > 9)
+        max = 9;
+
+    /* we "cheat" by converting the fractional part to integer by
+       multiplying by a factor of 10 */
+    fracpart = roundv((pow10(max)) * (ufvalue - intpart));
+
+    if (fracpart >= (long)pow10(max)) {
+        intpart++;
+        fracpart -= (long)pow10(max);
+    }
+
+    /* convert integer part */
+    do {
+        iconvert[iplace++] =
+            (caps ? "0123456789ABCDEF"
+              : "0123456789abcdef")[intpart % 10];
+        intpart = (intpart / 10);
+    } while (intpart && (iplace < sizeof iconvert));
+    if (iplace == sizeof iconvert)
+        iplace--;
+    iconvert[iplace] = 0;
+
+    /* convert fractional part */
+    do {
+        fconvert[fplace++] =
+            (caps ? "0123456789ABCDEF"
+              : "0123456789abcdef")[fracpart % 10];
+        fracpart = (fracpart / 10);
+    } while (fplace < max);
+    if (fplace == sizeof fconvert)
+        fplace--;
+    fconvert[fplace] = 0;
+
+    /* -1 for decimal point, another -1 if we are printing a sign */
+    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+    zpadlen = max - fplace;
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    if ((flags & DP_F_ZERO) && (padlen > 0)) {
+        if (signvalue) {
+            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        --padlen;
+    }
+    if (signvalue)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+    while (iplace > 0)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
+
+    /*
+     * Decimal point. This should probably use locale to find the correct
+     * char to print out.
+     */
+    if (max > 0 || (flags & DP_F_NUM)) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
+
+        while (fplace > 0)
+            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
+    }
+    while (zpadlen > 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+        --zpadlen;
+    }
+
+    while (padlen < 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        ++padlen;
+    }
+}
+
+static void
+doapr_outch(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    int c)
+{
+    /* If we haven't at least one buffer, someone has doe a big booboo */
+    assert(*sbuffer != NULL || buffer != NULL);
+
+    if (buffer) {
+        while (*currlen >= *maxlen) {
+            if (*buffer == NULL) {
+                if (*maxlen == 0)
+                    *maxlen = 1024;
+                *buffer = OPENSSL_malloc(*maxlen);
+                if (*currlen > 0) {
+                    assert(*sbuffer != NULL);
+                    memcpy(*buffer, *sbuffer, *currlen);
+                }
+                *sbuffer = NULL;
+            } else {
+                *maxlen += 1024;
+                *buffer = OPENSSL_realloc(*buffer, *maxlen);
+            }
+        }
+        /* What to do if *buffer is NULL? */
+        assert(*sbuffer != NULL || *buffer != NULL);
+    }
+
+    if (*currlen < *maxlen) {
+        if (*sbuffer)
+            (*sbuffer)[(*currlen)++] = (char)c;
+        else
+            (*buffer)[(*currlen)++] = (char)c;
+    }
+
+    return;
+}
+
+/***************************************************************************/
+
+int BIO_printf (BIO *bio, const char *format, ...)
+        {
+        va_list args;
+        int ret;
+
+        va_start(args, format);
+
+        ret = BIO_vprintf(bio, format, args);
+
+        va_end(args);
+        return(ret);
+        }
+
+int BIO_vprintf (BIO *bio, const char *format, va_list args)
+        {
+        int ret;
+        size_t retlen;
+        char hugebuf[1024*2];   /* Was previously 10k, which is unreasonable
+                                   in small-stack environments, like threads
+                                   or DOS programs. */
+        char *hugebufp = hugebuf;
+        size_t hugebufsize = sizeof(hugebuf);
+        char *dynbuf = NULL;
+        int ignored;
+
+        dynbuf = NULL;
+        CRYPTO_push_info("doapr()");
+        _dopr(&hugebufp, &dynbuf, &hugebufsize,
+                &retlen, &ignored, format, args);
+        if (dynbuf)
+                {
+                ret=BIO_write(bio, dynbuf, (int)retlen);
+                OPENSSL_free(dynbuf);
+                }
+        else
+                {
+                ret=BIO_write(bio, hugebuf, (int)retlen);
+                }
+        CRYPTO_pop_info();
+        return(ret);
+        }
+
+/* As snprintf is not available everywhere, we provide our own implementation.
+ * In case of overflow or error, this returns -1.
+ * This function has nothing to do with BIOs, but it's closely related
+ * to BIO_printf, and we need *some* name prefix ...
+ * (XXX  the function should be renamed, but to what?) */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+        {
+        va_list args;
+        int ret;
+
+        va_start(args, format);
+
+        ret = BIO_vsnprintf(buf, n, format, args);
+
+        va_end(args);
+        return(ret);
+        }
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+        {
+        size_t retlen;
+        int truncated;
+
+        _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+
+        if (truncated)
+                /* In case of truncation, return -1 unlike traditional snprintf.
+                 * (Current drafts for ISO/IEC 9899 say snprintf should return
+                 * the number of characters that would have been written,
+                 * had the buffer been large enough, as it did historically.) */
+                return -1;
+        else
+                return (retlen <= INT_MAX) ? (int)retlen : -1;
+        }
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
new file mode 100644
index 0000000000..c851298d1e
--- /dev/null
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -0,0 +1,752 @@
+/* crypto/bio/b_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_SOCK
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#ifdef SO_MAXCONN
+#define MAX_LISTEN  SO_MAXCONN
+#elif defined(SOMAXCONN)
+#define MAX_LISTEN  SOMAXCONN
+#else
+#define MAX_LISTEN  32
+#endif
+
+#ifdef OPENSSL_SYS_WINDOWS
+static int wsa_init_done=0;
+#endif
+
+#if 0
+static unsigned long BIO_ghbn_hits=0L;
+static unsigned long BIO_ghbn_miss=0L;
+
+#define GHBN_NUM        4
+static struct ghbn_cache_st
+        {
+        char name[129];
+        struct hostent *ent;
+        unsigned long order;
+        } ghbn_cache[GHBN_NUM];
+#endif
+
+static int get_ip(const char *str,unsigned char *ip);
+#if 0
+static void ghbn_free(struct hostent *a);
+static struct hostent *ghbn_dup(struct hostent *a);
+#endif
+int BIO_get_host_ip(const char *str, unsigned char *ip)
+        {
+        int i;
+        int err = 1;
+        int locked = 0;
+        struct hostent *he;
+
+        i=get_ip(str,ip);
+        if (i < 0)
+                {
+                BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
+                goto err;
+                }
+
+        /* At this point, we have something that is most probably correct
+           in some way, so let's init the socket. */
+        if (BIO_sock_init() != 1)
+                return 0; /* don't generate another error code here */
+
+        /* If the string actually contained an IP address, we need not do
+           anything more */
+        if (i > 0) return(1);
+
+        /* do a gethostbyname */
+        CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+        locked = 1;
+        he=BIO_gethostbyname(str);
+        if (he == NULL)
+                {
+                BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+                goto err;
+                }
+
+        /* cast to short because of win16 winsock definition */
+        if ((short)he->h_addrtype != AF_INET)
+                {
+                BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+                goto err;
+                }
+        for (i=0; i<4; i++)
+                ip[i]=he->h_addr_list[0][i];
+        err = 0;
+
+ err:
+        if (locked)
+                CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+        if (err)
+                {
+                ERR_add_error_data(2,"host=",str);
+                return 0;
+                }
+        else
+                return 1;
+        }
+
+int BIO_get_port(const char *str, unsigned short *port_ptr)
+        {
+        int i;
+        struct servent *s;
+
+        if (str == NULL)
+                {
+                BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
+                return(0);
+                }
+        i=atoi(str);
+        if (i != 0)
+                *port_ptr=(unsigned short)i;
+        else
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
+                /* Note: under VMS with SOCKETSHR, it seems like the first
+                 * parameter is 'char *', instead of 'const char *'
+                 */
+                s=getservbyname(
+#ifndef CONST_STRICT
+                    (char *)
+#endif
+                    str,"tcp");
+                if(s != NULL)
+                        *port_ptr=ntohs((unsigned short)s->s_port);
+                CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
+                if(s == NULL)
+                        {
+                        if (strcmp(str,"http") == 0)
+                                *port_ptr=80;
+                        else if (strcmp(str,"telnet") == 0)
+                                *port_ptr=23;
+                        else if (strcmp(str,"socks") == 0)
+                                *port_ptr=1080;
+                        else if (strcmp(str,"https") == 0)
+                                *port_ptr=443;
+                        else if (strcmp(str,"ssl") == 0)
+                                *port_ptr=443;
+                        else if (strcmp(str,"ftp") == 0)
+                                *port_ptr=21;
+                        else if (strcmp(str,"gopher") == 0)
+                                *port_ptr=70;
+#if 0
+                        else if (strcmp(str,"wais") == 0)
+                                *port_ptr=21;
+#endif
+                        else
+                                {
+                                SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
+                                ERR_add_error_data(3,"service='",str,"'");
+                                return(0);
+                                }
+                        }
+                }
+        return(1);
+        }
+
+int BIO_sock_error(int sock)
+        {
+        int j,i;
+        int size;
+                 
+        size=sizeof(int);
+        /* Note: under Windows the third parameter is of type (char *)
+         * whereas under other systems it is (void *) if you don't have
+         * a cast it will choke the compiler: if you do have a cast then
+         * you can either go for (char *) or (void *).
+         */
+        i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
+        if (i < 0)
+                return(1);
+        else
+                return(j);
+        }
+
+#if 0
+long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
+        {
+        int i;
+        char **p;
+
+        switch (cmd)
+                {
+        case BIO_GHBN_CTRL_HITS:
+                return(BIO_ghbn_hits);
+                /* break; */
+        case BIO_GHBN_CTRL_MISSES:
+                return(BIO_ghbn_miss);
+                /* break; */
+        case BIO_GHBN_CTRL_CACHE_SIZE:
+                return(GHBN_NUM);
+                /* break; */
+        case BIO_GHBN_CTRL_GET_ENTRY:
+                if ((iarg >= 0) && (iarg <GHBN_NUM) &&
+                        (ghbn_cache[iarg].order > 0))
+                        {
+                        p=(char **)parg;
+                        if (p == NULL) return(0);
+                        *p=ghbn_cache[iarg].name;
+                        ghbn_cache[iarg].name[128]='\0';
+                        return(1);
+                        }
+                return(0);
+                /* break; */
+        case BIO_GHBN_CTRL_FLUSH:
+                for (i=0; i<GHBN_NUM; i++)
+                        ghbn_cache[i].order=0;
+                break;
+        default:
+                return(0);
+                }
+        return(1);
+        }
+#endif
+
+#if 0
+static struct hostent *ghbn_dup(struct hostent *a)
+        {
+        struct hostent *ret;
+        int i,j;
+
+        MemCheck_off();
+        ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
+        if (ret == NULL) return(NULL);
+        memset(ret,0,sizeof(struct hostent));
+
+        for (i=0; a->h_aliases[i] != NULL; i++)
+                ;
+        i++;
+        ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
+        if (ret->h_aliases == NULL)
+                goto err;
+        memset(ret->h_aliases, 0, i*sizeof(char *));
+
+        for (i=0; a->h_addr_list[i] != NULL; i++)
+                ;
+        i++;
+        ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
+        if (ret->h_addr_list == NULL)
+                goto err;
+        memset(ret->h_addr_list, 0, i*sizeof(char *));
+
+        j=strlen(a->h_name)+1;
+        if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
+        memcpy((char *)ret->h_name,a->h_name,j);
+        for (i=0; a->h_aliases[i] != NULL; i++)
+                {
+                j=strlen(a->h_aliases[i])+1;
+                if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
+                memcpy(ret->h_aliases[i],a->h_aliases[i],j);
+                }
+        ret->h_length=a->h_length;
+        ret->h_addrtype=a->h_addrtype;
+        for (i=0; a->h_addr_list[i] != NULL; i++)
+                {
+                if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
+                        goto err;
+                memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
+                }
+        if (0)
+                {
+err:    
+                if (ret != NULL)
+                        ghbn_free(ret);
+                ret=NULL;
+                }
+        MemCheck_on();
+        return(ret);
+        }
+
+static void ghbn_free(struct hostent *a)
+        {
+        int i;
+
+        if(a == NULL)
+            return;
+
+        if (a->h_aliases != NULL)
+                {
+                for (i=0; a->h_aliases[i] != NULL; i++)
+                        OPENSSL_free(a->h_aliases[i]);
+                OPENSSL_free(a->h_aliases);
+                }
+        if (a->h_addr_list != NULL)
+                {
+                for (i=0; a->h_addr_list[i] != NULL; i++)
+                        OPENSSL_free(a->h_addr_list[i]);
+                OPENSSL_free(a->h_addr_list);
+                }
+        if (a->h_name != NULL) OPENSSL_free(a->h_name);
+        OPENSSL_free(a);
+        }
+
+#endif
+
+struct hostent *BIO_gethostbyname(const char *name)
+        {
+#if 1
+        /* Caching gethostbyname() results forever is wrong,
+         * so we have to let the true gethostbyname() worry about this */
+        return gethostbyname(name);
+#else
+        struct hostent *ret;
+        int i,lowi=0,j;
+        unsigned long low= (unsigned long)-1;
+
+
+#  if 0
+        /* It doesn't make sense to use locking here: The function interface
+         * is not thread-safe, because threads can never be sure when
+         * some other thread destroys the data they were given a pointer to.
+         */
+        CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+#  endif
+        j=strlen(name);
+        if (j < 128)
+                {
+                for (i=0; i<GHBN_NUM; i++)
+                        {
+                        if (low > ghbn_cache[i].order)
+                                {
+                                low=ghbn_cache[i].order;
+                                lowi=i;
+                                }
+                        if (ghbn_cache[i].order > 0)
+                                {
+                                if (strncmp(name,ghbn_cache[i].name,128) == 0)
+                                        break;
+                                }
+                        }
+                }
+        else
+                i=GHBN_NUM;
+
+        if (i == GHBN_NUM) /* no hit*/
+                {
+                BIO_ghbn_miss++;
+                /* Note: under VMS with SOCKETSHR, it seems like the first
+                 * parameter is 'char *', instead of 'const char *'
+                 */
+                ret=gethostbyname(
+#  ifndef CONST_STRICT
+                    (char *)
+#  endif
+                    name);
+
+                if (ret == NULL)
+                        goto end;
+                if (j > 128) /* too big to cache */
+                        {
+#  if 0
+                        /* If we were trying to make this function thread-safe (which
+                         * is bound to fail), we'd have to give up in this case
+                         * (or allocate more memory). */
+                        ret = NULL;
+#  endif
+                        goto end;
+                        }
+
+                /* else add to cache */
+                if (ghbn_cache[lowi].ent != NULL)
+                        ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
+                ghbn_cache[lowi].name[0] = '\0';
+
+                if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
+                        {
+                        BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
+                        goto end;
+                        }
+                strncpy(ghbn_cache[lowi].name,name,128);
+                ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
+                }
+        else
+                {
+                BIO_ghbn_hits++;
+                ret= ghbn_cache[i].ent;
+                ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+                }
+end:
+#  if 0
+        CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+#  endif
+        return(ret);
+#endif
+        }
+
+
+int BIO_sock_init(void)
+        {
+#ifdef OPENSSL_SYS_WINDOWS
+        static struct WSAData wsa_state;
+
+        if (!wsa_init_done)
+                {
+                int err;
+          
+#ifdef SIGINT
+                signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
+#endif
+                wsa_init_done=1;
+                memset(&wsa_state,0,sizeof(wsa_state));
+                if (WSAStartup(0x0101,&wsa_state)!=0)
+                        {
+                        err=WSAGetLastError();
+                        SYSerr(SYS_F_WSASTARTUP,err);
+                        BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
+                        return(-1);
+                        }
+                }
+#endif /* OPENSSL_SYS_WINDOWS */
+#ifdef WATT32
+        extern int _watt_do_exit;
+        _watt_do_exit = 0;    /* don't make sock_init() call exit() */
+        if (sock_init())
+                return (-1);
+#endif
+        return(1);
+        }
+
+void BIO_sock_cleanup(void)
+        {
+#ifdef OPENSSL_SYS_WINDOWS
+        if (wsa_init_done)
+                {
+                wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
+                WSACancelBlockingCall();
+#endif
+                WSACleanup();
+                }
+#endif
+        }
+
+#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+
+int BIO_socket_ioctl(int fd, long type, void *arg)
+        {
+        int i;
+
+#ifdef __DJGPP__
+        i=ioctlsocket(fd,type,(char *)arg);
+#else
+        i=ioctlsocket(fd,type,arg);
+#endif /* __DJGPP__ */
+        if (i < 0)
+                SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
+        return(i);
+        }
+#endif /* __VMS_VER */
+
+/* The reason I have implemented this instead of using sscanf is because
+ * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
+static int get_ip(const char *str, unsigned char ip[4])
+        {
+        unsigned int tmp[4];
+        int num=0,c,ok=0;
+
+        tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
+
+        for (;;)
+                {
+                c= *(str++);
+                if ((c >= '0') && (c <= '9'))
+                        {
+                        ok=1;
+                        tmp[num]=tmp[num]*10+c-'0';
+                        if (tmp[num] > 255) return(0);
+                        }
+                else if (c == '.')
+                        {
+                        if (!ok) return(-1);
+                        if (num == 3) return(0);
+                        num++;
+                        ok=0;
+                        }
+                else if (c == '\0' && (num == 3) && ok)
+                        break;
+                else
+                        return(0);
+                }
+        ip[0]=tmp[0];
+        ip[1]=tmp[1];
+        ip[2]=tmp[2];
+        ip[3]=tmp[3];
+        return(1);
+        }
+
+int BIO_get_accept_socket(char *host, int bind_mode)
+        {
+        int ret=0;
+        struct sockaddr_in server,client;
+        int s=INVALID_SOCKET,cs;
+        unsigned char ip[4];
+        unsigned short port;
+        char *str=NULL,*e;
+        const char *h,*p;
+        unsigned long l;
+        int err_num;
+
+        if (BIO_sock_init() != 1) return(INVALID_SOCKET);
+
+        if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
+
+        h=p=NULL;
+        h=str;
+        for (e=str; *e; e++)
+                {
+                if (*e == ':')
+                        {
+                        p= &(e[1]);
+                        *e='\0';
+                        }
+                else if (*e == '/')
+                        {
+                        *e='\0';
+                        break;
+                        }
+                }
+
+        if (p == NULL)
+                {
+                p=h;
+                h="*";
+                }
+
+        if (!BIO_get_port(p,&port)) goto err;
+
+        memset((char *)&server,0,sizeof(server));
+        server.sin_family=AF_INET;
+        server.sin_port=htons(port);
+
+        if (strcmp(h,"*") == 0)
+                server.sin_addr.s_addr=INADDR_ANY;
+        else
+                {
+                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
+                l=(unsigned long)
+                        ((unsigned long)ip[0]<<24L)|
+                        ((unsigned long)ip[1]<<16L)|
+                        ((unsigned long)ip[2]<< 8L)|
+                        ((unsigned long)ip[3]);
+                server.sin_addr.s_addr=htonl(l);
+                }
+
+again:
+        s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+        if (s == INVALID_SOCKET)
+                {
+                SYSerr(SYS_F_SOCKET,get_last_socket_error());
+                ERR_add_error_data(3,"port='",host,"'");
+                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto err;
+                }
+
+#ifdef SO_REUSEADDR
+        if (bind_mode == BIO_BIND_REUSEADDR)
+                {
+                int i=1;
+
+                ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));
+                bind_mode=BIO_BIND_NORMAL;
+                }
+#endif
+        if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+                {
+#ifdef SO_REUSEADDR
+                err_num=get_last_socket_error();
+                if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+                        (err_num == EADDRINUSE))
+                        {
+                        memcpy((char *)&client,(char *)&server,sizeof(server));
+                        if (strcmp(h,"*") == 0)
+                                client.sin_addr.s_addr=htonl(0x7F000001);
+                        cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+                        if (cs != INVALID_SOCKET)
+                                {
+                                int ii;
+                                ii=connect(cs,(struct sockaddr *)&client,
+                                        sizeof(client));
+                                closesocket(cs);
+                                if (ii == INVALID_SOCKET)
+                                        {
+                                        bind_mode=BIO_BIND_REUSEADDR;
+                                        closesocket(s);
+                                        goto again;
+                                        }
+                                /* else error */
+                                }
+                        /* else error */
+                        }
+#endif
+                SYSerr(SYS_F_BIND,err_num);
+                ERR_add_error_data(3,"port='",host,"'");
+                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
+                goto err;
+                }
+        if (listen(s,MAX_LISTEN) == -1)
+                {
+                SYSerr(SYS_F_BIND,get_last_socket_error());
+                ERR_add_error_data(3,"port='",host,"'");
+                BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
+                goto err;
+                }
+        ret=1;
+err:
+        if (str != NULL) OPENSSL_free(str);
+        if ((ret == 0) && (s != INVALID_SOCKET))
+                {
+                closesocket(s);
+                s= INVALID_SOCKET;
+                }
+        return(s);
+        }
+
+int BIO_accept(int sock, char **addr)
+        {
+        int ret=INVALID_SOCKET;
+        static struct sockaddr_in from;
+        unsigned long l;
+        unsigned short port;
+        int len;
+        char *p;
+
+        memset((char *)&from,0,sizeof(from));
+        len=sizeof(from);
+        /* Note: under VMS with SOCKETSHR the fourth parameter is currently
+         * of type (int *) whereas under other systems it is (void *) if
+         * you don't have a cast it will choke the compiler: if you do
+         * have a cast then you can either go for (int *) or (void *).
+         */
+        ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
+        if (ret == INVALID_SOCKET)
+                {
+                if(BIO_sock_should_retry(ret)) return -2;
+                SYSerr(SYS_F_ACCEPT,get_last_socket_error());
+                BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
+                goto end;
+                }
+
+        if (addr == NULL) goto end;
+
+        l=ntohl(from.sin_addr.s_addr);
+        port=ntohs(from.sin_port);
+        if (*addr == NULL)
+                {
+                if ((p=OPENSSL_malloc(24)) == NULL)
+                        {
+                        BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
+                        goto end;
+                        }
+                *addr=p;
+                }
+        BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
+                     (unsigned char)(l>>24L)&0xff,
+                     (unsigned char)(l>>16L)&0xff,
+                     (unsigned char)(l>> 8L)&0xff,
+                     (unsigned char)(l     )&0xff,
+                     port);
+end:
+        return(ret);
+        }
+
+int BIO_set_tcp_ndelay(int s, int on)
+        {
+        int ret=0;
+#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+        int opt;
+
+#ifdef SOL_TCP
+        opt=SOL_TCP;
+#else
+#ifdef IPPROTO_TCP
+        opt=IPPROTO_TCP;
+#endif
+#endif
+        
+        ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
+#endif
+        return(ret == 0);
+        }
+#endif
+
+int BIO_socket_nbio(int s, int mode)
+        {
+        int ret= -1;
+        int l;
+
+        l=mode;
+#ifdef FIONBIO
+        ret=BIO_socket_ioctl(s,FIONBIO,&l);
+#endif
+        return(ret == 0);
+        }
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
new file mode 100644
index 0000000000..c1fd75aaad
--- /dev/null
+++ b/src/lib/libcrypto/bio/bf_buff.c
@@ -0,0 +1,511 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int buffer_write(BIO *h, const char *buf,int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+#define DEFAULT_BUFFER_SIZE     4096
+
+static BIO_METHOD methods_buffer=
+        {
+        BIO_TYPE_BUFFER,
+        "buffer",
+        buffer_write,
+        buffer_read,
+        buffer_puts,
+        buffer_gets,
+        buffer_ctrl,
+        buffer_new,
+        buffer_free,
+        buffer_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_buffer(void)
+        {
+        return(&methods_buffer);
+        }
+
+static int buffer_new(BIO *bi)
+        {
+        BIO_F_BUFFER_CTX *ctx;
+
+        ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
+        if (ctx == NULL) return(0);
+        ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+        if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
+        ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+        if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
+        ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
+        ctx->obuf_size=DEFAULT_BUFFER_SIZE;
+        ctx->ibuf_len=0;
+        ctx->ibuf_off=0;
+        ctx->obuf_len=0;
+        ctx->obuf_off=0;
+
+        bi->init=1;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int buffer_free(BIO *a)
+        {
+        BIO_F_BUFFER_CTX *b;
+
+        if (a == NULL) return(0);
+        b=(BIO_F_BUFFER_CTX *)a->ptr;
+        if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
+        if (b->obuf != NULL) OPENSSL_free(b->obuf);
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int buffer_read(BIO *b, char *out, int outl)
+        {
+        int i,num=0;
+        BIO_F_BUFFER_CTX *ctx;
+
+        if (out == NULL) return(0);
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        num=0;
+        BIO_clear_retry_flags(b);
+
+start:
+        i=ctx->ibuf_len;
+        /* If there is stuff left over, grab it */
+        if (i != 0)
+                {
+                if (i > outl) i=outl;
+                memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
+                ctx->ibuf_off+=i;
+                ctx->ibuf_len-=i;
+                num+=i;
+                if (outl == i)  return(num);
+                outl-=i;
+                out+=i;
+                }
+
+        /* We may have done a partial read. try to do more.
+         * We have nothing in the buffer.
+         * If we get an error and have read some data, just return it
+         * and let them retry to get the error again.
+         * copy direct to parent address space */
+        if (outl > ctx->ibuf_size)
+                {
+                for (;;)
+                        {
+                        i=BIO_read(b->next_bio,out,outl);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+                        num+=i;
+                        if (outl == i) return(num);
+                        out+=i;
+                        outl-=i;
+                        }
+                }
+        /* else */
+
+        /* we are going to be doing some buffering */
+        i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+        if (i <= 0)
+                {
+                BIO_copy_next_retry(b);
+                if (i < 0) return((num > 0)?num:i);
+                if (i == 0) return(num);
+                }
+        ctx->ibuf_off=0;
+        ctx->ibuf_len=i;
+
+        /* Lets re-read using ourselves :-) */
+        goto start;
+        }
+
+static int buffer_write(BIO *b, const char *in, int inl)
+        {
+        int i,num=0;
+        BIO_F_BUFFER_CTX *ctx;
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+        BIO_clear_retry_flags(b);
+start:
+        i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
+        /* add to buffer and return */
+        if (i >= inl)
+                {
+                memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
+                ctx->obuf_len+=inl;
+                return(num+inl);
+                }
+        /* else */
+        /* stuff already in buffer, so add to it first, then flush */
+        if (ctx->obuf_len != 0)
+                {
+                if (i > 0) /* lets fill it up if we can */
+                        {
+                        memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
+                        in+=i;
+                        inl-=i;
+                        num+=i;
+                        ctx->obuf_len+=i;
+                        }
+                /* we now have a full buffer needing flushing */
+                for (;;)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
+                                ctx->obuf_len);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+                        ctx->obuf_off+=i;
+                        ctx->obuf_len-=i;
+                        if (ctx->obuf_len == 0) break;
+                        }
+                }
+        /* we only get here if the buffer has been flushed and we
+         * still have stuff to write */
+        ctx->obuf_off=0;
+
+        /* we now have inl bytes to write */
+        while (inl >= ctx->obuf_size)
+                {
+                i=BIO_write(b->next_bio,in,inl);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        if (i < 0) return((num > 0)?num:i);
+                        if (i == 0) return(num);
+                        }
+                num+=i;
+                in+=i;
+                inl-=i;
+                if (inl == 0) return(num);
+                }
+
+        /* copy the rest into the buffer since we have only a small 
+         * amount left */
+        goto start;
+        }
+
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO *dbio;
+        BIO_F_BUFFER_CTX *ctx;
+        long ret=1;
+        char *p1,*p2;
+        int r,i,*ip;
+        int ibs,obs;
+
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->ibuf_off=0;
+                ctx->ibuf_len=0;
+                ctx->obuf_off=0;
+                ctx->obuf_len=0;
+                if (b->next_bio == NULL) return(0);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)ctx->obuf_len;
+                break;
+        case BIO_C_GET_BUFF_NUM_LINES:
+                ret=0;
+                p1=ctx->ibuf;
+                for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)
+                        {
+                        if (p1[i] == '\n') ret++;
+                        }
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=(long)ctx->obuf_len;
+                if (ret == 0)
+                        {
+                        if (b->next_bio == NULL) return(0);
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        }
+                break;
+        case BIO_CTRL_PENDING:
+                ret=(long)ctx->ibuf_len;
+                if (ret == 0)
+                        {
+                        if (b->next_bio == NULL) return(0);
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        }
+                break;
+        case BIO_C_SET_BUFF_READ_DATA:
+                if (num > ctx->ibuf_size)
+                        {
+                        p1=OPENSSL_malloc((int)num);
+                        if (p1 == NULL) goto malloc_error;
+                        if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
+                        ctx->ibuf=p1;
+                        }
+                ctx->ibuf_off=0;
+                ctx->ibuf_len=(int)num;
+                memcpy(ctx->ibuf,ptr,(int)num);
+                ret=1;
+                break;
+        case BIO_C_SET_BUFF_SIZE:
+                if (ptr != NULL)
+                        {
+                        ip=(int *)ptr;
+                        if (*ip == 0)
+                                {
+                                ibs=(int)num;
+                                obs=ctx->obuf_size;
+                                }
+                        else /* if (*ip == 1) */
+                                {
+                                ibs=ctx->ibuf_size;
+                                obs=(int)num;
+                                }
+                        }
+                else
+                        {
+                        ibs=(int)num;
+                        obs=(int)num;
+                        }
+                p1=ctx->ibuf;
+                p2=ctx->obuf;
+                if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
+                        {
+                        p1=(char *)OPENSSL_malloc((int)num);
+                        if (p1 == NULL) goto malloc_error;
+                        }
+                if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
+                        {
+                        p2=(char *)OPENSSL_malloc((int)num);
+                        if (p2 == NULL)
+                                {
+                                if (p1 != ctx->ibuf) OPENSSL_free(p1);
+                                goto malloc_error;
+                                }
+                        }
+                if (ctx->ibuf != p1)
+                        {
+                        OPENSSL_free(ctx->ibuf);
+                        ctx->ibuf=p1;
+                        ctx->ibuf_off=0;
+                        ctx->ibuf_len=0;
+                        ctx->ibuf_size=ibs;
+                        }
+                if (ctx->obuf != p2)
+                        {
+                        OPENSSL_free(ctx->obuf);
+                        ctx->obuf=p2;
+                        ctx->obuf_off=0;
+                        ctx->obuf_len=0;
+                        ctx->obuf_size=obs;
+                        }
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                if (b->next_bio == NULL) return(0);
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+
+        case BIO_CTRL_FLUSH:
+                if (b->next_bio == NULL) return(0);
+                if (ctx->obuf_len <= 0)
+                        {
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        break;
+                        }
+
+                for (;;)
+                        {
+                        BIO_clear_retry_flags(b);
+                        if (ctx->obuf_len > ctx->obuf_off)
+                                {
+                                r=BIO_write(b->next_bio,
+                                        &(ctx->obuf[ctx->obuf_off]),
+                                        ctx->obuf_len-ctx->obuf_off);
+#if 0
+fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
+#endif
+                                BIO_copy_next_retry(b);
+                                if (r <= 0) return((long)r);
+                                ctx->obuf_off+=r;
+                                }
+                        else
+                                {
+                                ctx->obuf_len=0;
+                                ctx->obuf_off=0;
+                                ret=1;
+                                break;
+                                }
+                        }
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                if (    !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
+                        !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+                        ret=0;
+                break;
+        default:
+                if (b->next_bio == NULL) return(0);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+malloc_error:
+        BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+
+static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static int buffer_gets(BIO *b, char *buf, int size)
+        {
+        BIO_F_BUFFER_CTX *ctx;
+        int num=0,i,flag;
+        char *p;
+
+        ctx=(BIO_F_BUFFER_CTX *)b->ptr;
+        size--; /* reserve space for a '\0' */
+        BIO_clear_retry_flags(b);
+
+        for (;;)
+                {
+                if (ctx->ibuf_len > 0)
+                        {
+                        p= &(ctx->ibuf[ctx->ibuf_off]);
+                        flag=0;
+                        for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
+                                {
+                                *(buf++)=p[i];
+                                if (p[i] == '\n')
+                                        {
+                                        flag=1;
+                                        i++;
+                                        break;
+                                        }
+                                }
+                        num+=i;
+                        size-=i;
+                        ctx->ibuf_len-=i;
+                        ctx->ibuf_off+=i;
+                        if (flag || size == 0)
+                                {
+                                *buf='\0';
+                                return(num);
+                                }
+                        }
+                else    /* read another chunk */
+                        {
+                        i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                *buf='\0';
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+                        ctx->ibuf_len=i;
+                        ctx->ibuf_off=0;
+                        }
+                }
+        }
+
+static int buffer_puts(BIO *b, const char *str)
+        {
+        return(buffer_write(b,str,strlen(str)));
+        }
+
diff --git a/src/lib/libcrypto/bio/bf_lbuf.c b/src/lib/libcrypto/bio/bf_lbuf.c
new file mode 100644
index 0000000000..ec0f7eb0b7
--- /dev/null
+++ b/src/lib/libcrypto/bio/bf_lbuf.c
@@ -0,0 +1,397 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf,int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE 1024*10
+
+/* #define DEBUG */
+
+static BIO_METHOD methods_linebuffer=
+        {
+        BIO_TYPE_LINEBUFFER,
+        "linebuffer",
+        linebuffer_write,
+        linebuffer_read,
+        linebuffer_puts,
+        linebuffer_gets,
+        linebuffer_ctrl,
+        linebuffer_new,
+        linebuffer_free,
+        linebuffer_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_linebuffer(void)
+        {
+        return(&methods_linebuffer);
+        }
+
+typedef struct bio_linebuffer_ctx_struct
+        {
+        char *obuf;             /* the output char array */
+        int obuf_size;          /* how big is the output buffer */
+        int obuf_len;           /* how many bytes are in it */
+        } BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+        {
+        BIO_LINEBUFFER_CTX *ctx;
+
+        ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
+        if (ctx == NULL) return(0);
+        ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+        if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
+        ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
+        ctx->obuf_len=0;
+
+        bi->init=1;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int linebuffer_free(BIO *a)
+        {
+        BIO_LINEBUFFER_CTX *b;
+
+        if (a == NULL) return(0);
+        b=(BIO_LINEBUFFER_CTX *)a->ptr;
+        if (b->obuf != NULL) OPENSSL_free(b->obuf);
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int linebuffer_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+ 
+        if (out == NULL) return(0);
+        if (b->next_bio == NULL) return(0);
+        ret=BIO_read(b->next_bio,out,outl);
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+        {
+        int i,num=0,foundnl;
+        BIO_LINEBUFFER_CTX *ctx;
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+        BIO_clear_retry_flags(b);
+
+        do
+                {
+                const char *p;
+
+                for(p = in; p < in + inl && *p != '\n'; p++)
+                        ;
+                if (*p == '\n')
+                        {
+                        p++;
+                        foundnl = 1;
+                        }
+                else
+                        foundnl = 0;
+
+                /* If a NL was found and we already have text in the save
+                   buffer, concatenate them and write */
+                while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+                        && ctx->obuf_len > 0)
+                        {
+                        int orig_olen = ctx->obuf_len;
+                        
+                        i = ctx->obuf_size - ctx->obuf_len;
+                        if (p - in > 0)
+                                {
+                                if (i >= p - in)
+                                        {
+                                        memcpy(&(ctx->obuf[ctx->obuf_len]),
+                                                in,p - in);
+                                        ctx->obuf_len += p - in;
+                                        inl -= p - in;
+                                        num += p - in;
+                                        in = p;
+                                        }
+                                else
+                                        {
+                                        memcpy(&(ctx->obuf[ctx->obuf_len]),
+                                                in,i);
+                                        ctx->obuf_len += i;
+                                        inl -= i;
+                                        in += i;
+                                        num += i;
+                                        }
+                                }
+
+#if 0
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+                        i=BIO_write(b->next_bio,
+                                ctx->obuf, ctx->obuf_len);
+                        if (i <= 0)
+                                {
+                                ctx->obuf_len = orig_olen;
+                                BIO_copy_next_retry(b);
+
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                        if (i < ctx->obuf_len)
+                                memmove(ctx->obuf, ctx->obuf + i,
+                                        ctx->obuf_len - i);
+                        ctx->obuf_len-=i;
+                        }
+
+                /* Now that the save buffer is emptied, let's write the input
+                   buffer if a NL was found and there is anything to write. */
+                if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+                        {
+#if 0
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+                        i=BIO_write(b->next_bio,in,p - in);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                                if (i < 0) return((num > 0)?num:i);
+                                if (i == 0) return(num);
+                                }
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+                        num+=i;
+                        in+=i;
+                        inl-=i;
+                        }
+                }
+        while(foundnl && inl > 0);
+        /* We've written as much as we can.  The rest of the input buffer, if
+           any, is text that doesn't and with a NL and therefore needs to be
+           saved for the next trip. */
+        if (inl > 0)
+                {
+                memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+                ctx->obuf_len += inl;
+                num += inl;
+                }
+        return num;
+        }
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO *dbio;
+        BIO_LINEBUFFER_CTX *ctx;
+        long ret=1;
+        char *p;
+        int r;
+        int obs;
+
+        ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->obuf_len=0;
+                if (b->next_bio == NULL) return(0);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)ctx->obuf_len;
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=(long)ctx->obuf_len;
+                if (ret == 0)
+                        {
+                        if (b->next_bio == NULL) return(0);
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        }
+                break;
+        case BIO_C_SET_BUFF_SIZE:
+                obs=(int)num;
+                p=ctx->obuf;
+                if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
+                        {
+                        p=(char *)OPENSSL_malloc((int)num);
+                        if (p == NULL)
+                                goto malloc_error;
+                        }
+                if (ctx->obuf != p)
+                        {
+                        if (ctx->obuf_len > obs)
+                                {
+                                ctx->obuf_len = obs;
+                                }
+                        memcpy(p, ctx->obuf, ctx->obuf_len);
+                        OPENSSL_free(ctx->obuf);
+                        ctx->obuf=p;
+                        ctx->obuf_size=obs;
+                        }
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                if (b->next_bio == NULL) return(0);
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+
+        case BIO_CTRL_FLUSH:
+                if (b->next_bio == NULL) return(0);
+                if (ctx->obuf_len <= 0)
+                        {
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                        break;
+                        }
+
+                for (;;)
+                        {
+                        BIO_clear_retry_flags(b);
+                        if (ctx->obuf_len > 0)
+                                {
+                                r=BIO_write(b->next_bio,
+                                        ctx->obuf, ctx->obuf_len);
+#if 0
+fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
+#endif
+                                BIO_copy_next_retry(b);
+                                if (r <= 0) return((long)r);
+                                if (r < ctx->obuf_len)
+                                        memmove(ctx->obuf, ctx->obuf + r,
+                                                ctx->obuf_len - r);
+                                ctx->obuf_len-=r;
+                                }
+                        else
+                                {
+                                ctx->obuf_len=0;
+                                ret=1;
+                                break;
+                                }
+                        }
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                if (    !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+                        ret=0;
+                break;
+        default:
+                if (b->next_bio == NULL) return(0);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+malloc_error:
+        BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+        return(0);
+        }
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+        {
+        if (b->next_bio == NULL) return(0);
+        return(BIO_gets(b->next_bio,buf,size));
+        }
+
+static int linebuffer_puts(BIO *b, const char *str)
+        {
+        return(linebuffer_write(b,str,strlen(str)));
+        }
+
diff --git a/src/lib/libcrypto/bio/bf_nbio.c b/src/lib/libcrypto/bio/bf_nbio.c
new file mode 100644
index 0000000000..1ce2bfacc0
--- /dev/null
+++ b/src/lib/libcrypto/bio/bf_nbio.c
@@ -0,0 +1,255 @@
+/* crypto/bio/bf_nbio.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int nbiof_write(BIO *h,const char *buf,int num);
+static int nbiof_read(BIO *h,char *buf,int size);
+static int nbiof_puts(BIO *h,const char *str);
+static int nbiof_gets(BIO *h,char *str,int size);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
+typedef struct nbio_test_st
+        {
+        /* only set if we sent a 'should retry' error */
+        int lrn;
+        int lwn;
+        } NBIO_TEST;
+
+static BIO_METHOD methods_nbiof=
+        {
+        BIO_TYPE_NBIO_TEST,
+        "non-blocking IO test filter",
+        nbiof_write,
+        nbiof_read,
+        nbiof_puts,
+        nbiof_gets,
+        nbiof_ctrl,
+        nbiof_new,
+        nbiof_free,
+        nbiof_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_nbio_test(void)
+        {
+        return(&methods_nbiof);
+        }
+
+static int nbiof_new(BIO *bi)
+        {
+        NBIO_TEST *nt;
+
+        if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
+        nt->lrn= -1;
+        nt->lwn= -1;
+        bi->ptr=(char *)nt;
+        bi->init=1;
+        bi->flags=0;
+        return(1);
+        }
+
+static int nbiof_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        if (a->ptr != NULL)
+                OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int nbiof_read(BIO *b, char *out, int outl)
+        {
+        NBIO_TEST *nt;
+        int ret=0;
+#if 0
+        int num;
+        unsigned char n;
+#endif
+
+        if (out == NULL) return(0);
+        if (b->next_bio == NULL) return(0);
+        nt=(NBIO_TEST *)b->ptr;
+
+        BIO_clear_retry_flags(b);
+#if 0
+        RAND_pseudo_bytes(&n,1);
+        num=(n&0x07);
+
+        if (outl > num) outl=num;
+
+        if (num == 0)
+                {
+                ret= -1;
+                BIO_set_retry_read(b);
+                }
+        else
+#endif
+                {
+                ret=BIO_read(b->next_bio,out,outl);
+                if (ret < 0)
+                        BIO_copy_next_retry(b);
+                }
+        return(ret);
+        }
+
+static int nbiof_write(BIO *b, const char *in, int inl)
+        {
+        NBIO_TEST *nt;
+        int ret=0;
+        int num;
+        unsigned char n;
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+        if (b->next_bio == NULL) return(0);
+        nt=(NBIO_TEST *)b->ptr;
+
+        BIO_clear_retry_flags(b);
+
+#if 1
+        if (nt->lwn > 0)
+                {
+                num=nt->lwn;
+                nt->lwn=0;
+                }
+        else
+                {
+                RAND_pseudo_bytes(&n,1);
+                num=(n&7);
+                }
+
+        if (inl > num) inl=num;
+
+        if (num == 0)
+                {
+                ret= -1;
+                BIO_set_retry_write(b);
+                }
+        else
+#endif
+                {
+                ret=BIO_write(b->next_bio,in,inl);
+                if (ret < 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        nt->lwn=inl;
+                        }
+                }
+        return(ret);
+        }
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_DUP:
+                ret=0L;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+
+static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_gets(bp->next_bio,buf,size));
+        }
+
+
+static int nbiof_puts(BIO *bp, const char *str)
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_puts(bp->next_bio,str));
+        }
+
+
diff --git a/src/lib/libcrypto/bio/bf_null.c b/src/lib/libcrypto/bio/bf_null.c
new file mode 100644
index 0000000000..c1bf39a904
--- /dev/null
+++ b/src/lib/libcrypto/bio/bf_null.c
@@ -0,0 +1,183 @@
+/* crypto/bio/bf_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nullf_new(BIO *h);
+static int nullf_free(BIO *data);
+static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static BIO_METHOD methods_nullf=
+        {
+        BIO_TYPE_NULL_FILTER,
+        "NULL filter",
+        nullf_write,
+        nullf_read,
+        nullf_puts,
+        nullf_gets,
+        nullf_ctrl,
+        nullf_new,
+        nullf_free,
+        nullf_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_null(void)
+        {
+        return(&methods_nullf);
+        }
+
+static int nullf_new(BIO *bi)
+        {
+        bi->init=1;
+        bi->ptr=NULL;
+        bi->flags=0;
+        return(1);
+        }
+
+static int nullf_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+/*      a->ptr=NULL;
+        a->init=0;
+        a->flags=0;*/
+        return(1);
+        }
+        
+static int nullf_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+ 
+        if (out == NULL) return(0);
+        if (b->next_bio == NULL) return(0);
+        ret=BIO_read(b->next_bio,out,outl);
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static int nullf_write(BIO *b, const char *in, int inl)
+        {
+        int ret=0;
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+        if (b->next_bio == NULL) return(0);
+        ret=BIO_write(b->next_bio,in,inl);
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret;
+
+        if (b->next_bio == NULL) return(0);
+        switch(cmd)
+                {
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_DUP:
+                ret=0L;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                }
+        return(ret);
+        }
+
+static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static int nullf_gets(BIO *bp, char *buf, int size)
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_gets(bp->next_bio,buf,size));
+        }
+
+
+static int nullf_puts(BIO *bp, const char *str)
+        {
+        if (bp->next_bio == NULL) return(0);
+        return(BIO_puts(bp->next_bio,str));
+        }
+
+
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h
new file mode 100644
index 0000000000..2eb703830f
--- /dev/null
+++ b/src/lib/libcrypto/bio/bio.h
@@ -0,0 +1,695 @@
+/* crypto/bio/bio.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BIO_H
+#define HEADER_BIO_H
+
+#ifndef OPENSSL_NO_FP_API
+# include <stdio.h>
+#endif
+#include <stdarg.h>
+
+#include <openssl/crypto.h>
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* These are the 'types' of BIOs */
+#define BIO_TYPE_NONE           0
+#define BIO_TYPE_MEM            (1|0x0400)
+#define BIO_TYPE_FILE           (2|0x0400)
+
+#define BIO_TYPE_FD             (4|0x0400|0x0100)
+#define BIO_TYPE_SOCKET         (5|0x0400|0x0100)
+#define BIO_TYPE_NULL           (6|0x0400)
+#define BIO_TYPE_SSL            (7|0x0200)
+#define BIO_TYPE_MD             (8|0x0200)              /* passive filter */
+#define BIO_TYPE_BUFFER         (9|0x0200)              /* filter */
+#define BIO_TYPE_CIPHER         (10|0x0200)             /* filter */
+#define BIO_TYPE_BASE64         (11|0x0200)             /* filter */
+#define BIO_TYPE_CONNECT        (12|0x0400|0x0100)      /* socket - connect */
+#define BIO_TYPE_ACCEPT         (13|0x0400|0x0100)      /* socket for accept */
+#define BIO_TYPE_PROXY_CLIENT   (14|0x0200)             /* client proxy BIO */
+#define BIO_TYPE_PROXY_SERVER   (15|0x0200)             /* server proxy BIO */
+#define BIO_TYPE_NBIO_TEST      (16|0x0200)             /* server proxy BIO */
+#define BIO_TYPE_NULL_FILTER    (17|0x0200)
+#define BIO_TYPE_BER            (18|0x0200)             /* BER -> bin filter */
+#define BIO_TYPE_BIO            (19|0x0400)             /* (half a) BIO pair */
+#define BIO_TYPE_LINEBUFFER     (20|0x0200)             /* filter */
+
+#define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
+#define BIO_TYPE_FILTER         0x0200
+#define BIO_TYPE_SOURCE_SINK    0x0400
+
+/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
+#define BIO_NOCLOSE             0x00
+#define BIO_CLOSE               0x01
+
+/* These are used in the following macros and are passed to
+ * BIO_ctrl() */
+#define BIO_CTRL_RESET          1  /* opt - rewind/zero etc */
+#define BIO_CTRL_EOF            2  /* opt - are we at the eof */
+#define BIO_CTRL_INFO           3  /* opt - extra tit-bits */
+#define BIO_CTRL_SET            4  /* man - set the 'IO' type */
+#define BIO_CTRL_GET            5  /* man - get the 'IO' type */
+#define BIO_CTRL_PUSH           6  /* opt - internal, used to signify change */
+#define BIO_CTRL_POP            7  /* opt - internal, used to signify change */
+#define BIO_CTRL_GET_CLOSE      8  /* man - set the 'close' on free */
+#define BIO_CTRL_SET_CLOSE      9  /* man - set the 'close' on free */
+#define BIO_CTRL_PENDING        10  /* opt - is their more data buffered */
+#define BIO_CTRL_FLUSH          11  /* opt - 'flush' buffered output */
+#define BIO_CTRL_DUP            12  /* man - extra stuff for 'duped' BIO */
+#define BIO_CTRL_WPENDING       13  /* opt - number of bytes still to write */
+/* callback is int cb(BIO *bio,state,ret); */
+#define BIO_CTRL_SET_CALLBACK   14  /* opt - set callback function */
+#define BIO_CTRL_GET_CALLBACK   15  /* opt - set callback function */
+
+#define BIO_CTRL_SET_FILENAME   30      /* BIO_s_file special */
+
+/* modifiers */
+#define BIO_FP_READ             0x02
+#define BIO_FP_WRITE            0x04
+#define BIO_FP_APPEND           0x08
+#define BIO_FP_TEXT             0x10
+
+#define BIO_FLAGS_READ          0x01
+#define BIO_FLAGS_WRITE         0x02
+#define BIO_FLAGS_IO_SPECIAL    0x04
+#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+#define BIO_FLAGS_SHOULD_RETRY  0x08
+
+/* Used in BIO_gethostbyname() */
+#define BIO_GHBN_CTRL_HITS              1
+#define BIO_GHBN_CTRL_MISSES            2
+#define BIO_GHBN_CTRL_CACHE_SIZE        3
+#define BIO_GHBN_CTRL_GET_ENTRY         4
+#define BIO_GHBN_CTRL_FLUSH             5
+
+/* Mostly used in the SSL BIO */
+/* Not used anymore
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+ * #define BIO_FLAGS_PROTOCOL_STARTUP   0x40
+ */
+
+#define BIO_FLAGS_BASE64_NO_NL  0x100
+
+/* This is used with memory BIOs: it means we shouldn't free up or change the
+ * data in any way.
+ */
+#define BIO_FLAGS_MEM_RDONLY    0x200
+
+#define BIO_set_flags(b,f) ((b)->flags|=(f))
+#define BIO_get_flags(b) ((b)->flags)
+#define BIO_set_retry_special(b) \
+                ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_read(b) \
+                ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_set_retry_write(b) \
+                ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+#define BIO_clear_flags(b,f) ((b)->flags&= ~(f))
+#define BIO_clear_retry_flags(b) \
+                ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+#define BIO_get_retry_flags(b) \
+                ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+#define BIO_should_read(a)              ((a)->flags & BIO_FLAGS_READ)
+#define BIO_should_write(a)             ((a)->flags & BIO_FLAGS_WRITE)
+#define BIO_should_io_special(a)        ((a)->flags & BIO_FLAGS_IO_SPECIAL)
+#define BIO_retry_type(a)               ((a)->flags & BIO_FLAGS_RWS)
+#define BIO_should_retry(a)             ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+
+/* The next three are used in conjunction with the
+ * BIO_should_io_special() condition.  After this returns true,
+ * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
+ * stack and return the 'reason' for the special and the offending BIO.
+ * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
+/* Returned from the SSL bio when the certificate retrieval code had an error */
+#define BIO_RR_SSL_X509_LOOKUP          0x01
+/* Returned from the connect BIO when a connect would have blocked */
+#define BIO_RR_CONNECT                  0x02
+/* Returned from the accept BIO when an accept would have blocked */
+#define BIO_RR_ACCEPT                   0x03
+
+/* These are passed by the BIO callback */
+#define BIO_CB_FREE     0x01
+#define BIO_CB_READ     0x02
+#define BIO_CB_WRITE    0x03
+#define BIO_CB_PUTS     0x04
+#define BIO_CB_GETS     0x05
+#define BIO_CB_CTRL     0x06
+
+/* The callback is called before and after the underling operation,
+ * The BIO_CB_RETURN flag indicates if it is after the call */
+#define BIO_CB_RETURN   0x80
+#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+#define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
+#define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
+
+#define BIO_set_callback(b,cb)          ((b)->callback=(cb))
+#define BIO_set_callback_arg(b,arg)     ((b)->cb_arg=(char *)(arg))
+#define BIO_get_callback_arg(b)         ((b)->cb_arg)
+#define BIO_get_callback(b)             ((b)->callback)
+#define BIO_method_name(b)              ((b)->method->name)
+#define BIO_method_type(b)              ((b)->method->type)
+
+typedef struct bio_st BIO;
+
+typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
+
+#ifndef OPENSSL_SYS_WIN16
+typedef struct bio_method_st
+        {
+        int type;
+        const char *name;
+        int (*bwrite)(BIO *, const char *, int);
+        int (*bread)(BIO *, char *, int);
+        int (*bputs)(BIO *, const char *);
+        int (*bgets)(BIO *, char *, int);
+        long (*ctrl)(BIO *, int, long, void *);
+        int (*create)(BIO *);
+        int (*destroy)(BIO *);
+        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
+        } BIO_METHOD;
+#else
+typedef struct bio_method_st
+        {
+        int type;
+        const char *name;
+        int (_far *bwrite)();
+        int (_far *bread)();
+        int (_far *bputs)();
+        int (_far *bgets)();
+        long (_far *ctrl)();
+        int (_far *create)();
+        int (_far *destroy)();
+        long (_far *callback_ctrl)();
+        } BIO_METHOD;
+#endif
+
+struct bio_st
+        {
+        BIO_METHOD *method;
+        /* bio, mode, argp, argi, argl, ret */
+        long (*callback)(struct bio_st *,int,const char *,int, long,long);
+        char *cb_arg; /* first argument for the callback */
+
+        int init;
+        int shutdown;
+        int flags;      /* extra storage */
+        int retry_reason;
+        int num;
+        void *ptr;
+        struct bio_st *next_bio;        /* used by filter BIOs */
+        struct bio_st *prev_bio;        /* used by filter BIOs */
+        int references;
+        unsigned long num_read;
+        unsigned long num_write;
+
+        CRYPTO_EX_DATA ex_data;
+        };
+
+DECLARE_STACK_OF(BIO)
+
+typedef struct bio_f_buffer_ctx_struct
+        {
+        /* BIO *bio; */ /* this is now in the BIO struct */
+        int ibuf_size;  /* how big is the input buffer */
+        int obuf_size;  /* how big is the output buffer */
+
+        char *ibuf;             /* the char array */
+        int ibuf_len;           /* how many bytes are in it */
+        int ibuf_off;           /* write/read offset */
+
+        char *obuf;             /* the char array */
+        int obuf_len;           /* how many bytes are in it */
+        int obuf_off;           /* write/read offset */
+        } BIO_F_BUFFER_CTX;
+
+/* connect BIO stuff */
+#define BIO_CONN_S_BEFORE               1
+#define BIO_CONN_S_GET_IP               2
+#define BIO_CONN_S_GET_PORT             3
+#define BIO_CONN_S_CREATE_SOCKET        4
+#define BIO_CONN_S_CONNECT              5
+#define BIO_CONN_S_OK                   6
+#define BIO_CONN_S_BLOCKED_CONNECT      7
+#define BIO_CONN_S_NBIO                 8
+/*#define BIO_CONN_get_param_hostname   BIO_ctrl */
+
+#define BIO_C_SET_CONNECT                       100
+#define BIO_C_DO_STATE_MACHINE                  101
+#define BIO_C_SET_NBIO                          102
+#define BIO_C_SET_PROXY_PARAM                   103
+#define BIO_C_SET_FD                            104
+#define BIO_C_GET_FD                            105
+#define BIO_C_SET_FILE_PTR                      106
+#define BIO_C_GET_FILE_PTR                      107
+#define BIO_C_SET_FILENAME                      108
+#define BIO_C_SET_SSL                           109
+#define BIO_C_GET_SSL                           110
+#define BIO_C_SET_MD                            111
+#define BIO_C_GET_MD                            112
+#define BIO_C_GET_CIPHER_STATUS                 113
+#define BIO_C_SET_BUF_MEM                       114
+#define BIO_C_GET_BUF_MEM_PTR                   115
+#define BIO_C_GET_BUFF_NUM_LINES                116
+#define BIO_C_SET_BUFF_SIZE                     117
+#define BIO_C_SET_ACCEPT                        118
+#define BIO_C_SSL_MODE                          119
+#define BIO_C_GET_MD_CTX                        120
+#define BIO_C_GET_PROXY_PARAM                   121
+#define BIO_C_SET_BUFF_READ_DATA                122 /* data to read first */
+#define BIO_C_GET_CONNECT                       123
+#define BIO_C_GET_ACCEPT                        124
+#define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
+#define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
+#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
+#define BIO_C_FILE_SEEK                         128
+#define BIO_C_GET_CIPHER_CTX                    129
+#define BIO_C_SET_BUF_MEM_EOF_RETURN            130/*return end of input value*/
+#define BIO_C_SET_BIND_MODE                     131
+#define BIO_C_GET_BIND_MODE                     132
+#define BIO_C_FILE_TELL                         133
+#define BIO_C_GET_SOCKS                         134
+#define BIO_C_SET_SOCKS                         135
+
+#define BIO_C_SET_WRITE_BUF_SIZE                136/* for BIO_s_bio */
+#define BIO_C_GET_WRITE_BUF_SIZE                137
+#define BIO_C_MAKE_BIO_PAIR                     138
+#define BIO_C_DESTROY_BIO_PAIR                  139
+#define BIO_C_GET_WRITE_GUARANTEE               140
+#define BIO_C_GET_READ_REQUEST                  141
+#define BIO_C_SHUTDOWN_WR                       142
+#define BIO_C_NREAD0                            143
+#define BIO_C_NREAD                             144
+#define BIO_C_NWRITE0                           145
+#define BIO_C_NWRITE                            146
+#define BIO_C_RESET_READ_REQUEST                147
+#define BIO_C_SET_MD_CTX                        148
+
+
+#define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
+#define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
+
+/* BIO_s_connect() and BIO_s_socks4a_connect() */
+#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+#define BIO_set_conn_ip(b,ip)     BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+#define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
+#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
+
+
+#define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+/* BIO_s_accept_socket() */
+#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+#define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL)
+#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+
+#define BIO_BIND_NORMAL                 0
+#define BIO_BIND_REUSEADDR_IF_UNUSED    1
+#define BIO_BIND_REUSEADDR              2
+#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+#define BIO_do_connect(b)       BIO_do_handshake(b)
+#define BIO_do_accept(b)        BIO_do_handshake(b)
+#define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_proxy_client() */
+#define BIO_set_url(b,url)      BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
+#define BIO_set_proxies(b,p)    BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
+/* BIO_set_nbio(b,n) */
+#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
+/* BIO *BIO_get_filter_bio(BIO *bio); */
+#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
+#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
+
+#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
+#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
+#define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+#define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+
+#define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+#define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+#define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+#define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+
+#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+#define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/* name is cast to lose const, but might be better to route through a function
+   so we can do it safely */
+#ifdef CONST_STRICT
+/* If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b,const char *name);
+#else
+#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ,(char *)name)
+#endif
+#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_WRITE,name)
+#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_APPEND,name)
+#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/* WARNING WARNING, this ups the reference count on the read bio of the
+ * SSL structure.  This is because the ssl read BIO is now pointed to by
+ * the next_bio field in the bio.  So when you free the BIO, make sure
+ * you are doing a BIO_free_all() to catch the underlying BIO. */
+#define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+#define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+#define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+#define BIO_set_ssl_renegotiate_bytes(b,num) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+#define BIO_get_num_renegotiates(b) \
+        BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+
+#define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+#define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+#define BIO_set_mem_eof_return(b,v) \
+                                BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+#define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+#define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+#define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+#define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+#define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+#define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+#define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+#define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+#define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+#define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+                                                   cbp)
+#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+
+/* For BIO_s_bio() */
+#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* These two aren't currently implemented */
+/* int BIO_get_ex_num(BIO *bio); */
+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+int BIO_set_ex_data(BIO *bio,int idx,void *data);
+void *BIO_get_ex_data(BIO *bio,int idx);
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+unsigned long BIO_number_read(BIO *bio);
+unsigned long BIO_number_written(BIO *bio);
+
+# ifndef OPENSSL_NO_FP_API
+#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal(void);
+BIO *BIO_new_file_internal(char *filename, char *mode);
+BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
+#    define BIO_s_file  BIO_s_file_internal
+#    define BIO_new_file        BIO_new_file_internal
+#    define BIO_new_fp  BIO_new_fp_internal
+#  else /* FP_API */
+BIO_METHOD *BIO_s_file(void );
+BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+#    define BIO_s_file_internal         BIO_s_file
+#    define BIO_new_file_internal       BIO_new_file
+#    define BIO_new_fp_internal         BIO_s_file
+#  endif /* FP_API */
+# endif
+BIO *   BIO_new(BIO_METHOD *type);
+int     BIO_set(BIO *a,BIO_METHOD *type);
+int     BIO_free(BIO *a);
+void    BIO_vfree(BIO *a);
+int     BIO_read(BIO *b, void *data, int len);
+int     BIO_gets(BIO *bp,char *buf, int size);
+int     BIO_write(BIO *b, const void *data, int len);
+int     BIO_puts(BIO *bp,const char *buf);
+int     BIO_indent(BIO *b,int indent,int max);
+long    BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+char *  BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+long    BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+BIO *   BIO_push(BIO *b,BIO *append);
+BIO *   BIO_pop(BIO *b);
+void    BIO_free_all(BIO *a);
+BIO *   BIO_find_type(BIO *b,int bio_type);
+BIO *   BIO_next(BIO *b);
+BIO *   BIO_get_retry_BIO(BIO *bio, int *reason);
+int     BIO_get_retry_reason(BIO *bio);
+BIO *   BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+#ifndef OPENSSL_SYS_WIN16
+long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+        long argl,long ret);
+#else
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+        long argl,long ret);
+#endif
+
+BIO_METHOD *BIO_s_mem(void);
+BIO *BIO_new_mem_buf(void *buf, int len);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_connect(void);
+BIO_METHOD *BIO_s_accept(void);
+BIO_METHOD *BIO_s_fd(void);
+#ifndef OPENSSL_SYS_OS2
+BIO_METHOD *BIO_s_log(void);
+#endif
+BIO_METHOD *BIO_s_bio(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_buffer(void);
+#ifdef OPENSSL_SYS_VMS
+BIO_METHOD *BIO_f_linebuffer(void);
+#endif
+BIO_METHOD *BIO_f_nbio_test(void);
+/* BIO_METHOD *BIO_f_ber(void); */
+
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump(BIO *b,const char *bytes,int len);
+int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
+
+struct hostent *BIO_gethostbyname(const char *name);
+/* We might want a thread-safe interface too:
+ * struct hostent *BIO_gethostbyname_r(const char *name,
+ *     struct hostent *result, void *buffer, size_t buflen);
+ * or something similar (caller allocates a struct hostent,
+ * pointed to by "result", and additional buffer space for the various
+ * substructures; if the buffer does not suffice, NULL is returned
+ * and an appropriate error code is set).
+ */
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd,int mode);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port,int mode);
+int BIO_accept(int sock,char **ip_port);
+int BIO_sock_init(void );
+void BIO_sock_cleanup(void);
+int BIO_set_tcp_ndelay(int sock,int turn_on);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_fd(int fd, int close_flag);
+BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_accept(char *host_port);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+        BIO **bio2, size_t writebuf2);
+/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
+ * Size 0 uses default value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
+
+int BIO_printf(BIO *bio, const char *format, ...);
+int BIO_vprintf(BIO *bio, const char *format, va_list args);
+int BIO_snprintf(char *buf, size_t n, const char *format, ...);
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BIO_strings(void);
+
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+#define BIO_F_ACPT_STATE                                 100
+#define BIO_F_BIO_ACCEPT                                 101
+#define BIO_F_BIO_BER_GET_HEADER                         102
+#define BIO_F_BIO_CTRL                                   103
+#define BIO_F_BIO_GETHOSTBYNAME                          120
+#define BIO_F_BIO_GETS                                   104
+#define BIO_F_BIO_GET_ACCEPT_SOCKET                      105
+#define BIO_F_BIO_GET_HOST_IP                            106
+#define BIO_F_BIO_GET_PORT                               107
+#define BIO_F_BIO_MAKE_PAIR                              121
+#define BIO_F_BIO_NEW                                    108
+#define BIO_F_BIO_NEW_FILE                               109
+#define BIO_F_BIO_NEW_MEM_BUF                            126
+#define BIO_F_BIO_NREAD                                  123
+#define BIO_F_BIO_NREAD0                                 124
+#define BIO_F_BIO_NWRITE                                 125
+#define BIO_F_BIO_NWRITE0                                122
+#define BIO_F_BIO_PUTS                                   110
+#define BIO_F_BIO_READ                                   111
+#define BIO_F_BIO_SOCK_INIT                              112
+#define BIO_F_BIO_WRITE                                  113
+#define BIO_F_BUFFER_CTRL                                114
+#define BIO_F_CONN_CTRL                                  127
+#define BIO_F_CONN_STATE                                 115
+#define BIO_F_FILE_CTRL                                  116
+#define BIO_F_FILE_READ                                  130
+#define BIO_F_LINEBUFFER_CTRL                            129
+#define BIO_F_MEM_READ                                   128
+#define BIO_F_MEM_WRITE                                  117
+#define BIO_F_SSL_NEW                                    118
+#define BIO_F_WSASTARTUP                                 119
+
+/* Reason codes. */
+#define BIO_R_ACCEPT_ERROR                               100
+#define BIO_R_BAD_FOPEN_MODE                             101
+#define BIO_R_BAD_HOSTNAME_LOOKUP                        102
+#define BIO_R_BROKEN_PIPE                                124
+#define BIO_R_CONNECT_ERROR                              103
+#define BIO_R_EOF_ON_MEMORY_BIO                          127
+#define BIO_R_ERROR_SETTING_NBIO                         104
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET      105
+#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET        106
+#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
+#define BIO_R_INVALID_ARGUMENT                           125
+#define BIO_R_INVALID_IP_ADDRESS                         108
+#define BIO_R_IN_USE                                     123
+#define BIO_R_KEEPALIVE                                  109
+#define BIO_R_NBIO_CONNECT_ERROR                         110
+#define BIO_R_NO_ACCEPT_PORT_SPECIFIED                   111
+#define BIO_R_NO_HOSTNAME_SPECIFIED                      112
+#define BIO_R_NO_PORT_DEFINED                            113
+#define BIO_R_NO_PORT_SPECIFIED                          114
+#define BIO_R_NO_SUCH_FILE                               128
+#define BIO_R_NULL_PARAMETER                             115
+#define BIO_R_TAG_MISMATCH                               116
+#define BIO_R_UNABLE_TO_BIND_SOCKET                      117
+#define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
+#define BIO_R_UNINITIALIZED                              120
+#define BIO_R_UNSUPPORTED_METHOD                         121
+#define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
+#define BIO_R_WSASTARTUP                                 122
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c
new file mode 100644
index 0000000000..6f4254a114
--- /dev/null
+++ b/src/lib/libcrypto/bio/bio_cb.c
@@ -0,0 +1,139 @@
+/* crypto/bio/bio_cb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+             int argi, long argl, long ret)
+        {
+        BIO *b;
+        MS_STATIC char buf[256];
+        char *p;
+        long r=1;
+        size_t p_maxlen;
+
+        if (BIO_CB_RETURN & cmd)
+                r=ret;
+
+        BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
+        p= &(buf[14]);
+        p_maxlen = sizeof buf - 14;
+        switch (cmd)
+                {
+        case BIO_CB_FREE:
+                BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
+                break;
+        case BIO_CB_READ:
+                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
+                                 bio->num,argi,bio->method->name,bio->num);
+                else
+                        BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
+                                 bio->num,argi,bio->method->name);
+                break;
+        case BIO_CB_WRITE:
+                if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
+                                 bio->num,argi,bio->method->name,bio->num);
+                else
+                        BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
+                                 bio->num,argi,bio->method->name);
+                break;
+        case BIO_CB_PUTS:
+                BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
+                break;
+        case BIO_CB_GETS:
+                BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
+                break;
+        case BIO_CB_CTRL:
+                BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
+                break;
+        case BIO_CB_RETURN|BIO_CB_READ:
+                BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_WRITE:
+                BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_GETS:
+                BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_PUTS:
+                BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
+                break;
+        case BIO_CB_RETURN|BIO_CB_CTRL:
+                BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
+                break;
+        default:
+                BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
+                break;
+                }
+
+        b=(BIO *)bio->cb_arg;
+        if (b != NULL)
+                BIO_write(b,buf,strlen(buf));
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+        else
+                fputs(buf,stderr);
+#endif
+        return(r);
+        }
diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c
new file mode 100644
index 0000000000..68a119d895
--- /dev/null
+++ b/src/lib/libcrypto/bio/bio_err.c
@@ -0,0 +1,152 @@
+/* crypto/bio/bio_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA BIO_str_functs[]=
+        {
+{ERR_PACK(0,BIO_F_ACPT_STATE,0),        "ACPT_STATE"},
+{ERR_PACK(0,BIO_F_BIO_ACCEPT,0),        "BIO_accept"},
+{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0),        "BIO_BER_GET_HEADER"},
+{ERR_PACK(0,BIO_F_BIO_CTRL,0),  "BIO_ctrl"},
+{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"},
+{ERR_PACK(0,BIO_F_BIO_GETS,0),  "BIO_gets"},
+{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0),     "BIO_get_accept_socket"},
+{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0),   "BIO_get_host_ip"},
+{ERR_PACK(0,BIO_F_BIO_GET_PORT,0),      "BIO_get_port"},
+{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0),     "BIO_MAKE_PAIR"},
+{ERR_PACK(0,BIO_F_BIO_NEW,0),   "BIO_new"},
+{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0),      "BIO_new_file"},
+{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0),   "BIO_new_mem_buf"},
+{ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"},
+{ERR_PACK(0,BIO_F_BIO_NREAD0,0),        "BIO_nread0"},
+{ERR_PACK(0,BIO_F_BIO_NWRITE,0),        "BIO_nwrite"},
+{ERR_PACK(0,BIO_F_BIO_NWRITE0,0),       "BIO_nwrite0"},
+{ERR_PACK(0,BIO_F_BIO_PUTS,0),  "BIO_puts"},
+{ERR_PACK(0,BIO_F_BIO_READ,0),  "BIO_read"},
+{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0),     "BIO_sock_init"},
+{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"},
+{ERR_PACK(0,BIO_F_BUFFER_CTRL,0),       "BUFFER_CTRL"},
+{ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"},
+{ERR_PACK(0,BIO_F_CONN_STATE,0),        "CONN_STATE"},
+{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"},
+{ERR_PACK(0,BIO_F_FILE_READ,0), "FILE_READ"},
+{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),   "LINEBUFFER_CTRL"},
+{ERR_PACK(0,BIO_F_MEM_READ,0),  "MEM_READ"},
+{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"},
+{ERR_PACK(0,BIO_F_SSL_NEW,0),   "SSL_new"},
+{ERR_PACK(0,BIO_F_WSASTARTUP,0),        "WSASTARTUP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA BIO_str_reasons[]=
+        {
+{BIO_R_ACCEPT_ERROR                      ,"accept error"},
+{BIO_R_BAD_FOPEN_MODE                    ,"bad fopen mode"},
+{BIO_R_BAD_HOSTNAME_LOOKUP               ,"bad hostname lookup"},
+{BIO_R_BROKEN_PIPE                       ,"broken pipe"},
+{BIO_R_CONNECT_ERROR                     ,"connect error"},
+{BIO_R_EOF_ON_MEMORY_BIO                 ,"EOF on memory BIO"},
+{BIO_R_ERROR_SETTING_NBIO                ,"error setting nbio"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
+{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
+{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
+{BIO_R_INVALID_ARGUMENT                  ,"invalid argument"},
+{BIO_R_INVALID_IP_ADDRESS                ,"invalid ip address"},
+{BIO_R_IN_USE                            ,"in use"},
+{BIO_R_KEEPALIVE                         ,"keepalive"},
+{BIO_R_NBIO_CONNECT_ERROR                ,"nbio connect error"},
+{BIO_R_NO_ACCEPT_PORT_SPECIFIED          ,"no accept port specified"},
+{BIO_R_NO_HOSTNAME_SPECIFIED             ,"no hostname specified"},
+{BIO_R_NO_PORT_DEFINED                   ,"no port defined"},
+{BIO_R_NO_PORT_SPECIFIED                 ,"no port specified"},
+{BIO_R_NO_SUCH_FILE                      ,"no such file"},
+{BIO_R_NULL_PARAMETER                    ,"null parameter"},
+{BIO_R_TAG_MISMATCH                      ,"tag mismatch"},
+{BIO_R_UNABLE_TO_BIND_SOCKET             ,"unable to bind socket"},
+{BIO_R_UNABLE_TO_CREATE_SOCKET           ,"unable to create socket"},
+{BIO_R_UNABLE_TO_LISTEN_SOCKET           ,"unable to listen socket"},
+{BIO_R_UNINITIALIZED                     ,"uninitialized"},
+{BIO_R_UNSUPPORTED_METHOD                ,"unsupported method"},
+{BIO_R_WRITE_TO_READ_ONLY_BIO            ,"write to read only BIO"},
+{BIO_R_WSASTARTUP                        ,"WSAStartup"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_BIO_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
+                ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
new file mode 100644
index 0000000000..692c8fb5c6
--- /dev/null
+++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -0,0 +1,556 @@
+/* crypto/bio/bio_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
+
+BIO *BIO_new(BIO_METHOD *method)
+        {
+        BIO *ret=NULL;
+
+        ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
+        if (ret == NULL)
+                {
+                BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        if (!BIO_set(ret,method))
+                {
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+int BIO_set(BIO *bio, BIO_METHOD *method)
+        {
+        bio->method=method;
+        bio->callback=NULL;
+        bio->cb_arg=NULL;
+        bio->init=0;
+        bio->shutdown=1;
+        bio->flags=0;
+        bio->retry_reason=0;
+        bio->num=0;
+        bio->ptr=NULL;
+        bio->prev_bio=NULL;
+        bio->next_bio=NULL;
+        bio->references=1;
+        bio->num_read=0L;
+        bio->num_write=0L;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        if (method->create != NULL)
+                if (!method->create(bio))
+                        {
+                        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
+                                        &bio->ex_data);
+                        return(0);
+                        }
+        return(1);
+        }
+
+int BIO_free(BIO *a)
+        {
+        int ret=0,i;
+
+        if (a == NULL) return(0);
+
+        i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
+#ifdef REF_PRINT
+        REF_PRINT("BIO",a);
+#endif
+        if (i > 0) return(1);
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"BIO_free, bad reference count\n");
+                abort();
+                }
+#endif
+        if ((a->callback != NULL) &&
+                ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
+                        return(i);
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+        if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
+        ret=a->method->destroy(a);
+        OPENSSL_free(a);
+        return(1);
+        }
+
+void BIO_vfree(BIO *a)
+    { BIO_free(a); }
+
+int BIO_read(BIO *b, void *out, int outl)
+        {
+        int i;
+        long (*cb)();
+
+        if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
+                {
+                BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+
+        cb=b->callback;
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
+                        return(i);
+
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
+                return(-2);
+                }
+
+        i=b->method->bread(b,out,outl);
+
+        if (i > 0) b->num_read+=(unsigned long)i;
+
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
+                        0L,(long)i);
+        return(i);
+        }
+
+int BIO_write(BIO *b, const void *in, int inl)
+        {
+        int i;
+        long (*cb)();
+
+        if (b == NULL)
+                return(0);
+
+        cb=b->callback;
+        if ((b->method == NULL) || (b->method->bwrite == NULL))
+                {
+                BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
+                        return(i);
+
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
+                return(-2);
+                }
+
+        i=b->method->bwrite(b,in,inl);
+
+        if (i > 0) b->num_write+=(unsigned long)i;
+
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
+                        0L,(long)i);
+        return(i);
+        }
+
+int BIO_puts(BIO *b, const char *in)
+        {
+        int i;
+        long (*cb)();
+
+        if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
+                {
+                BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+
+        cb=b->callback;
+
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
+                        return(i);
+
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
+                return(-2);
+                }
+
+        i=b->method->bputs(b,in);
+
+        if (i > 0) b->num_write+=(unsigned long)i;
+
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
+                        0L,(long)i);
+        return(i);
+        }
+
+int BIO_gets(BIO *b, char *in, int inl)
+        {
+        int i;
+        long (*cb)();
+
+        if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
+                {
+                BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+
+        cb=b->callback;
+
+        if ((cb != NULL) &&
+                ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
+                        return(i);
+
+        if (!b->init)
+                {
+                BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
+                return(-2);
+                }
+
+        i=b->method->bgets(b,in,inl);
+
+        if (cb != NULL)
+                i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
+                        0L,(long)i);
+        return(i);
+        }
+
+int BIO_indent(BIO *b,int indent,int max)
+        {
+        if(indent < 0)
+                indent=0;
+        if(indent > max)
+                indent=max;
+        while(indent--)
+                if(BIO_puts(b," ") != 1)
+                        return 0;
+        return 1;
+        }
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
+        {
+        int i;
+
+        i=iarg;
+        return(BIO_ctrl(b,cmd,larg,(char *)&i));
+        }
+
+char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+        {
+        char *p=NULL;
+
+        if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
+                return(NULL);
+        else
+                return(p);
+        }
+
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+        {
+        long ret;
+        long (*cb)();
+
+        if (b == NULL) return(0);
+
+        if ((b->method == NULL) || (b->method->ctrl == NULL))
+                {
+                BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+
+        cb=b->callback;
+
+        if ((cb != NULL) &&
+                ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
+                return(ret);
+
+        ret=b->method->ctrl(b,cmd,larg,parg);
+
+        if (cb != NULL)
+                ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
+                        larg,ret);
+        return(ret);
+        }
+
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
+        {
+        long ret;
+        long (*cb)();
+
+        if (b == NULL) return(0);
+
+        if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
+                {
+                BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
+                return(-2);
+                }
+
+        cb=b->callback;
+
+        if ((cb != NULL) &&
+                ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))
+                return(ret);
+
+        ret=b->method->callback_ctrl(b,cmd,fp);
+
+        if (cb != NULL)
+                ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,
+                        0,ret);
+        return(ret);
+        }
+
+/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway. */
+size_t BIO_ctrl_pending(BIO *bio)
+        {
+        return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+        }
+
+size_t BIO_ctrl_wpending(BIO *bio)
+        {
+        return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+        }
+
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(BIO *b, BIO *bio)
+        {
+        BIO *lb;
+
+        if (b == NULL) return(bio);
+        lb=b;
+        while (lb->next_bio != NULL)
+                lb=lb->next_bio;
+        lb->next_bio=bio;
+        if (bio != NULL)
+                bio->prev_bio=lb;
+        /* called to do internal processing */
+        BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
+        return(b);
+        }
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(BIO *b)
+        {
+        BIO *ret;
+
+        if (b == NULL) return(NULL);
+        ret=b->next_bio;
+
+        BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+
+        if (b->prev_bio != NULL)
+                b->prev_bio->next_bio=b->next_bio;
+        if (b->next_bio != NULL)
+                b->next_bio->prev_bio=b->prev_bio;
+
+        b->next_bio=NULL;
+        b->prev_bio=NULL;
+        return(ret);
+        }
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
+        {
+        BIO *b,*last;
+
+        b=last=bio;
+        for (;;)
+                {
+                if (!BIO_should_retry(b)) break;
+                last=b;
+                b=b->next_bio;
+                if (b == NULL) break;
+                }
+        if (reason != NULL) *reason=last->retry_reason;
+        return(last);
+        }
+
+int BIO_get_retry_reason(BIO *bio)
+        {
+        return(bio->retry_reason);
+        }
+
+BIO *BIO_find_type(BIO *bio, int type)
+        {
+        int mt,mask;
+
+        if(!bio) return NULL;
+        mask=type&0xff;
+        do      {
+                if (bio->method != NULL)
+                        {
+                        mt=bio->method->type;
+
+                        if (!mask)
+                                {
+                                if (mt & type) return(bio);
+                                }
+                        else if (mt == type)
+                                return(bio);
+                        }
+                bio=bio->next_bio;
+                } while (bio != NULL);
+        return(NULL);
+        }
+
+BIO *BIO_next(BIO *b)
+        {
+        if(!b) return NULL;
+        return b->next_bio;
+        }
+
+void BIO_free_all(BIO *bio)
+        {
+        BIO *b;
+        int ref;
+
+        while (bio != NULL)
+                {
+                b=bio;
+                ref=b->references;
+                bio=bio->next_bio;
+                BIO_free(b);
+                /* Since ref count > 1, don't free anyone else. */
+                if (ref > 1) break;
+                }
+        }
+
+BIO *BIO_dup_chain(BIO *in)
+        {
+        BIO *ret=NULL,*eoc=NULL,*bio,*new;
+
+        for (bio=in; bio != NULL; bio=bio->next_bio)
+                {
+                if ((new=BIO_new(bio->method)) == NULL) goto err;
+                new->callback=bio->callback;
+                new->cb_arg=bio->cb_arg;
+                new->init=bio->init;
+                new->shutdown=bio->shutdown;
+                new->flags=bio->flags;
+
+                /* This will let SSL_s_sock() work with stdin/stdout */
+                new->num=bio->num;
+
+                if (!BIO_dup_state(bio,(char *)new))
+                        {
+                        BIO_free(new);
+                        goto err;
+                        }
+
+                /* copy app data */
+                if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+                                        &bio->ex_data))
+                        goto err;
+
+                if (ret == NULL)
+                        {
+                        eoc=new;
+                        ret=eoc;
+                        }
+                else
+                        {
+                        BIO_push(eoc,new);
+                        eoc=new;
+                        }
+                }
+        return(ret);
+err:
+        if (ret != NULL)
+                BIO_free(ret);
+        return(NULL);   
+        }
+
+void BIO_copy_next_retry(BIO *b)
+        {
+        BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
+        b->retry_reason=b->next_bio->retry_reason;
+        }
+
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data)
+        {
+        return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
+        }
+
+void *BIO_get_ex_data(BIO *bio, int idx)
+        {
+        return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
+        }
+
+unsigned long BIO_number_read(BIO *bio)
+{
+        if(bio) return bio->num_read;
+        return 0;
+}
+
+unsigned long BIO_number_written(BIO *bio)
+{
+        if(bio) return bio->num_write;
+        return 0;
+}
+
+IMPLEMENT_STACK_OF(BIO)
diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c
new file mode 100644
index 0000000000..8ea1db158b
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_acpt.c
@@ -0,0 +1,479 @@
+/* crypto/bio/bss_acpt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_SOCK
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+typedef struct bio_accept_st
+        {
+        int state;
+        char *param_addr;
+
+        int accept_sock;
+        int accept_nbio;
+
+        char *addr;
+        int nbio;
+        /* If 0, it means normal, if 1, do a connect on bind failure,
+         * and if there is no-one listening, bind with SO_REUSEADDR.
+         * If 2, always use SO_REUSEADDR. */
+        int bind_mode;
+        BIO *bio_chain;
+        } BIO_ACCEPT;
+
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+BIO_ACCEPT *BIO_ACCEPT_new(void );
+void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+#define ACPT_S_BEFORE                   1
+#define ACPT_S_GET_ACCEPT_SOCKET        2
+#define ACPT_S_OK                       3
+
+static BIO_METHOD methods_acceptp=
+        {
+        BIO_TYPE_ACCEPT,
+        "socket accept",
+        acpt_write,
+        acpt_read,
+        acpt_puts,
+        NULL, /* connect_gets, */
+        acpt_ctrl,
+        acpt_new,
+        acpt_free,
+        NULL,
+        };
+
+BIO_METHOD *BIO_s_accept(void)
+        {
+        return(&methods_acceptp);
+        }
+
+static int acpt_new(BIO *bi)
+        {
+        BIO_ACCEPT *ba;
+
+        bi->init=0;
+        bi->num=INVALID_SOCKET;
+        bi->flags=0;
+        if ((ba=BIO_ACCEPT_new()) == NULL)
+                return(0);
+        bi->ptr=(char *)ba;
+        ba->state=ACPT_S_BEFORE;
+        bi->shutdown=1;
+        return(1);
+        }
+
+BIO_ACCEPT *BIO_ACCEPT_new(void)
+        {
+        BIO_ACCEPT *ret;
+
+        if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
+                return(NULL);
+
+        memset(ret,0,sizeof(BIO_ACCEPT));
+        ret->accept_sock=INVALID_SOCKET;
+        ret->bind_mode=BIO_BIND_NORMAL;
+        return(ret);
+        }
+
+void BIO_ACCEPT_free(BIO_ACCEPT *a)
+        {
+        if(a == NULL)
+            return;
+
+        if (a->param_addr != NULL) OPENSSL_free(a->param_addr);
+        if (a->addr != NULL) OPENSSL_free(a->addr);
+        if (a->bio_chain != NULL) BIO_free(a->bio_chain);
+        OPENSSL_free(a);
+        }
+
+static void acpt_close_socket(BIO *bio)
+        {
+        BIO_ACCEPT *c;
+
+        c=(BIO_ACCEPT *)bio->ptr;
+        if (c->accept_sock != INVALID_SOCKET)
+                {
+                shutdown(c->accept_sock,2);
+                closesocket(c->accept_sock);
+                c->accept_sock=INVALID_SOCKET;
+                bio->num=INVALID_SOCKET;
+                }
+        }
+
+static int acpt_free(BIO *a)
+        {
+        BIO_ACCEPT *data;
+
+        if (a == NULL) return(0);
+        data=(BIO_ACCEPT *)a->ptr;
+         
+        if (a->shutdown)
+                {
+                acpt_close_socket(a);
+                BIO_ACCEPT_free(data);
+                a->ptr=NULL;
+                a->flags=0;
+                a->init=0;
+                }
+        return(1);
+        }
+        
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
+        {
+        BIO *bio=NULL,*dbio;
+        int s= -1;
+        int i;
+
+again:
+        switch (c->state)
+                {
+        case ACPT_S_BEFORE:
+                if (c->param_addr == NULL)
+                        {
+                        BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
+                        return(-1);
+                        }
+                s=BIO_get_accept_socket(c->param_addr,c->bind_mode);
+                if (s == INVALID_SOCKET)
+                        return(-1);
+
+                if (c->accept_nbio)
+                        {
+                        if (!BIO_socket_nbio(s,1))
+                                {
+                                closesocket(s);
+                                BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
+                                return(-1);
+                                }
+                        }
+                c->accept_sock=s;
+                b->num=s;
+                c->state=ACPT_S_GET_ACCEPT_SOCKET;
+                return(1);
+                /* break; */
+        case ACPT_S_GET_ACCEPT_SOCKET:
+                if (b->next_bio != NULL)
+                        {
+                        c->state=ACPT_S_OK;
+                        goto again;
+                        }
+                BIO_clear_retry_flags(b);
+                b->retry_reason=0;
+                i=BIO_accept(c->accept_sock,&(c->addr));
+
+                /* -2 return means we should retry */
+                if(i == -2)
+                        {
+                        BIO_set_retry_special(b);
+                        b->retry_reason=BIO_RR_ACCEPT;
+                        return -1;
+                        }
+
+                if (i < 0) return(i);
+
+                bio=BIO_new_socket(i,BIO_CLOSE);
+                if (bio == NULL) goto err;
+
+                BIO_set_callback(bio,BIO_get_callback(b));
+                BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
+
+                if (c->nbio)
+                        {
+                        if (!BIO_socket_nbio(i,1))
+                                {
+                                BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
+                                goto err;
+                                }
+                        }
+
+                /* If the accept BIO has an bio_chain, we dup it and
+                 * put the new socket at the end. */
+                if (c->bio_chain != NULL)
+                        {
+                        if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
+                                goto err;
+                        if (!BIO_push(dbio,bio)) goto err;
+                        bio=dbio;
+                        }
+                if (BIO_push(b,bio) == NULL) goto err;
+
+                c->state=ACPT_S_OK;
+                return(1);
+err:
+                if (bio != NULL)
+                        BIO_free(bio);
+                else if (s >= 0)
+                        closesocket(s);
+                return(0);
+                /* break; */
+        case ACPT_S_OK:
+                if (b->next_bio == NULL)
+                        {
+                        c->state=ACPT_S_GET_ACCEPT_SOCKET;
+                        goto again;
+                        }
+                return(1);
+                /* break; */
+        default:        
+                return(0);
+                /* break; */
+                }
+
+        }
+
+static int acpt_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+        BIO_ACCEPT *data;
+
+        BIO_clear_retry_flags(b);
+        data=(BIO_ACCEPT *)b->ptr;
+
+        while (b->next_bio == NULL)
+                {
+                ret=acpt_state(b,data);
+                if (ret <= 0) return(ret);
+                }
+
+        ret=BIO_read(b->next_bio,out,outl);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static int acpt_write(BIO *b, const char *in, int inl)
+        {
+        int ret;
+        BIO_ACCEPT *data;
+
+        BIO_clear_retry_flags(b);
+        data=(BIO_ACCEPT *)b->ptr;
+
+        while (b->next_bio == NULL)
+                {
+                ret=acpt_state(b,data);
+                if (ret <= 0) return(ret);
+                }
+
+        ret=BIO_write(b->next_bio,in,inl);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO *dbio;
+        int *ip;
+        long ret=1;
+        BIO_ACCEPT *data;
+        char **pp;
+
+        data=(BIO_ACCEPT *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ret=0;
+                data->state=ACPT_S_BEFORE;
+                acpt_close_socket(b);
+                b->flags=0;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                /* use this one to start the connection */
+                ret=(long)acpt_state(b,data);
+                break;
+        case BIO_C_SET_ACCEPT:
+                if (ptr != NULL)
+                        {
+                        if (num == 0)
+                                {
+                                b->init=1;
+                                if (data->param_addr != NULL)
+                                        OPENSSL_free(data->param_addr);
+                                data->param_addr=BUF_strdup(ptr);
+                                }
+                        else if (num == 1)
+                                {
+                                data->accept_nbio=(ptr != NULL);
+                                }
+                        else if (num == 2)
+                                {
+                                if (data->bio_chain != NULL)
+                                        BIO_free(data->bio_chain);
+                                data->bio_chain=(BIO *)ptr;
+                                }
+                        }
+                break;
+        case BIO_C_SET_NBIO:
+                data->nbio=(int)num;
+                break;
+        case BIO_C_SET_FD:
+                b->init=1;
+                b->num= *((int *)ptr);
+                data->accept_sock=b->num;
+                data->state=ACPT_S_GET_ACCEPT_SOCKET;
+                b->shutdown=(int)num;
+                b->init=1;
+                break;
+        case BIO_C_GET_FD:
+                if (b->init)
+                        {
+                        ip=(int *)ptr;
+                        if (ip != NULL)
+                                *ip=data->accept_sock;
+                        ret=data->accept_sock;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_C_GET_ACCEPT:
+                if (b->init)
+                        {
+                        if (ptr != NULL)
+                                {
+                                pp=(char **)ptr;
+                                *pp=data->param_addr;
+                                }
+                        else
+                                ret= -1;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+                ret=0;
+                break;
+        case BIO_CTRL_FLUSH:
+                break;
+        case BIO_C_SET_BIND_MODE:
+                data->bind_mode=(int)num;
+                break;
+        case BIO_C_GET_BIND_MODE:
+                ret=(long)data->bind_mode;
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+/*              if (data->param_port) EAY EAY
+                        BIO_set_port(dbio,data->param_port);
+                if (data->param_hostname)
+                        BIO_set_hostname(dbio,data->param_hostname);
+                BIO_set_nbio(dbio,data->nbio); */
+                break;
+
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int acpt_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=acpt_write(bp,str,n);
+        return(ret);
+        }
+
+BIO *BIO_new_accept(char *str)
+        {
+        BIO *ret;
+
+        ret=BIO_new(BIO_s_accept());
+        if (ret == NULL) return(NULL);
+        if (BIO_set_accept_port(ret,str))
+                return(ret);
+        else
+                {
+                BIO_free(ret);
+                return(NULL);
+                }
+        }
+
+#endif
diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c
new file mode 100644
index 0000000000..0f9f0955b4
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_bio.c
@@ -0,0 +1,924 @@
+/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Special method for a BIO where the other endpoint is also a BIO
+ * of this kind, handled by the same thread (i.e. the "peer" is actually
+ * ourselves, wearing a different hat).
+ * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
+ * for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used. */
+
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
+# ifndef BIO_PAIR_DEBUG
+#  define BIO_PAIR_DEBUG
+# endif
+#endif
+
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
+#ifndef BIO_PAIR_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#include "e_os.h"
+
+/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
+#if defined(OPENSSL_SYS_VXWORKS)
+# undef SSIZE_MAX
+#endif
+#ifndef SSIZE_MAX
+# define SSIZE_MAX INT_MAX
+#endif
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static BIO_METHOD methods_biop =
+{
+        BIO_TYPE_BIO,
+        "BIO pair",
+        bio_write,
+        bio_read,
+        bio_puts,
+        NULL /* no bio_gets */,
+        bio_ctrl,
+        bio_new,
+        bio_free,
+        NULL /* no bio_callback_ctrl */
+};
+
+BIO_METHOD *BIO_s_bio(void)
+        {
+        return &methods_biop;
+        }
+
+struct bio_bio_st
+{
+        BIO *peer;     /* NULL if buf == NULL.
+                        * If peer != NULL, then peer->ptr is also a bio_bio_st,
+                        * and its "peer" member points back to us.
+                        * peer != NULL iff init != 0 in the BIO. */
+        
+        /* This is for what we write (i.e. reading uses peer's struct): */
+        int closed;     /* valid iff peer != NULL */
+        size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */
+        size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */
+        size_t size;
+        char *buf;      /* "size" elements (if != NULL) */
+
+        size_t request; /* valid iff peer != NULL; 0 if len != 0,
+                         * otherwise set by peer to number of bytes
+                         * it (unsuccessfully) tried to read,
+                         * never more than buffer space (size-len) warrants. */
+};
+
+static int bio_new(BIO *bio)
+        {
+        struct bio_bio_st *b;
+        
+        b = OPENSSL_malloc(sizeof *b);
+        if (b == NULL)
+                return 0;
+
+        b->peer = NULL;
+        b->size = 17*1024; /* enough for one TLS record (just a default) */
+        b->buf = NULL;
+
+        bio->ptr = b;
+        return 1;
+        }
+
+
+static int bio_free(BIO *bio)
+        {
+        struct bio_bio_st *b;
+
+        if (bio == NULL)
+                return 0;
+        b = bio->ptr;
+
+        assert(b != NULL);
+
+        if (b->peer)
+                bio_destroy_pair(bio);
+        
+        if (b->buf != NULL)
+                {
+                OPENSSL_free(b->buf);
+                }
+
+        OPENSSL_free(b);
+
+        return 1;
+        }
+
+
+
+static int bio_read(BIO *bio, char *buf, int size_)
+        {
+        size_t size = size_;
+        size_t rest;
+        struct bio_bio_st *b, *peer_b;
+
+        BIO_clear_retry_flags(bio);
+
+        if (!bio->init)
+                return 0;
+
+        b = bio->ptr;
+        assert(b != NULL);
+        assert(b->peer != NULL);
+        peer_b = b->peer->ptr;
+        assert(peer_b != NULL);
+        assert(peer_b->buf != NULL);
+
+        peer_b->request = 0; /* will be set in "retry_read" situation */
+
+        if (buf == NULL || size == 0)
+                return 0;
+
+        if (peer_b->len == 0)
+                {
+                if (peer_b->closed)
+                        return 0; /* writer has closed, and no data is left */
+                else
+                        {
+                        BIO_set_retry_read(bio); /* buffer is empty */
+                        if (size <= peer_b->size)
+                                peer_b->request = size;
+                        else
+                                /* don't ask for more than the peer can
+                                 * deliver in one write */
+                                peer_b->request = peer_b->size;
+                        return -1;
+                        }
+                }
+
+        /* we can read */
+        if (peer_b->len < size)
+                size = peer_b->len;
+
+        /* now read "size" bytes */
+        
+        rest = size;
+        
+        assert(rest > 0);
+        do /* one or two iterations */
+                {
+                size_t chunk;
+                
+                assert(rest <= peer_b->len);
+                if (peer_b->offset + rest <= peer_b->size)
+                        chunk = rest;
+                else
+                        /* wrap around ring buffer */
+                        chunk = peer_b->size - peer_b->offset;
+                assert(peer_b->offset + chunk <= peer_b->size);
+                
+                memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+                
+                peer_b->len -= chunk;
+                if (peer_b->len)
+                        {
+                        peer_b->offset += chunk;
+                        assert(peer_b->offset <= peer_b->size);
+                        if (peer_b->offset == peer_b->size)
+                                peer_b->offset = 0;
+                        buf += chunk;
+                        }
+                else
+                        {
+                        /* buffer now empty, no need to advance "buf" */
+                        assert(chunk == rest);
+                        peer_b->offset = 0;
+                        }
+                rest -= chunk;
+                }
+        while (rest);
+        
+        return size;
+        }
+
+/* non-copying interface: provide pointer to available data in buffer
+ *    bio_nread0:  return number of available bytes
+ *    bio_nread:   also advance index
+ * (example usage:  bio_nread0(), read from buffer, bio_nread()
+ *  or just         bio_nread(), read from buffer)
+ */
+/* WARNING: The non-copying interface is largely untested as of yet
+ * and may contain bugs. */
+static ssize_t bio_nread0(BIO *bio, char **buf)
+        {
+        struct bio_bio_st *b, *peer_b;
+        ssize_t num;
+        
+        BIO_clear_retry_flags(bio);
+
+        if (!bio->init)
+                return 0;
+        
+        b = bio->ptr;
+        assert(b != NULL);
+        assert(b->peer != NULL);
+        peer_b = b->peer->ptr;
+        assert(peer_b != NULL);
+        assert(peer_b->buf != NULL);
+        
+        peer_b->request = 0;
+        
+        if (peer_b->len == 0)
+                {
+                char dummy;
+                
+                /* avoid code duplication -- nothing available for reading */
+                return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+                }
+
+        num = peer_b->len;
+        if (peer_b->size < peer_b->offset + num)
+                /* no ring buffer wrap-around for non-copying interface */
+                num = peer_b->size - peer_b->offset;
+        assert(num > 0);
+
+        if (buf != NULL)
+                *buf = peer_b->buf + peer_b->offset;
+        return num;
+        }
+
+static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+        {
+        struct bio_bio_st *b, *peer_b;
+        ssize_t num, available;
+
+        if (num_ > SSIZE_MAX)
+                num = SSIZE_MAX;
+        else
+                num = (ssize_t)num_;
+
+        available = bio_nread0(bio, buf);
+        if (num > available)
+                num = available;
+        if (num <= 0)
+                return num;
+
+        b = bio->ptr;
+        peer_b = b->peer->ptr;
+
+        peer_b->len -= num;
+        if (peer_b->len) 
+                {
+                peer_b->offset += num;
+                assert(peer_b->offset <= peer_b->size);
+                if (peer_b->offset == peer_b->size)
+                        peer_b->offset = 0;
+                }
+        else
+                peer_b->offset = 0;
+
+        return num;
+        }
+
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+        {
+        size_t num = num_;
+        size_t rest;
+        struct bio_bio_st *b;
+
+        BIO_clear_retry_flags(bio);
+
+        if (!bio->init || buf == NULL || num == 0)
+                return 0;
+
+        b = bio->ptr;           
+        assert(b != NULL);
+        assert(b->peer != NULL);
+        assert(b->buf != NULL);
+
+        b->request = 0;
+        if (b->closed)
+                {
+                /* we already closed */
+                BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+                return -1;
+                }
+
+        assert(b->len <= b->size);
+
+        if (b->len == b->size)
+                {
+                BIO_set_retry_write(bio); /* buffer is full */
+                return -1;
+                }
+
+        /* we can write */
+        if (num > b->size - b->len)
+                num = b->size - b->len;
+        
+        /* now write "num" bytes */
+
+        rest = num;
+        
+        assert(rest > 0);
+        do /* one or two iterations */
+                {
+                size_t write_offset;
+                size_t chunk;
+
+                assert(b->len + rest <= b->size);
+
+                write_offset = b->offset + b->len;
+                if (write_offset >= b->size)
+                        write_offset -= b->size;
+                /* b->buf[write_offset] is the first byte we can write to. */
+
+                if (write_offset + rest <= b->size)
+                        chunk = rest;
+                else
+                        /* wrap around ring buffer */
+                        chunk = b->size - write_offset;
+                
+                memcpy(b->buf + write_offset, buf, chunk);
+                
+                b->len += chunk;
+
+                assert(b->len <= b->size);
+                
+                rest -= chunk;
+                buf += chunk;
+                }
+        while (rest);
+
+        return num;
+        }
+
+/* non-copying interface: provide pointer to region to write to
+ *   bio_nwrite0:  check how much space is available
+ *   bio_nwrite:   also increase length
+ * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
+ *  or just         bio_nwrite(), write to buffer)
+ */
+static ssize_t bio_nwrite0(BIO *bio, char **buf)
+        {
+        struct bio_bio_st *b;
+        size_t num;
+        size_t write_offset;
+
+        BIO_clear_retry_flags(bio);
+
+        if (!bio->init)
+                return 0;
+
+        b = bio->ptr;           
+        assert(b != NULL);
+        assert(b->peer != NULL);
+        assert(b->buf != NULL);
+
+        b->request = 0;
+        if (b->closed)
+                {
+                BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+                return -1;
+                }
+
+        assert(b->len <= b->size);
+
+        if (b->len == b->size)
+                {
+                BIO_set_retry_write(bio);
+                return -1;
+                }
+
+        num = b->size - b->len;
+        write_offset = b->offset + b->len;
+        if (write_offset >= b->size)
+                write_offset -= b->size;
+        if (write_offset + num > b->size)
+                /* no ring buffer wrap-around for non-copying interface
+                 * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
+                 * BIO_nwrite may have to be called twice) */
+                num = b->size - write_offset;
+
+        if (buf != NULL)
+                *buf = b->buf + write_offset;
+        assert(write_offset + num <= b->size);
+
+        return num;
+        }
+
+static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+        {
+        struct bio_bio_st *b;
+        ssize_t num, space;
+
+        if (num_ > SSIZE_MAX)
+                num = SSIZE_MAX;
+        else
+                num = (ssize_t)num_;
+
+        space = bio_nwrite0(bio, buf);
+        if (num > space)
+                num = space;
+        if (num <= 0)
+                return num;
+        b = bio->ptr;
+        assert(b != NULL);
+        b->len += num;
+        assert(b->len <= b->size);
+
+        return num;
+        }
+
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+        {
+        long ret;
+        struct bio_bio_st *b = bio->ptr;
+        
+        assert(b != NULL);
+
+        switch (cmd)
+                {
+        /* specific CTRL codes */
+
+        case BIO_C_SET_WRITE_BUF_SIZE:
+                if (b->peer)
+                        {
+                        BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+                        ret = 0;
+                        }
+                else if (num == 0)
+                        {
+                        BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+                        ret = 0;
+                        }
+                else
+                        {
+                        size_t new_size = num;
+
+                        if (b->size != new_size)
+                                {
+                                if (b->buf) 
+                                        {
+                                        OPENSSL_free(b->buf);
+                                        b->buf = NULL;
+                                        }
+                                b->size = new_size;
+                                }
+                        ret = 1;
+                        }
+                break;
+
+        case BIO_C_GET_WRITE_BUF_SIZE:
+                ret = (long) b->size;
+                break;
+
+        case BIO_C_MAKE_BIO_PAIR:
+                {
+                BIO *other_bio = ptr;
+                
+                if (bio_make_pair(bio, other_bio))
+                        ret = 1;
+                else
+                        ret = 0;
+                }
+                break;
+                
+        case BIO_C_DESTROY_BIO_PAIR:
+                /* Affects both BIOs in the pair -- call just once!
+                 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
+                bio_destroy_pair(bio);
+                ret = 1;
+                break;
+
+        case BIO_C_GET_WRITE_GUARANTEE:
+                /* How many bytes can the caller feed to the next write
+                 * without having to keep any? */
+                if (b->peer == NULL || b->closed)
+                        ret = 0;
+                else
+                        ret = (long) b->size - b->len;
+                break;
+
+        case BIO_C_GET_READ_REQUEST:
+                /* If the peer unsuccessfully tried to read, how many bytes
+                 * were requested?  (As with BIO_CTRL_PENDING, that number
+                 * can usually be treated as boolean.) */
+                ret = (long) b->request;
+                break;
+
+        case BIO_C_RESET_READ_REQUEST:
+                /* Reset request.  (Can be useful after read attempts
+                 * at the other side that are meant to be non-blocking,
+                 * e.g. when probing SSL_read to see if any data is
+                 * available.) */
+                b->request = 0;
+                ret = 1;
+                break;
+
+        case BIO_C_SHUTDOWN_WR:
+                /* similar to shutdown(..., SHUT_WR) */
+                b->closed = 1;
+                ret = 1;
+                break;
+
+        case BIO_C_NREAD0:
+                /* prepare for non-copying read */
+                ret = (long) bio_nread0(bio, ptr);
+                break;
+                
+        case BIO_C_NREAD:
+                /* non-copying read */
+                ret = (long) bio_nread(bio, ptr, (size_t) num);
+                break;
+                
+        case BIO_C_NWRITE0:
+                /* prepare for non-copying write */
+                ret = (long) bio_nwrite0(bio, ptr);
+                break;
+
+        case BIO_C_NWRITE:
+                /* non-copying write */
+                ret = (long) bio_nwrite(bio, ptr, (size_t) num);
+                break;
+                
+
+        /* standard CTRL codes follow */
+
+        case BIO_CTRL_RESET:
+                if (b->buf != NULL)
+                        {
+                        b->len = 0;
+                        b->offset = 0;
+                        }
+                ret = 0;
+                break;          
+
+        case BIO_CTRL_GET_CLOSE:
+                ret = bio->shutdown;
+                break;
+
+        case BIO_CTRL_SET_CLOSE:
+                bio->shutdown = (int) num;
+                ret = 1;
+                break;
+
+        case BIO_CTRL_PENDING:
+                if (b->peer != NULL)
+                        {
+                        struct bio_bio_st *peer_b = b->peer->ptr;
+                        
+                        ret = (long) peer_b->len;
+                        }
+                else
+                        ret = 0;
+                break;
+
+        case BIO_CTRL_WPENDING:
+                if (b->buf != NULL)
+                        ret = (long) b->len;
+                else
+                        ret = 0;
+                break;
+
+        case BIO_CTRL_DUP:
+                /* See BIO_dup_chain for circumstances we have to expect. */
+                {
+                BIO *other_bio = ptr;
+                struct bio_bio_st *other_b;
+                
+                assert(other_bio != NULL);
+                other_b = other_bio->ptr;
+                assert(other_b != NULL);
+                
+                assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+                other_b->size = b->size;
+                }
+
+                ret = 1;
+                break;
+
+        case BIO_CTRL_FLUSH:
+                ret = 1;
+                break;
+
+        case BIO_CTRL_EOF:
+                {
+                BIO *other_bio = ptr;
+                
+                if (other_bio)
+                        {
+                        struct bio_bio_st *other_b = other_bio->ptr;
+                        
+                        assert(other_b != NULL);
+                        ret = other_b->len == 0 && other_b->closed;
+                        }
+                else
+                        ret = 1;
+                }
+                break;
+
+        default:
+                ret = 0;
+                }
+        return ret;
+        }
+
+static int bio_puts(BIO *bio, const char *str)
+        {
+        return bio_write(bio, str, strlen(str));
+        }
+
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+        {
+        struct bio_bio_st *b1, *b2;
+
+        assert(bio1 != NULL);
+        assert(bio2 != NULL);
+
+        b1 = bio1->ptr;
+        b2 = bio2->ptr;
+        
+        if (b1->peer != NULL || b2->peer != NULL)
+                {
+                BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+                return 0;
+                }
+        
+        if (b1->buf == NULL)
+                {
+                b1->buf = OPENSSL_malloc(b1->size);
+                if (b1->buf == NULL)
+                        {
+                        BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                b1->len = 0;
+                b1->offset = 0;
+                }
+        
+        if (b2->buf == NULL)
+                {
+                b2->buf = OPENSSL_malloc(b2->size);
+                if (b2->buf == NULL)
+                        {
+                        BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                b2->len = 0;
+                b2->offset = 0;
+                }
+        
+        b1->peer = bio2;
+        b1->closed = 0;
+        b1->request = 0;
+        b2->peer = bio1;
+        b2->closed = 0;
+        b2->request = 0;
+
+        bio1->init = 1;
+        bio2->init = 1;
+
+        return 1;
+        }
+
+static void bio_destroy_pair(BIO *bio)
+        {
+        struct bio_bio_st *b = bio->ptr;
+
+        if (b != NULL)
+                {
+                BIO *peer_bio = b->peer;
+
+                if (peer_bio != NULL)
+                        {
+                        struct bio_bio_st *peer_b = peer_bio->ptr;
+
+                        assert(peer_b != NULL);
+                        assert(peer_b->peer == bio);
+
+                        peer_b->peer = NULL;
+                        peer_bio->init = 0;
+                        assert(peer_b->buf != NULL);
+                        peer_b->len = 0;
+                        peer_b->offset = 0;
+                        
+                        b->peer = NULL;
+                        bio->init = 0;
+                        assert(b->buf != NULL);
+                        b->len = 0;
+                        b->offset = 0;
+                        }
+                }
+        }
+ 
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+        BIO **bio2_p, size_t writebuf2)
+         {
+         BIO *bio1 = NULL, *bio2 = NULL;
+         long r;
+         int ret = 0;
+
+         bio1 = BIO_new(BIO_s_bio());
+         if (bio1 == NULL)
+                 goto err;
+         bio2 = BIO_new(BIO_s_bio());
+         if (bio2 == NULL)
+                 goto err;
+
+         if (writebuf1)
+                 {
+                 r = BIO_set_write_buf_size(bio1, writebuf1);
+                 if (!r)
+                         goto err;
+                 }
+         if (writebuf2)
+                 {
+                 r = BIO_set_write_buf_size(bio2, writebuf2);
+                 if (!r)
+                         goto err;
+                 }
+
+         r = BIO_make_bio_pair(bio1, bio2);
+         if (!r)
+                 goto err;
+         ret = 1;
+
+ err:
+         if (ret == 0)
+                 {
+                 if (bio1)
+                         {
+                         BIO_free(bio1);
+                         bio1 = NULL;
+                         }
+                 if (bio2)
+                         {
+                         BIO_free(bio2);
+                         bio2 = NULL;
+                         }
+                 }
+
+         *bio1_p = bio1;
+         *bio2_p = bio2;
+         return ret;
+         }
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+        {
+        return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+        }
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+        {
+        return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+        }
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+        {
+        return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+        }
+
+
+/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+        {
+        long ret;
+
+        if (!bio->init)
+                {
+                BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+                return -2;
+                }
+
+        ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+        if (ret > INT_MAX)
+                return INT_MAX;
+        else
+                return (int) ret;
+        }
+
+int BIO_nread(BIO *bio, char **buf, int num)
+        {
+        int ret;
+
+        if (!bio->init)
+                {
+                BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+                return -2;
+                }
+
+        ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+        if (ret > 0)
+                bio->num_read += ret;
+        return ret;
+        }
+
+int BIO_nwrite0(BIO *bio, char **buf)
+        {
+        long ret;
+
+        if (!bio->init)
+                {
+                BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+                return -2;
+                }
+
+        ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+        if (ret > INT_MAX)
+                return INT_MAX;
+        else
+                return (int) ret;
+        }
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+        {
+        int ret;
+
+        if (!bio->init)
+                {
+                BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+                return -2;
+                }
+
+        ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+        if (ret > 0)
+                bio->num_read += ret;
+        return ret;
+        }
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
new file mode 100644
index 0000000000..f5d0e759e2
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_conn.c
@@ -0,0 +1,652 @@
+/* crypto/bio/bss_conn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_SOCK
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+#else
+#define SOCKET_PROTOCOL IPPROTO_TCP
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+
+typedef struct bio_connect_st
+        {
+        int state;
+
+        char *param_hostname;
+        char *param_port;
+        int nbio;
+
+        unsigned char ip[4];
+        unsigned short port;
+
+        struct sockaddr_in them;
+
+        /* int socket; this will be kept in bio->num so that it is
+         * compatible with the bss_sock bio */ 
+
+        /* called when the connection is initially made
+         *  callback(BIO,state,ret);  The callback should return
+         * 'ret'.  state is for compatibility with the ssl info_callback */
+        int (*info_callback)(const BIO *bio,int state,int ret);
+        } BIO_CONNECT;
+
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void );
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+static BIO_METHOD methods_connectp=
+        {
+        BIO_TYPE_CONNECT,
+        "socket connect",
+        conn_write,
+        conn_read,
+        conn_puts,
+        NULL, /* connect_gets, */
+        conn_ctrl,
+        conn_new,
+        conn_free,
+        conn_callback_ctrl,
+        };
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+        {
+        int ret= -1,i;
+        unsigned long l;
+        char *p,*q;
+        int (*cb)()=NULL;
+
+        if (c->info_callback != NULL)
+                cb=c->info_callback;
+
+        for (;;)
+                {
+                switch (c->state)
+                        {
+                case BIO_CONN_S_BEFORE:
+                        p=c->param_hostname;
+                        if (p == NULL)
+                                {
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
+                                goto exit_loop;
+                                }
+                        for ( ; *p != '\0'; p++)
+                                {
+                                if ((*p == ':') || (*p == '/')) break;
+                                }
+
+                        i= *p;
+                        if ((i == ':') || (i == '/'))
+                                {
+
+                                *(p++)='\0';
+                                if (i == ':')
+                                        {
+                                        for (q=p; *q; q++)
+                                                if (*q == '/')
+                                                        {
+                                                        *q='\0';
+                                                        break;
+                                                        }
+                                        if (c->param_port != NULL)
+                                                OPENSSL_free(c->param_port);
+                                        c->param_port=BUF_strdup(p);
+                                        }
+                                }
+
+                        if (c->param_port == NULL)
+                                {
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
+                                ERR_add_error_data(2,"host=",c->param_hostname);
+                                goto exit_loop;
+                                }
+                        c->state=BIO_CONN_S_GET_IP;
+                        break;
+
+                case BIO_CONN_S_GET_IP:
+                        if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
+                                goto exit_loop;
+                        c->state=BIO_CONN_S_GET_PORT;
+                        break;
+
+                case BIO_CONN_S_GET_PORT:
+                        if (c->param_port == NULL)
+                                {
+                                /* abort(); */
+                                goto exit_loop;
+                                }
+                        else if (BIO_get_port(c->param_port,&c->port) <= 0)
+                                goto exit_loop;
+                        c->state=BIO_CONN_S_CREATE_SOCKET;
+                        break;
+
+                case BIO_CONN_S_CREATE_SOCKET:
+                        /* now setup address */
+                        memset((char *)&c->them,0,sizeof(c->them));
+                        c->them.sin_family=AF_INET;
+                        c->them.sin_port=htons((unsigned short)c->port);
+                        l=(unsigned long)
+                                ((unsigned long)c->ip[0]<<24L)|
+                                ((unsigned long)c->ip[1]<<16L)|
+                                ((unsigned long)c->ip[2]<< 8L)|
+                                ((unsigned long)c->ip[3]);
+                        c->them.sin_addr.s_addr=htonl(l);
+                        c->state=BIO_CONN_S_CREATE_SOCKET;
+
+                        ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+                        if (ret == INVALID_SOCKET)
+                                {
+                                SYSerr(SYS_F_SOCKET,get_last_socket_error());
+                                ERR_add_error_data(4,"host=",c->param_hostname,
+                                        ":",c->param_port);
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
+                                goto exit_loop;
+                                }
+                        b->num=ret;
+                        c->state=BIO_CONN_S_NBIO;
+                        break;
+
+                case BIO_CONN_S_NBIO:
+                        if (c->nbio)
+                                {
+                                if (!BIO_socket_nbio(b->num,1))
+                                        {
+                                        BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
+                                        ERR_add_error_data(4,"host=",
+                                                c->param_hostname,
+                                                ":",c->param_port);
+                                        goto exit_loop;
+                                        }
+                                }
+                        c->state=BIO_CONN_S_CONNECT;
+
+#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
+                        i=1;
+                        i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+                        if (i < 0)
+                                {
+                                SYSerr(SYS_F_SOCKET,get_last_socket_error());
+                                ERR_add_error_data(4,"host=",c->param_hostname,
+                                        ":",c->param_port);
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
+                                goto exit_loop;
+                                }
+#endif
+                        break;
+
+                case BIO_CONN_S_CONNECT:
+                        BIO_clear_retry_flags(b);
+                        ret=connect(b->num,
+                                (struct sockaddr *)&c->them,
+                                sizeof(c->them));
+                        b->retry_reason=0;
+                        if (ret < 0)
+                                {
+                                if (BIO_sock_should_retry(ret))
+                                        {
+                                        BIO_set_retry_special(b);
+                                        c->state=BIO_CONN_S_BLOCKED_CONNECT;
+                                        b->retry_reason=BIO_RR_CONNECT;
+                                        }
+                                else
+                                        {
+                                        SYSerr(SYS_F_CONNECT,get_last_socket_error());
+                                        ERR_add_error_data(4,"host=",
+                                                c->param_hostname,
+                                                ":",c->param_port);
+                                        BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
+                                        }
+                                goto exit_loop;
+                                }
+                        else
+                                c->state=BIO_CONN_S_OK;
+                        break;
+
+                case BIO_CONN_S_BLOCKED_CONNECT:
+                        i=BIO_sock_error(b->num);
+                        if (i)
+                                {
+                                BIO_clear_retry_flags(b);
+                                SYSerr(SYS_F_CONNECT,i);
+                                ERR_add_error_data(4,"host=",
+                                        c->param_hostname,
+                                        ":",c->param_port);
+                                BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
+                                ret=0;
+                                goto exit_loop;
+                                }
+                        else
+                                c->state=BIO_CONN_S_OK;
+                        break;
+
+                case BIO_CONN_S_OK:
+                        ret=1;
+                        goto exit_loop;
+                default:
+                        /* abort(); */
+                        goto exit_loop;
+                        }
+
+                if (cb != NULL)
+                        {
+                        if (!(ret=cb((BIO *)b,c->state,ret)))
+                                goto end;
+                        }
+                }
+
+        /* Loop does not exit */
+exit_loop:
+        if (cb != NULL)
+                ret=cb((BIO *)b,c->state,ret);
+end:
+        return(ret);
+        }
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+        {
+        BIO_CONNECT *ret;
+
+        if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
+                return(NULL);
+        ret->state=BIO_CONN_S_BEFORE;
+        ret->param_hostname=NULL;
+        ret->param_port=NULL;
+        ret->info_callback=NULL;
+        ret->nbio=0;
+        ret->ip[0]=0;
+        ret->ip[1]=0;
+        ret->ip[2]=0;
+        ret->ip[3]=0;
+        ret->port=0;
+        memset((char *)&ret->them,0,sizeof(ret->them));
+        return(ret);
+        }
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+        {
+        if(a == NULL)
+            return;
+
+        if (a->param_hostname != NULL)
+                OPENSSL_free(a->param_hostname);
+        if (a->param_port != NULL)
+                OPENSSL_free(a->param_port);
+        OPENSSL_free(a);
+        }
+
+BIO_METHOD *BIO_s_connect(void)
+        {
+        return(&methods_connectp);
+        }
+
+static int conn_new(BIO *bi)
+        {
+        bi->init=0;
+        bi->num=INVALID_SOCKET;
+        bi->flags=0;
+        if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
+                return(0);
+        else
+                return(1);
+        }
+
+static void conn_close_socket(BIO *bio)
+        {
+        BIO_CONNECT *c;
+
+        c=(BIO_CONNECT *)bio->ptr;
+        if (bio->num != INVALID_SOCKET)
+                {
+                /* Only do a shutdown if things were established */
+                if (c->state == BIO_CONN_S_OK)
+                        shutdown(bio->num,2);
+                closesocket(bio->num);
+                bio->num=INVALID_SOCKET;
+                }
+        }
+
+static int conn_free(BIO *a)
+        {
+        BIO_CONNECT *data;
+
+        if (a == NULL) return(0);
+        data=(BIO_CONNECT *)a->ptr;
+         
+        if (a->shutdown)
+                {
+                conn_close_socket(a);
+                BIO_CONNECT_free(data);
+                a->ptr=NULL;
+                a->flags=0;
+                a->init=0;
+                }
+        return(1);
+        }
+        
+static int conn_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+        BIO_CONNECT *data;
+
+        data=(BIO_CONNECT *)b->ptr;
+        if (data->state != BIO_CONN_S_OK)
+                {
+                ret=conn_state(b,data);
+                if (ret <= 0)
+                                return(ret);
+                }
+
+        if (out != NULL)
+                {
+                clear_socket_error();
+                ret=readsocket(b->num,out,outl);
+                BIO_clear_retry_flags(b);
+                if (ret <= 0)
+                        {
+                        if (BIO_sock_should_retry(ret))
+                                BIO_set_retry_read(b);
+                        }
+                }
+        return(ret);
+        }
+
+static int conn_write(BIO *b, const char *in, int inl)
+        {
+        int ret;
+        BIO_CONNECT *data;
+
+        data=(BIO_CONNECT *)b->ptr;
+        if (data->state != BIO_CONN_S_OK)
+                {
+                ret=conn_state(b,data);
+                if (ret <= 0) return(ret);
+                }
+
+        clear_socket_error();
+        ret=writesocket(b->num,in,inl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0)
+                {
+                if (BIO_sock_should_retry(ret))
+                        BIO_set_retry_write(b);
+                }
+        return(ret);
+        }
+
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO *dbio;
+        int *ip;
+        const char **pptr;
+        long ret=1;
+        BIO_CONNECT *data;
+
+        data=(BIO_CONNECT *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ret=0;
+                data->state=BIO_CONN_S_BEFORE;
+                conn_close_socket(b);
+                b->flags=0;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                /* use this one to start the connection */
+                if (!data->state != BIO_CONN_S_OK)
+                        ret=(long)conn_state(b,data);
+                else
+                        ret=1;
+                break;
+        case BIO_C_GET_CONNECT:
+                if (ptr != NULL)
+                        {
+                        pptr=(const char **)ptr;
+                        if (num == 0)
+                                {
+                                *pptr=data->param_hostname;
+
+                                }
+                        else if (num == 1)
+                                {
+                                *pptr=data->param_port;
+                                }
+                        else if (num == 2)
+                                {
+                                *pptr= (char *)&(data->ip[0]);
+                                }
+                        else if (num == 3)
+                                {
+                                *((int *)ptr)=data->port;
+                                }
+                        if ((!b->init) || (ptr == NULL))
+                                *pptr="not initialized";
+                        ret=1;
+                        }
+                break;
+        case BIO_C_SET_CONNECT:
+                if (ptr != NULL)
+                        {
+                        b->init=1;
+                        if (num == 0)
+                                {
+                                if (data->param_hostname != NULL)
+                                        OPENSSL_free(data->param_hostname);
+                                data->param_hostname=BUF_strdup(ptr);
+                                }
+                        else if (num == 1)
+                                {
+                                if (data->param_port != NULL)
+                                        OPENSSL_free(data->param_port);
+                                data->param_port=BUF_strdup(ptr);
+                                }
+                        else if (num == 2)
+                                {
+                                char buf[16];
+                                unsigned char *p = ptr;
+
+                                BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
+                                             p[0],p[1],p[2],p[3]);
+                                if (data->param_hostname != NULL)
+                                        OPENSSL_free(data->param_hostname);
+                                data->param_hostname=BUF_strdup(buf);
+                                memcpy(&(data->ip[0]),ptr,4);
+                                }
+                        else if (num == 3)
+                                {
+                                char buf[DECIMAL_SIZE(int)+1];
+
+                                BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
+                                if (data->param_port != NULL)
+                                        OPENSSL_free(data->param_port);
+                                data->param_port=BUF_strdup(buf);
+                                data->port= *(int *)ptr;
+                                }
+                        }
+                break;
+        case BIO_C_SET_NBIO:
+                data->nbio=(int)num;
+                break;
+        case BIO_C_GET_FD:
+                if (b->init)
+                        {
+                        ip=(int *)ptr;
+                        if (ip != NULL)
+                                *ip=b->num;
+                        ret=b->num;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+                ret=0;
+                break;
+        case BIO_CTRL_FLUSH:
+                break;
+        case BIO_CTRL_DUP:
+                {
+                dbio=(BIO *)ptr;
+                if (data->param_port)
+                        BIO_set_conn_port(dbio,data->param_port);
+                if (data->param_hostname)
+                        BIO_set_conn_hostname(dbio,data->param_hostname);
+                BIO_set_nbio(dbio,data->nbio);
+                /* FIXME: the cast of the function seems unlikely to be a good idea */
+                (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);
+                }
+                break;
+        case BIO_CTRL_SET_CALLBACK:
+                {
+#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
+                BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ret = -1;
+#else
+                ret=0;
+#endif
+                }
+                break;
+        case BIO_CTRL_GET_CALLBACK:
+                {
+                int (**fptr)();
+
+                fptr=(int (**)())ptr;
+                *fptr=data->info_callback;
+                }
+                break;
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+        BIO_CONNECT *data;
+
+        data=(BIO_CONNECT *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_SET_CALLBACK:
+                {
+                data->info_callback=(int (*)(const struct bio_st *, int, int))fp;
+                }
+                break;
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int conn_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=conn_write(bp,str,n);
+        return(ret);
+        }
+
+BIO *BIO_new_connect(char *str)
+        {
+        BIO *ret;
+
+        ret=BIO_new(BIO_s_connect());
+        if (ret == NULL) return(NULL);
+        if (BIO_set_conn_hostname(ret,str))
+                return(ret);
+        else
+                {
+                BIO_free(ret);
+                return(NULL);
+                }
+        }
+
+#endif
+
diff --git a/src/lib/libcrypto/bio/bss_fd.c b/src/lib/libcrypto/bio/bss_fd.c
new file mode 100644
index 0000000000..5e3e187de6
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_fd.c
@@ -0,0 +1,282 @@
+/* crypto/bio/bss_fd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static BIO_METHOD methods_fdp=
+        {
+        BIO_TYPE_FD,"file descriptor",
+        fd_write,
+        fd_read,
+        fd_puts,
+        NULL, /* fd_gets, */
+        fd_ctrl,
+        fd_new,
+        fd_free,
+        NULL,
+        };
+
+BIO_METHOD *BIO_s_fd(void)
+        {
+        return(&methods_fdp);
+        }
+
+BIO *BIO_new_fd(int fd,int close_flag)
+        {
+        BIO *ret;
+        ret=BIO_new(BIO_s_fd());
+        if (ret == NULL) return(NULL);
+        BIO_set_fd(ret,fd,close_flag);
+        return(ret);
+        }
+
+static int fd_new(BIO *bi)
+        {
+        bi->init=0;
+        bi->num=0;
+        bi->ptr=NULL;
+        bi->flags=0;
+        return(1);
+        }
+
+static int fd_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        if (a->shutdown)
+                {
+                if (a->init)
+                        {
+                        close(a->num);
+                        }
+                a->init=0;
+                a->flags=0;
+                }
+        return(1);
+        }
+        
+static int fd_read(BIO *b, char *out,int outl)
+        {
+        int ret=0;
+
+        if (out != NULL)
+                {
+                clear_sys_error();
+                ret=read(b->num,out,outl);
+                BIO_clear_retry_flags(b);
+                if (ret <= 0)
+                        {
+                        if (BIO_fd_should_retry(ret))
+                                BIO_set_retry_read(b);
+                        }
+                }
+        return(ret);
+        }
+
+static int fd_write(BIO *b, const char *in, int inl)
+        {
+        int ret;
+        clear_sys_error();
+        ret=write(b->num,in,inl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0)
+                {
+                if (BIO_fd_should_retry(ret))
+                        BIO_set_retry_write(b);
+                }
+        return(ret);
+        }
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret=1;
+        int *ip;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                num=0;
+        case BIO_C_FILE_SEEK:
+                ret=(long)lseek(b->num,num,0);
+                break;
+        case BIO_C_FILE_TELL:
+        case BIO_CTRL_INFO:
+                ret=(long)lseek(b->num,0,1);
+                break;
+        case BIO_C_SET_FD:
+                fd_free(b);
+                b->num= *((int *)ptr);
+                b->shutdown=(int)num;
+                b->init=1;
+                break;
+        case BIO_C_GET_FD:
+                if (b->init)
+                        {
+                        ip=(int *)ptr;
+                        if (ip != NULL) *ip=b->num;
+                        ret=b->num;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+                ret=0;
+                break;
+        case BIO_CTRL_DUP:
+        case BIO_CTRL_FLUSH:
+                ret=1;
+                break;
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int fd_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=fd_write(bp,str,n);
+        return(ret);
+        }
+
+int BIO_fd_should_retry(int i)
+        {
+        int err;
+
+        if ((i == 0) || (i == -1))
+                {
+                err=get_last_sys_error();
+
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+                if ((i == -1) && (err == 0))
+                        return(1);
+#endif
+
+                return(BIO_fd_non_fatal_error(err));
+                }
+        return(0);
+        }
+
+int BIO_fd_non_fatal_error(int err)
+        {
+        switch (err)
+                {
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+#  if WSAEWOULDBLOCK != EWOULDBLOCK
+        case EWOULDBLOCK:
+#  endif
+# else
+        case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+        case ENOTCONN:
+#endif
+
+#ifdef EINTR
+        case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+        case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+        case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+        case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+        case EALREADY:
+#endif
+                return(1);
+                /* break; */
+        default:
+                break;
+                }
+        return(0);
+        }
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
new file mode 100644
index 0000000000..8034ac93f9
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -0,0 +1,343 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * 03-Dec-1997  rdenny@dc3.com  Fix bug preventing use of stdin/stdout
+ *              with binary data (e.g. asn1parse -inform DER < xxx) under
+ *              Windows
+ */
+
+#ifndef HEADER_BSS_FILE_C
+#define HEADER_BSS_FILE_C
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#if !defined(OPENSSL_NO_STDIO)
+
+static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
+static int MS_CALLBACK file_puts(BIO *h, const char *str);
+static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
+static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+static BIO_METHOD methods_filep=
+        {
+        BIO_TYPE_FILE,
+        "FILE pointer",
+        file_write,
+        file_read,
+        file_puts,
+        file_gets,
+        file_ctrl,
+        file_new,
+        file_free,
+        NULL,
+        };
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+        {
+        BIO *ret;
+        FILE *file;
+
+        if ((file=fopen(filename,mode)) == NULL)
+                {
+                SYSerr(SYS_F_FOPEN,get_last_sys_error());
+                ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
+                if (errno == ENOENT)
+                        BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
+                else
+                        BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+                return(NULL);
+                }
+        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+                return(NULL);
+
+        BIO_set_fp(ret,file,BIO_CLOSE);
+        return(ret);
+        }
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+        {
+        BIO *ret;
+
+        if ((ret=BIO_new(BIO_s_file())) == NULL)
+                return(NULL);
+
+        BIO_set_fp(ret,stream,close_flag);
+        return(ret);
+        }
+
+BIO_METHOD *BIO_s_file(void)
+        {
+        return(&methods_filep);
+        }
+
+static int MS_CALLBACK file_new(BIO *bi)
+        {
+        bi->init=0;
+        bi->num=0;
+        bi->ptr=NULL;
+        return(1);
+        }
+
+static int MS_CALLBACK file_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        if (a->shutdown)
+                {
+                if ((a->init) && (a->ptr != NULL))
+                        {
+                        fclose((FILE *)a->ptr);
+                        a->ptr=NULL;
+                        }
+                a->init=0;
+                }
+        return(1);
+        }
+        
+static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+
+        if (b->init && (out != NULL))
+                {
+                ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+                if(ret == 0 && ferror((FILE *)b->ptr))
+                        {
+                        SYSerr(SYS_F_FREAD,get_last_sys_error());
+                        BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
+                        ret=-1;
+                        }
+                }
+        return(ret);
+        }
+
+static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
+        {
+        int ret=0;
+
+        if (b->init && (in != NULL))
+                {
+                if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
+                        ret=inl;
+                /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+                /* according to Tim Hudson <tjh@cryptsoft.com>, the commented
+                 * out version above can cause 'inl' write calls under
+                 * some stupid stdio implementations (VMS) */
+                }
+        return(ret);
+        }
+
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret=1;
+        FILE *fp=(FILE *)b->ptr;
+        FILE **fpp;
+        char p[4];
+
+        switch (cmd)
+                {
+        case BIO_C_FILE_SEEK:
+        case BIO_CTRL_RESET:
+                ret=(long)fseek(fp,num,0);
+                break;
+        case BIO_CTRL_EOF:
+                ret=(long)feof(fp);
+                break;
+        case BIO_C_FILE_TELL:
+        case BIO_CTRL_INFO:
+                ret=ftell(fp);
+                break;
+        case BIO_C_SET_FILE_PTR:
+                file_free(b);
+                b->shutdown=(int)num&BIO_CLOSE;
+                b->ptr=(char *)ptr;
+                b->init=1;
+                {
+#if defined(OPENSSL_SYS_WINDOWS)
+                int fd = fileno((FILE*)ptr);
+                if (num & BIO_FP_TEXT)
+                        _setmode(fd,_O_TEXT);
+                else
+                        _setmode(fd,_O_BINARY);
+#elif defined(OPENSSL_SYS_MSDOS)
+                int fd = fileno((FILE*)ptr);
+                /* Set correct text/binary mode */
+                if (num & BIO_FP_TEXT)
+                        _setmode(fd,_O_TEXT);
+                /* Dangerous to set stdin/stdout to raw (unless redirected) */
+                else
+                        {
+                        if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
+                                {
+                                if (isatty(fd) <= 0)
+                                        _setmode(fd,_O_BINARY);
+                                }
+                        else
+                                _setmode(fd,_O_BINARY);
+                        }
+#elif defined(OPENSSL_SYS_OS2)
+                int fd = fileno((FILE*)ptr);
+                if (num & BIO_FP_TEXT)
+                        setmode(fd, O_TEXT);
+                else
+                        setmode(fd, O_BINARY);
+#endif
+                }
+                break;
+        case BIO_C_SET_FILENAME:
+                file_free(b);
+                b->shutdown=(int)num&BIO_CLOSE;
+                if (num & BIO_FP_APPEND)
+                        {
+                        if (num & BIO_FP_READ)
+                                BUF_strlcpy(p,"a+",sizeof p);
+                        else    BUF_strlcpy(p,"a",sizeof p);
+                        }
+                else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+                        BUF_strlcpy(p,"r+",sizeof p);
+                else if (num & BIO_FP_WRITE)
+                        BUF_strlcpy(p,"w",sizeof p);
+                else if (num & BIO_FP_READ)
+                        BUF_strlcpy(p,"r",sizeof p);
+                else
+                        {
+                        BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
+                        ret=0;
+                        break;
+                        }
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+                if (!(num & BIO_FP_TEXT))
+                        strcat(p,"b");
+                else
+                        strcat(p,"t");
+#endif
+                fp=fopen(ptr,p);
+                if (fp == NULL)
+                        {
+                        SYSerr(SYS_F_FOPEN,get_last_sys_error());
+                        ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
+                        BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
+                        ret=0;
+                        break;
+                        }
+                b->ptr=(char *)fp;
+                b->init=1;
+                break;
+        case BIO_C_GET_FILE_PTR:
+                /* the ptr parameter is actually a FILE ** in this case. */
+                if (ptr != NULL)
+                        {
+                        fpp=(FILE **)ptr;
+                        *fpp=(FILE *)b->ptr;
+                        }
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=(long)b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_FLUSH:
+                fflush((FILE *)b->ptr);
+                break;
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+
+        case BIO_CTRL_WPENDING:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_PUSH:
+        case BIO_CTRL_POP:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
+        {
+        int ret=0;
+
+        buf[0]='\0';
+        fgets(buf,size,(FILE *)bp->ptr);
+        if (buf[0] != '\0')
+                ret=strlen(buf);
+        return(ret);
+        }
+
+static int MS_CALLBACK file_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=file_write(bp,str,n);
+        return(ret);
+        }
+
+#endif /* OPENSSL_NO_STDIO */
+
+#endif /* HEADER_BSS_FILE_C */
+
+
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
new file mode 100644
index 0000000000..1eb678cac0
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_log.c
@@ -0,0 +1,400 @@
+/* crypto/bio/bss_log.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+        Why BIO_s_log?
+
+        BIO_s_log is useful for system daemons (or services under NT).
+        It is one-way BIO, it sends all stuff to syslogd (on system that
+        commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
+
+*/
+
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
+#  include <process.h>
+#elif defined(OPENSSL_SYS_VMS)
+#  include <opcdef.h>
+#  include <descrip.h>
+#  include <lib$routines.h>
+#  include <starlet.h>
+#elif defined(__ultrix)
+#  include <sys/syslog.h>
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
+#  include <syslog.h>
+#endif
+
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+#ifndef NO_SYSLOG
+
+#if defined(OPENSSL_SYS_WIN32)
+#define LOG_EMERG       0
+#define LOG_ALERT       1
+#define LOG_CRIT        2
+#define LOG_ERR         3
+#define LOG_WARNING     4
+#define LOG_NOTICE      5
+#define LOG_INFO        6
+#define LOG_DEBUG       7
+
+#define LOG_DAEMON      (3<<3)
+#elif defined(OPENSSL_SYS_VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+#define LOG_EMERG       0
+#define LOG_ALERT       1
+#define LOG_CRIT        2
+#define LOG_ERR         3
+#define LOG_WARNING     4
+#define LOG_NOTICE      5
+#define LOG_INFO        6
+#define LOG_DEBUG       7
+
+#define LOG_DAEMON      OPC$M_NM_NTWORK
+#endif
+
+static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK slg_puts(BIO *h, const char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK slg_new(BIO *h);
+static int MS_CALLBACK slg_free(BIO *data);
+static void xopenlog(BIO* bp, char* name, int level);
+static void xsyslog(BIO* bp, int priority, const char* string);
+static void xcloselog(BIO* bp);
+#ifdef OPENSSL_SYS_WIN32
+LONG    (WINAPI *go_for_advapi)()       = RegOpenKeyEx;
+HANDLE  (WINAPI *register_event_source)()       = NULL;
+BOOL    (WINAPI *deregister_event_source)()     = NULL;
+BOOL    (WINAPI *report_event)()        = NULL;
+#define DL_PROC(m,f)    (GetProcAddress( m, f ))
+#ifdef UNICODE
+#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
+#else
+#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
+#endif
+#endif
+
+static BIO_METHOD methods_slg=
+        {
+        BIO_TYPE_MEM,"syslog",
+        slg_write,
+        NULL,
+        slg_puts,
+        NULL,
+        slg_ctrl,
+        slg_new,
+        slg_free,
+        NULL,
+        };
+
+BIO_METHOD *BIO_s_log(void)
+        {
+        return(&methods_slg);
+        }
+
+static int MS_CALLBACK slg_new(BIO *bi)
+        {
+        bi->init=1;
+        bi->num=0;
+        bi->ptr=NULL;
+        xopenlog(bi, "application", LOG_DAEMON);
+        return(1);
+        }
+
+static int MS_CALLBACK slg_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        xcloselog(a);
+        return(1);
+        }
+        
+static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
+        {
+        int ret= inl;
+        char* buf;
+        char* pp;
+        int priority, i;
+        static struct
+                {
+                int strl;
+                char str[10];
+                int log_level;
+                }
+        mapping[] =
+                {
+                { 6, "PANIC ", LOG_EMERG },
+                { 6, "EMERG ", LOG_EMERG },
+                { 4, "EMR ", LOG_EMERG },
+                { 6, "ALERT ", LOG_ALERT },
+                { 4, "ALR ", LOG_ALERT },
+                { 5, "CRIT ", LOG_CRIT },
+                { 4, "CRI ", LOG_CRIT },
+                { 6, "ERROR ", LOG_ERR },
+                { 4, "ERR ", LOG_ERR },
+                { 8, "WARNING ", LOG_WARNING },
+                { 5, "WARN ", LOG_WARNING },
+                { 4, "WAR ", LOG_WARNING },
+                { 7, "NOTICE ", LOG_NOTICE },
+                { 5, "NOTE ", LOG_NOTICE },
+                { 4, "NOT ", LOG_NOTICE },
+                { 5, "INFO ", LOG_INFO },
+                { 4, "INF ", LOG_INFO },
+                { 6, "DEBUG ", LOG_DEBUG },
+                { 4, "DBG ", LOG_DEBUG },
+                { 0, "", LOG_ERR } /* The default */
+                };
+
+        if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
+                return(0);
+        }
+        strncpy(buf, in, inl);
+        buf[inl]= '\0';
+
+        i = 0;
+        while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
+        priority = mapping[i].log_level;
+        pp = buf + mapping[i].strl;
+
+        xsyslog(b, priority, pp);
+
+        OPENSSL_free(buf);
+        return(ret);
+        }
+
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        switch (cmd)
+                {
+        case BIO_CTRL_SET:
+                xcloselog(b);
+                xopenlog(b, ptr, num);
+                break;
+        default:
+                break;
+                }
+        return(0);
+        }
+
+static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=slg_write(bp,str,n);
+        return(ret);
+        }
+
+#if defined(OPENSSL_SYS_WIN32)
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+        if ( !register_event_source )
+                {
+                HANDLE  advapi;
+                if ( !(advapi = GetModuleHandle("advapi32")) )
+                        return;
+                register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
+                        "RegisterEventSource" );
+                deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
+                        "DeregisterEventSource");
+                report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
+                        "ReportEvent" );
+                if ( !(register_event_source && deregister_event_source &&
+                                report_event) )
+                        {
+                        register_event_source = NULL;
+                        deregister_event_source = NULL;
+                        report_event = NULL;
+                        return;
+                        }
+                }
+        bp->ptr= (char *)register_event_source(NULL, name);
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+        LPCSTR lpszStrings[2];
+        WORD evtype= EVENTLOG_ERROR_TYPE;
+        int pid = _getpid();
+        char pidbuf[DECIMAL_SIZE(pid)+4];
+
+        switch (priority)
+                {
+        case LOG_EMERG:
+        case LOG_ALERT:
+        case LOG_CRIT:
+        case LOG_ERR:
+                evtype = EVENTLOG_ERROR_TYPE;
+                break;
+        case LOG_WARNING:
+                evtype = EVENTLOG_WARNING_TYPE;
+                break;
+        case LOG_NOTICE:
+        case LOG_INFO:
+        case LOG_DEBUG:
+                evtype = EVENTLOG_INFORMATION_TYPE;
+                break;
+        default:                /* Should never happen, but set it
+                                   as error anyway. */
+                evtype = EVENTLOG_ERROR_TYPE;
+                break;
+                }
+
+        sprintf(pidbuf, "[%d] ", pid);
+        lpszStrings[0] = pidbuf;
+        lpszStrings[1] = string;
+
+        if(report_event && bp->ptr)
+                report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
+                                lpszStrings, NULL);
+}
+        
+static void xcloselog(BIO* bp)
+{
+        if(deregister_event_source && bp->ptr)
+                deregister_event_source((HANDLE)(bp->ptr));
+        bp->ptr= NULL;
+}
+
+#elif defined(OPENSSL_SYS_VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+        VMS_OPC_target = level; 
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+        struct dsc$descriptor_s opc_dsc;
+        struct opcdef *opcdef_p;
+        char buf[10240];
+        unsigned int len;
+        struct dsc$descriptor_s buf_dsc;
+        $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+        char *priority_tag;
+
+        switch (priority)
+          {
+          case LOG_EMERG: priority_tag = "Emergency"; break;
+          case LOG_ALERT: priority_tag = "Alert"; break;
+          case LOG_CRIT: priority_tag = "Critical"; break;
+          case LOG_ERR: priority_tag = "Error"; break;
+          case LOG_WARNING: priority_tag = "Warning"; break;
+          case LOG_NOTICE: priority_tag = "Notice"; break;
+          case LOG_INFO: priority_tag = "Info"; break;
+          case LOG_DEBUG: priority_tag = "DEBUG"; break;
+          }
+
+        buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+        buf_dsc.dsc$a_pointer = buf;
+        buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+        lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+        /* we know there's an 8 byte header.  That's documented */
+        opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
+        opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+        memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+        opcdef_p->opc$l_ms_rqstid = 0;
+        memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+        opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+        opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+        opc_dsc.dsc$w_length = len + 8;
+
+        sys$sndopr(opc_dsc, 0);
+
+        OPENSSL_free(opcdef_p);
+}
+
+static void xcloselog(BIO* bp)
+{
+}
+
+#else /* Unix/Watt32 */
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+#ifdef WATT32   /* djgpp/DOS */
+        openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
+#else
+        openlog(name, LOG_PID|LOG_CONS, level);
+#endif
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+        syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO* bp)
+{
+        closelog();
+}
+
+#endif /* Unix */
+
+#endif /* NO_SYSLOG */
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c
new file mode 100644
index 0000000000..a4edb711ae
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_mem.c
@@ -0,0 +1,321 @@
+/* crypto/bio/bss_mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int mem_new(BIO *h);
+static int mem_free(BIO *data);
+static BIO_METHOD mem_method=
+        {
+        BIO_TYPE_MEM,
+        "memory buffer",
+        mem_write,
+        mem_read,
+        mem_puts,
+        mem_gets,
+        mem_ctrl,
+        mem_new,
+        mem_free,
+        NULL,
+        };
+
+/* bio->num is used to hold the value to return on 'empty', if it is
+ * 0, should_retry is not set */
+
+BIO_METHOD *BIO_s_mem(void)
+        {
+        return(&mem_method);
+        }
+
+BIO *BIO_new_mem_buf(void *buf, int len)
+{
+        BIO *ret;
+        BUF_MEM *b;
+        if (!buf) {
+                BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
+                return NULL;
+        }
+        if(len == -1) len = strlen(buf);
+        if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
+        b = (BUF_MEM *)ret->ptr;
+        b->data = buf;
+        b->length = len;
+        b->max = len;
+        ret->flags |= BIO_FLAGS_MEM_RDONLY;
+        /* Since this is static data retrying wont help */
+        ret->num = 0;
+        return ret;
+}
+
+static int mem_new(BIO *bi)
+        {
+        BUF_MEM *b;
+
+        if ((b=BUF_MEM_new()) == NULL)
+                return(0);
+        bi->shutdown=1;
+        bi->init=1;
+        bi->num= -1;
+        bi->ptr=(char *)b;
+        return(1);
+        }
+
+static int mem_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        if (a->shutdown)
+                {
+                if ((a->init) && (a->ptr != NULL))
+                        {
+                        BUF_MEM *b;
+                        b = (BUF_MEM *)a->ptr;
+                        if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;
+                        BUF_MEM_free(b);
+                        a->ptr=NULL;
+                        }
+                }
+        return(1);
+        }
+        
+static int mem_read(BIO *b, char *out, int outl)
+        {
+        int ret= -1;
+        BUF_MEM *bm;
+        int i;
+        char *from,*to;
+
+        bm=(BUF_MEM *)b->ptr;
+        BIO_clear_retry_flags(b);
+        ret=(outl > bm->length)?bm->length:outl;
+        if ((out != NULL) && (ret > 0)) {
+                memcpy(out,bm->data,ret);
+                bm->length-=ret;
+                /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
+                if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
+                else {
+                        from=(char *)&(bm->data[ret]);
+                        to=(char *)&(bm->data[0]);
+                        for (i=0; i<bm->length; i++)
+                                to[i]=from[i];
+                }
+        } else if (bm->length == 0)
+                {
+                ret = b->num;
+                if (ret != 0)
+                        BIO_set_retry_read(b);
+                }
+        return(ret);
+        }
+
+static int mem_write(BIO *b, const char *in, int inl)
+        {
+        int ret= -1;
+        int blen;
+        BUF_MEM *bm;
+
+        bm=(BUF_MEM *)b->ptr;
+        if (in == NULL)
+                {
+                BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
+                goto end;
+                }
+
+        if(b->flags & BIO_FLAGS_MEM_RDONLY) {
+                BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);
+                goto end;
+        }
+
+        BIO_clear_retry_flags(b);
+        blen=bm->length;
+        if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
+                goto end;
+        memcpy(&(bm->data[blen]),in,inl);
+        ret=inl;
+end:
+        return(ret);
+        }
+
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret=1;
+        char **pptr;
+
+        BUF_MEM *bm=(BUF_MEM *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                if (bm->data != NULL)
+                        {
+                        /* For read only case reset to the start again */
+                        if(b->flags & BIO_FLAGS_MEM_RDONLY) 
+                                {
+                                bm->data -= bm->max - bm->length;
+                                bm->length = bm->max;
+                                }
+                        else
+                                {
+                                memset(bm->data,0,bm->max);
+                                bm->length=0;
+                                }
+                        }
+                break;
+        case BIO_CTRL_EOF:
+                ret=(long)(bm->length == 0);
+                break;
+        case BIO_C_SET_BUF_MEM_EOF_RETURN:
+                b->num=(int)num;
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)bm->length;
+                if (ptr != NULL)
+                        {
+                        pptr=(char **)ptr;
+                        *pptr=(char *)&(bm->data[0]);
+                        }
+                break;
+        case BIO_C_SET_BUF_MEM:
+                mem_free(b);
+                b->shutdown=(int)num;
+                b->ptr=ptr;
+                break;
+        case BIO_C_GET_BUF_MEM_PTR:
+                if (ptr != NULL)
+                        {
+                        pptr=(char **)ptr;
+                        *pptr=(char *)bm;
+                        }
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=(long)b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+
+        case BIO_CTRL_WPENDING:
+                ret=0L;
+                break;
+        case BIO_CTRL_PENDING:
+                ret=(long)bm->length;
+                break;
+        case BIO_CTRL_DUP:
+        case BIO_CTRL_FLUSH:
+                ret=1;
+                break;
+        case BIO_CTRL_PUSH:
+        case BIO_CTRL_POP:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int mem_gets(BIO *bp, char *buf, int size)
+        {
+        int i,j;
+        int ret= -1;
+        char *p;
+        BUF_MEM *bm=(BUF_MEM *)bp->ptr;
+
+        BIO_clear_retry_flags(bp);
+        j=bm->length;
+        if (j <= 0)
+                {
+                *buf='\0';
+                return 0;
+                }
+        p=bm->data;
+        for (i=0; i<j; i++)
+                {
+                if (p[i] == '\n') break;
+                }
+        if (i == j)
+                {
+                BIO_set_retry_read(bp);
+                /* return(-1);  change the semantics 0.6.6a */ 
+                }
+        else
+                i++;
+        /* i is the max to copy */
+        if ((size-1) < i) i=size-1;
+        i=mem_read(bp,buf,i);
+        if (i > 0) buf[i]='\0';
+        ret=i;
+        return(ret);
+        }
+
+static int mem_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=mem_write(bp,str,n);
+        /* memory semantics is that it will always work */
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/bio/bss_null.c b/src/lib/libcrypto/bio/bss_null.c
new file mode 100644
index 0000000000..46b73339df
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_null.c
@@ -0,0 +1,150 @@
+/* crypto/bio/bss_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int null_new(BIO *h);
+static int null_free(BIO *data);
+static BIO_METHOD null_method=
+        {
+        BIO_TYPE_NULL,
+        "NULL",
+        null_write,
+        null_read,
+        null_puts,
+        null_gets,
+        null_ctrl,
+        null_new,
+        null_free,
+        NULL,
+        };
+
+BIO_METHOD *BIO_s_null(void)
+        {
+        return(&null_method);
+        }
+
+static int null_new(BIO *bi)
+        {
+        bi->init=1;
+        bi->num=0;
+        bi->ptr=(NULL);
+        return(1);
+        }
+
+static int null_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        return(1);
+        }
+        
+static int null_read(BIO *b, char *out, int outl)
+        {
+        return(0);
+        }
+
+static int null_write(BIO *b, const char *in, int inl)
+        {
+        return(inl);
+        }
+
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret=1;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+        case BIO_CTRL_EOF:
+        case BIO_CTRL_SET:
+        case BIO_CTRL_SET_CLOSE:
+        case BIO_CTRL_FLUSH:
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int null_gets(BIO *bp, char *buf, int size)
+        {
+        return(0);
+        }
+
+static int null_puts(BIO *bp, const char *str)
+        {
+        if (str == NULL) return(0);
+        return(strlen(str));
+        }
+
diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c
new file mode 100644
index 0000000000..2c1c405ec7
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_sock.c
@@ -0,0 +1,305 @@
+/* crypto/bio/bss_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_SOCK
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifdef WATT32
+#define sock_write SockWrite  /* Watt-32 uses same names */
+#define sock_read  SockRead
+#define sock_puts  SockPuts
+#endif
+
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+
+static BIO_METHOD methods_sockp=
+        {
+        BIO_TYPE_SOCKET,
+        "socket",
+        sock_write,
+        sock_read,
+        sock_puts,
+        NULL, /* sock_gets, */
+        sock_ctrl,
+        sock_new,
+        sock_free,
+        NULL,
+        };
+
+BIO_METHOD *BIO_s_socket(void)
+        {
+        return(&methods_sockp);
+        }
+
+BIO *BIO_new_socket(int fd, int close_flag)
+        {
+        BIO *ret;
+
+        ret=BIO_new(BIO_s_socket());
+        if (ret == NULL) return(NULL);
+        BIO_set_fd(ret,fd,close_flag);
+        return(ret);
+        }
+
+static int sock_new(BIO *bi)
+        {
+        bi->init=0;
+        bi->num=0;
+        bi->ptr=NULL;
+        bi->flags=0;
+        return(1);
+        }
+
+static int sock_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        if (a->shutdown)
+                {
+                if (a->init)
+                        {
+                        SHUTDOWN2(a->num);
+                        }
+                a->init=0;
+                a->flags=0;
+                }
+        return(1);
+        }
+        
+static int sock_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+
+        if (out != NULL)
+                {
+                clear_socket_error();
+                ret=readsocket(b->num,out,outl);
+                BIO_clear_retry_flags(b);
+                if (ret <= 0)
+                        {
+                        if (BIO_sock_should_retry(ret))
+                                BIO_set_retry_read(b);
+                        }
+                }
+        return(ret);
+        }
+
+static int sock_write(BIO *b, const char *in, int inl)
+        {
+        int ret;
+        
+        clear_socket_error();
+        ret=writesocket(b->num,in,inl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0)
+                {
+                if (BIO_sock_should_retry(ret))
+                        BIO_set_retry_write(b);
+                }
+        return(ret);
+        }
+
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret=1;
+        int *ip;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                num=0;
+        case BIO_C_FILE_SEEK:
+                ret=0;
+                break;
+        case BIO_C_FILE_TELL:
+        case BIO_CTRL_INFO:
+                ret=0;
+                break;
+        case BIO_C_SET_FD:
+                sock_free(b);
+                b->num= *((int *)ptr);
+                b->shutdown=(int)num;
+                b->init=1;
+                break;
+        case BIO_C_GET_FD:
+                if (b->init)
+                        {
+                        ip=(int *)ptr;
+                        if (ip != NULL) *ip=b->num;
+                        ret=b->num;
+                        }
+                else
+                        ret= -1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+                ret=b->shutdown;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+                b->shutdown=(int)num;
+                break;
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+                ret=0;
+                break;
+        case BIO_CTRL_DUP:
+        case BIO_CTRL_FLUSH:
+                ret=1;
+                break;
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+
+static int sock_puts(BIO *bp, const char *str)
+        {
+        int n,ret;
+
+        n=strlen(str);
+        ret=sock_write(bp,str,n);
+        return(ret);
+        }
+
+int BIO_sock_should_retry(int i)
+        {
+        int err;
+
+        if ((i == 0) || (i == -1))
+                {
+                err=get_last_socket_error();
+
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+                if ((i == -1) && (err == 0))
+                        return(1);
+#endif
+
+                return(BIO_sock_non_fatal_error(err));
+                }
+        return(0);
+        }
+
+int BIO_sock_non_fatal_error(int err)
+        {
+        switch (err)
+                {
+#if defined(OPENSSL_SYS_WINDOWS)
+# if defined(WSAEWOULDBLOCK)
+        case WSAEWOULDBLOCK:
+# endif
+
+# if 0 /* This appears to always be an error */
+#  if defined(WSAENOTCONN)
+        case WSAENOTCONN:
+#  endif
+# endif
+#endif
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+#  if WSAEWOULDBLOCK != EWOULDBLOCK
+        case EWOULDBLOCK:
+#  endif
+# else
+        case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+        case ENOTCONN:
+#endif
+
+#ifdef EINTR
+        case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+        case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+        case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+        case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+        case EALREADY:
+#endif
+                return(1);
+                /* break; */
+        default:
+                break;
+                }
+        return(0);
+        }
+#endif
diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl
new file mode 100644
index 0000000000..50892ef44c
--- /dev/null
+++ b/src/lib/libcrypto/bn/Makefile.ssl
@@ -0,0 +1,326 @@
+#
+# SSLeay/crypto/bn/Makefile
+#
+
+DIR=    bn
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+BN_ASM=         bn_asm.o
+# or use
+#BN_ASM=        bn86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
+
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
+        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+bn_prime.h: bn_prime.pl
+        $(PERL) bn_prime.pl >bn_prime.h
+
+divtest: divtest.c ../../libcrypto.a
+        cc -I../../include divtest.c -o divtest ../../libcrypto.a
+
+bnbug: bnbug.c ../../libcrypto.a top
+        cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s)
+
+asm/co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s)
+
+# a.out
+asm/bn86-out.o: asm/bn86unix.cpp
+        $(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+
+asm/co86-out.o: asm/co86unix.cpp
+        $(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
+
+# bsdi
+asm/bn86bsdi.o: asm/bn86unix.cpp
+        $(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o
+
+asm/co86bsdi.o: asm/co86unix.cpp
+        $(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
+
+asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+
+asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
+
+asm/sparcv8.o: asm/sparcv8.S
+
+asm/sparcv8plus.o: asm/sparcv8plus.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+        $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+                /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+
+
+asm/ia64.o:     asm/ia64.S
+
+# Some compiler drivers (most notably HP-UX and Intel C++) don't
+# understand .S extension:-( I wish I could pipe output from cc -E,
+# but it's too compiler driver/ABI dependent to cover with a single
+# rule...       <appro@fy.chalmers.se>
+asm/ia64-cpp.o: asm/ia64.S
+        $(CC) $(ASFLAGS) -E asm/ia64.S > /tmp/ia64.$$$$.s &&    \
+        $(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s; \
+        rm -f /tmp/ia64.$$$$.s
+
+asm/x86_64-gcc.o: asm/x86_64-gcc.c
+
+asm/pa-risc2W.o: asm/pa-risc2W.s
+        /usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+exptest:
+        rm -f exptest
+        gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+        rm -f a.out
+        gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_add.o: ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_asm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_asm.o: ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_blind.o: ../cryptlib.h bn_blind.c bn_lcl.h
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_div.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_div.o: ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_err.o: ../../include/openssl/symhacks.h bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp2.o: ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mod.o: ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mont.o: ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mpi.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mpi.o: ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_print.o: ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_recp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_recp.o: ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_shift.o: ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqr.o: ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqrt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqrt.o: ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl
new file mode 100644
index 0000000000..c4de4a2bee
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/bn-586.pl
@@ -0,0 +1,593 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+#&bn_sub_part_words("bn_sub_part_words");
+
+&asm_finish();
+
+sub bn_mul_add_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ebp";
+        $r="edi";
+        $c="esi";
+
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+
+        &mov("ecx",&wparam(2)); #
+        &mov($a,&wparam(1));    #
+
+        &and("ecx",0xfffffff8); # num / 8
+        &mov($w,&wparam(3));    #
+
+        &push("ecx");           # Up the stack for a tmp variable
+
+        &jz(&label("maw_finish"));
+
+        &set_label("maw_loop",0);
+
+        &mov(&swtmp(0),"ecx");  #
+
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+
+                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);         # L(t)+= *r
+                 &mov($c,&DWP($i,$r,"",0));     # L(t)+= *r
+                &adc("edx",0);                  # H(t)+=carry
+                 &add("eax",$c);                # L(t)+=c
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+                &mov($c,"edx");                 # c=  H(t);
+                }
+
+        &comment("");
+        &mov("ecx",&swtmp(0));  #
+        &add($a,32);
+        &add($r,32);
+        &sub("ecx",8);
+        &jnz(&label("maw_loop"));
+
+        &set_label("maw_finish",0);
+        &mov("ecx",&wparam(2)); # get num
+        &and("ecx",7);
+        &jnz(&label("maw_finish2"));    # helps branch prediction
+        &jmp(&label("maw_end"));
+
+        &set_label("maw_finish2",1);
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 &mov($c,&DWP($i*4,$r,"",0));   # L(t)+= *r
+                &adc("edx",0);                  # H(t)+=carry
+                 &add("eax",$c);
+                &adc("edx",0);                  # H(t)+=carry
+                 &dec("ecx") if ($i != 7-1);
+                &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
+                 &mov($c,"edx");                        # c=  H(t);
+                &jz(&label("maw_end")) if ($i != 7-1);
+                }
+        &set_label("maw_end",0);
+        &mov("eax",$c);
+
+        &pop("ecx");    # clear variable from
+
+        &function_end($name);
+        }
+
+sub bn_mul_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ecx";
+        $r="edi";
+        $c="esi";
+        $num="ebp";
+
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+        &mov($a,&wparam(1));    #
+        &mov($num,&wparam(2));  #
+        &mov($w,&wparam(3));    #
+
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("mw_finish"));
+
+        &set_label("mw_loop",0);
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+
+                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 # XXX
+
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+
+                &mov($c,"edx");                 # c=  H(t);
+                }
+
+        &comment("");
+        &add($a,32);
+        &add($r,32);
+        &sub($num,8);
+        &jz(&label("mw_finish"));
+        &jmp(&label("mw_loop"));
+
+        &set_label("mw_finish",0);
+        &mov($num,&wparam(2));  # get num
+        &and($num,7);
+        &jnz(&label("mw_finish2"));
+        &jmp(&label("mw_end"));
+
+        &set_label("mw_finish2",1);
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 # XXX
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+                &mov($c,"edx");                 # c=  H(t);
+                 &dec($num) if ($i != 7-1);
+                &jz(&label("mw_end")) if ($i != 7-1);
+                }
+        &set_label("mw_end",0);
+        &mov("eax",$c);
+
+        &function_end($name);
+        }
+
+sub bn_sqr_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $r="esi";
+        $a="edi";
+        $num="ebx";
+
+        &mov($r,&wparam(0));    #
+        &mov($a,&wparam(1));    #
+        &mov($num,&wparam(2));  #
+
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("sw_finish"));
+
+        &set_label("sw_loop",0);
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+                &mov("eax",&DWP($i,$a,"",0));   # *a
+                 # XXX
+                &mul("eax");                    # *a * *a
+                &mov(&DWP($i*2,$r,"",0),"eax"); #
+                 &mov(&DWP($i*2+4,$r,"",0),"edx");#
+                }
+
+        &comment("");
+        &add($a,32);
+        &add($r,64);
+        &sub($num,8);
+        &jnz(&label("sw_loop"));
+
+        &set_label("sw_finish",0);
+        &mov($num,&wparam(2));  # get num
+        &and($num,7);
+        &jz(&label("sw_end"));
+
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov("eax",&DWP($i*4,$a,"",0)); # *a
+                 # XXX
+                &mul("eax");                    # *a * *a
+                &mov(&DWP($i*8,$r,"",0),"eax"); #
+                 &dec($num) if ($i != 7-1);
+                &mov(&DWP($i*8+4,$r,"",0),"edx");
+                 &jz(&label("sw_end")) if ($i != 7-1);
+                }
+        &set_label("sw_end",0);
+
+        &function_end($name);
+        }
+
+sub bn_div_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+        &mov("edx",&wparam(0)); #
+        &mov("eax",&wparam(1)); #
+        &mov("ebx",&wparam(2)); #
+        &div("ebx");
+        &function_end($name);
+        }
+
+sub bn_add_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $a="esi";
+        $b="edi";
+        $c="eax";
+        $r="ebx";
+        $tmp1="ecx";
+        $tmp2="edx";
+        $num="ebp";
+
+        &mov($r,&wparam(0));    # get r
+         &mov($a,&wparam(1));   # get a
+        &mov($b,&wparam(2));    # get b
+         &mov($num,&wparam(3)); # get num
+        &xor($c,$c);            # clear carry
+         &and($num,0xfffffff8); # num / 8
+
+        &jz(&label("aw_finish"));
+
+        &set_label("aw_loop",0);
+        for ($i=0; $i<8; $i++)
+                {
+                &comment("Round $i");
+
+                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
+                &add($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &add($tmp1,$tmp2);
+                &adc($c,0);
+                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
+                }
+
+        &comment("");
+        &add($a,32);
+         &add($b,32);
+        &add($r,32);
+         &sub($num,8);
+        &jnz(&label("aw_loop"));
+
+        &set_label("aw_finish",0);
+        &mov($num,&wparam(3));  # get num
+        &and($num,7);
+         &jz(&label("aw_end"));
+
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+                &add($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &add($tmp1,$tmp2);
+                &adc($c,0);
+                 &dec($num) if ($i != 6);
+                &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+                 &jz(&label("aw_end")) if ($i != 6);
+                }
+        &set_label("aw_end",0);
+
+#       &mov("eax",$c);         # $c is "eax"
+
+        &function_end($name);
+        }
+
+sub bn_sub_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $a="esi";
+        $b="edi";
+        $c="eax";
+        $r="ebx";
+        $tmp1="ecx";
+        $tmp2="edx";
+        $num="ebp";
+
+        &mov($r,&wparam(0));    # get r
+         &mov($a,&wparam(1));   # get a
+        &mov($b,&wparam(2));    # get b
+         &mov($num,&wparam(3)); # get num
+        &xor($c,$c);            # clear carry
+         &and($num,0xfffffff8); # num / 8
+
+        &jz(&label("aw_finish"));
+
+        &set_label("aw_loop",0);
+        for ($i=0; $i<8; $i++)
+                {
+                &comment("Round $i");
+
+                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
+                &sub($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &sub($tmp1,$tmp2);
+                &adc($c,0);
+                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
+                }
+
+        &comment("");
+        &add($a,32);
+         &add($b,32);
+        &add($r,32);
+         &sub($num,8);
+        &jnz(&label("aw_loop"));
+
+        &set_label("aw_finish",0);
+        &mov($num,&wparam(3));  # get num
+        &and($num,7);
+         &jz(&label("aw_end"));
+
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+                &sub($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &sub($tmp1,$tmp2);
+                &adc($c,0);
+                 &dec($num) if ($i != 6);
+                &mov(&DWP($i*4,$r,"",0),$tmp1); # *r
+                 &jz(&label("aw_end")) if ($i != 6);
+                }
+        &set_label("aw_end",0);
+
+#       &mov("eax",$c);         # $c is "eax"
+
+        &function_end($name);
+        }
+
+sub bn_sub_part_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $a="esi";
+        $b="edi";
+        $c="eax";
+        $r="ebx";
+        $tmp1="ecx";
+        $tmp2="edx";
+        $num="ebp";
+
+        &mov($r,&wparam(0));    # get r
+         &mov($a,&wparam(1));   # get a
+        &mov($b,&wparam(2));    # get b
+         &mov($num,&wparam(3)); # get num
+        &xor($c,$c);            # clear carry
+         &and($num,0xfffffff8); # num / 8
+
+        &jz(&label("aw_finish"));
+
+        &set_label("aw_loop",0);
+        for ($i=0; $i<8; $i++)
+                {
+                &comment("Round $i");
+
+                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
+                &sub($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &sub($tmp1,$tmp2);
+                &adc($c,0);
+                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
+                }
+
+        &comment("");
+        &add($a,32);
+         &add($b,32);
+        &add($r,32);
+         &sub($num,8);
+        &jnz(&label("aw_loop"));
+
+        &set_label("aw_finish",0);
+        &mov($num,&wparam(3));  # get num
+        &and($num,7);
+         &jz(&label("aw_end"));
+
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov($tmp1,&DWP(0,$a,"",0));    # *a
+                 &mov($tmp2,&DWP(0,$b,"",0));# *b
+                &sub($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &sub($tmp1,$tmp2);
+                &adc($c,0);
+                &mov(&DWP(0,$r,"",0),$tmp1);    # *r
+                &add($a, 4);
+                &add($b, 4);
+                &add($r, 4);
+                 &dec($num) if ($i != 6);
+                 &jz(&label("aw_end")) if ($i != 6);
+                }
+        &set_label("aw_end",0);
+
+        &cmp(&wparam(4),0);
+        &je(&label("pw_end"));
+
+        &mov($num,&wparam(4));  # get dl
+        &cmp($num,0);
+        &je(&label("pw_end"));
+        &jge(&label("pw_pos"));
+
+        &comment("pw_neg");
+        &mov($tmp2,0);
+        &sub($tmp2,$num);
+        &mov($num,$tmp2);
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("pw_neg_finish"));
+
+        &set_label("pw_neg_loop",0);
+        for ($i=0; $i<8; $i++)
+        {
+            &comment("dl<0 Round $i");
+
+            &mov($tmp1,0);
+            &mov($tmp2,&DWP($i*4,$b,"",0));     # *b
+            &sub($tmp1,$c);
+            &mov($c,0);
+            &adc($c,$c);
+            &sub($tmp1,$tmp2);
+            &adc($c,0);
+            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
+        }
+            
+        &comment("");
+        &add($b,32);
+        &add($r,32);
+        &sub($num,8);
+        &jnz(&label("pw_neg_loop"));
+            
+        &set_label("pw_neg_finish",0);
+        &mov($tmp2,&wparam(4)); # get dl
+        &mov($num,0);
+        &sub($num,$tmp2);
+        &and($num,7);
+        &jz(&label("pw_end"));
+            
+        for ($i=0; $i<7; $i++)
+        {
+            &comment("dl<0 Tail Round $i");
+            &mov($tmp1,0);
+            &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+            &sub($tmp1,$c);
+            &mov($c,0);
+            &adc($c,$c);
+            &sub($tmp1,$tmp2);
+            &adc($c,0);
+            &dec($num) if ($i != 6);
+            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
+            &jz(&label("pw_end")) if ($i != 6);
+        }
+
+        &jmp(&label("pw_end"));
+        
+        &set_label("pw_pos",0);
+        
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("pw_pos_finish"));
+
+        &set_label("pw_pos_loop",0);
+
+        for ($i=0; $i<8; $i++)
+        {
+            &comment("dl>0 Round $i");
+
+            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
+            &sub($tmp1,$c);
+            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
+            &jnc(&label("pw_nc".$i));
+        }
+            
+        &comment("");
+        &add($a,32);
+        &add($r,32);
+        &sub($num,8);
+        &jnz(&label("pw_pos_loop"));
+            
+        &set_label("pw_pos_finish",0);
+        &mov($num,&wparam(4));  # get dl
+        &and($num,7);
+        &jz(&label("pw_end"));
+            
+        for ($i=0; $i<7; $i++)
+        {
+            &comment("dl>0 Tail Round $i");
+            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
+            &sub($tmp1,$c);
+            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
+            &jnc(&label("pw_tail_nc".$i));
+            &dec($num) if ($i != 6);
+            &jz(&label("pw_end")) if ($i != 6);
+        }
+        &mov($c,1);
+        &jmp(&label("pw_end"));
+
+        &set_label("pw_nc_loop",0);
+        for ($i=0; $i<8; $i++)
+        {
+            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
+            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
+            &set_label("pw_nc".$i,0);
+        }
+            
+        &comment("");
+        &add($a,32);
+        &add($r,32);
+        &sub($num,8);
+        &jnz(&label("pw_nc_loop"));
+            
+        &mov($num,&wparam(4));  # get dl
+        &and($num,7);
+        &jz(&label("pw_nc_end"));
+            
+        for ($i=0; $i<7; $i++)
+        {
+            &mov($tmp1,&DWP($i*4,$a,"",0));     # *a
+            &mov(&DWP($i*4,$r,"",0),$tmp1);     # *r
+            &set_label("pw_tail_nc".$i,0);
+            &dec($num) if ($i != 6);
+            &jz(&label("pw_nc_end")) if ($i != 6);
+        }
+
+        &set_label("pw_nc_end",0);
+        &mov($c,0);
+
+        &set_label("pw_end",0);
+
+#       &mov("eax",$c);         # $c is "eax"
+
+        &function_end($name);
+        }
+
diff --git a/src/lib/libcrypto/bn/asm/co-586.pl b/src/lib/libcrypto/bn/asm/co-586.pl
new file mode 100644
index 0000000000..5d962cb957
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/co-586.pl
@@ -0,0 +1,286 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
+sub mul_add_c
+        {
+        local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+        # words, and 1 if load return value
+
+        &comment("mul a[$ai]*b[$bi]");
+
+        # "eax" and "edx" will always be pre-loaded.
+        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+        # &mov("edx",&DWP($bi*4,$b,"",0));
+
+        &mul("edx");
+        &add($c0,"eax");
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # laod next a
+         &mov("eax",&wparam(0)) if $pos > 0;                    # load r[]
+         ###
+        &adc($c1,"edx");
+         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;        # laod next b
+         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;        # laod next b
+         ###
+        &adc($c2,0);
+         # is pos > 1, it means it is the last loop 
+         &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;           # save r[];
+        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # laod next a
+        }
+
+sub sqr_add_c
+        {
+        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+        # words, and 1 if load return value
+
+        &comment("sqr a[$ai]*a[$bi]");
+
+        # "eax" and "edx" will always be pre-loaded.
+        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+        # &mov("edx",&DWP($bi*4,$b,"",0));
+
+        if ($ai == $bi)
+                { &mul("eax");}
+        else
+                { &mul("edx");}
+        &add($c0,"eax");
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
+         ###
+        &adc($c1,"edx");
+         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+         ###
+        &adc($c2,0);
+         # is pos > 1, it means it is the last loop 
+         &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;              # save r[];
+        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # load next b
+        }
+
+sub sqr_add_c2
+        {
+        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+        # words, and 1 if load return value
+
+        &comment("sqr a[$ai]*a[$bi]");
+
+        # "eax" and "edx" will always be pre-loaded.
+        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+        # &mov("edx",&DWP($bi*4,$a,"",0));
+
+        if ($ai == $bi)
+                { &mul("eax");}
+        else
+                { &mul("edx");}
+        &add("eax","eax");
+         ###
+        &adc("edx","edx");
+         ###
+        &adc($c2,0);
+         &add($c0,"eax");
+        &adc($c1,"edx");
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;        # load next b
+        &adc($c2,0);
+        &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;               # save r[];
+         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+         ###
+        }
+
+sub bn_mul_comba
+        {
+        local($name,$num)=@_;
+        local($a,$b,$c0,$c1,$c2);
+        local($i,$as,$ae,$bs,$be,$ai,$bi);
+        local($tot,$end);
+
+        &function_begin_B($name,"");
+
+        $c0="ebx";
+        $c1="ecx";
+        $c2="ebp";
+        $a="esi";
+        $b="edi";
+        
+        $as=0;
+        $ae=0;
+        $bs=0;
+        $be=0;
+        $tot=$num+$num-1;
+
+        &push("esi");
+         &mov($a,&wparam(1));
+        &push("edi");
+         &mov($b,&wparam(2));
+        &push("ebp");
+         &push("ebx");
+
+        &xor($c0,$c0);
+         &mov("eax",&DWP(0,$a,"",0));   # load the first word 
+        &xor($c1,$c1);
+         &mov("edx",&DWP(0,$b,"",0));   # load the first second 
+
+        for ($i=0; $i<$tot; $i++)
+                {
+                $ai=$as;
+                $bi=$bs;
+                $end=$be+1;
+
+                &comment("################## Calculate word $i"); 
+
+                for ($j=$bs; $j<$end; $j++)
+                        {
+                        &xor($c2,$c2) if ($j == $bs);
+                        if (($j+1) == $end)
+                                {
+                                $v=1;
+                                $v=2 if (($i+1) == $tot);
+                                }
+                        else
+                                { $v=0; }
+                        if (($j+1) != $end)
+                                {
+                                $na=($ai-1);
+                                $nb=($bi+1);
+                                }
+                        else
+                                {
+                                $na=$as+($i < ($num-1));
+                                $nb=$bs+($i >= ($num-1));
+                                }
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+                        &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+                        if ($v)
+                                {
+                                &comment("saved r[$i]");
+                                # &mov("eax",&wparam(0));
+                                # &mov(&DWP($i*4,"eax","",0),$c0);
+                                ($c0,$c1,$c2)=($c1,$c2,$c0);
+                                }
+                        $ai--;
+                        $bi++;
+                        }
+                $as++ if ($i < ($num-1));
+                $ae++ if ($i >= ($num-1));
+
+                $bs++ if ($i >= ($num-1));
+                $be++ if ($i < ($num-1));
+                }
+        &comment("save r[$i]");
+        # &mov("eax",&wparam(0));
+        &mov(&DWP($i*4,"eax","",0),$c0);
+
+        &pop("ebx");
+        &pop("ebp");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+        &function_end_B($name);
+        }
+
+sub bn_sqr_comba
+        {
+        local($name,$num)=@_;
+        local($r,$a,$c0,$c1,$c2)=@_;
+        local($i,$as,$ae,$bs,$be,$ai,$bi);
+        local($b,$tot,$end,$half);
+
+        &function_begin_B($name,"");
+
+        $c0="ebx";
+        $c1="ecx";
+        $c2="ebp";
+        $a="esi";
+        $r="edi";
+
+        &push("esi");
+         &push("edi");
+        &push("ebp");
+         &push("ebx");
+        &mov($r,&wparam(0));
+         &mov($a,&wparam(1));
+        &xor($c0,$c0);
+         &xor($c1,$c1);
+        &mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+        $as=0;
+        $ae=0;
+        $bs=0;
+        $be=0;
+        $tot=$num+$num-1;
+
+        for ($i=0; $i<$tot; $i++)
+                {
+                $ai=$as;
+                $bi=$bs;
+                $end=$be+1;
+
+                &comment("############### Calculate word $i");
+                for ($j=$bs; $j<$end; $j++)
+                        {
+                        &xor($c2,$c2) if ($j == $bs);
+                        if (($ai-1) < ($bi+1))
+                                {
+                                $v=1;
+                                $v=2 if ($i+1) == $tot;
+                                }
+                        else
+                                { $v=0; }
+                        if (!$v)
+                                {
+                                $na=$ai-1;
+                                $nb=$bi+1;
+                                }
+                        else
+                                {
+                                $na=$as+($i < ($num-1));
+                                $nb=$bs+($i >= ($num-1));
+                                }
+                        if ($ai == $bi)
+                                {
+                                &sqr_add_c($r,$a,$ai,$bi,
+                                        $c0,$c1,$c2,$v,$i,$na,$nb);
+                                }
+                        else
+                                {
+                                &sqr_add_c2($r,$a,$ai,$bi,
+                                        $c0,$c1,$c2,$v,$i,$na,$nb);
+                                }
+                        if ($v)
+                                {
+                                &comment("saved r[$i]");
+                                #&mov(&DWP($i*4,$r,"",0),$c0);
+                                ($c0,$c1,$c2)=($c1,$c2,$c0);
+                                last;
+                                }
+                        $ai--;
+                        $bi++;
+                        }
+                $as++ if ($i < ($num-1));
+                $ae++ if ($i >= ($num-1));
+
+                $bs++ if ($i >= ($num-1));
+                $be++ if ($i < ($num-1));
+                }
+        &mov(&DWP($i*4,$r,"",0),$c0);
+        &pop("ebx");
+        &pop("ebp");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+        &function_end_B($name);
+        }
diff --git a/src/lib/libcrypto/bn/asm/ia64.S b/src/lib/libcrypto/bn/asm/ia64.S
new file mode 100644
index 0000000000..7b82b820e6
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/ia64.S
@@ -0,0 +1,1560 @@
+.explicit
+.text
+.ident  "ia64.S, Version 2.1"
+.ident  "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+//
+// ====================================================================
+// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+// project.
+//
+// Rights for redistribution and usage in source and binary forms are
+// granted according to the OpenSSL license. Warranty of any kind is
+// disclaimed.
+// ====================================================================
+//
+// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
+// different from Itanium to this module viewpoint. Most notably, is it
+// "wider" than Itanium? Can you experience loop scalability as
+// discussed in commentary sections? Not really:-( Itanium2 has 6
+// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
+// spin twice as fast, as I need 8 IALU ports. Amount of floating point
+// ports is the same, i.e. 2, while I need 4. In other words, to this
+// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
+// essentially different in respect to this module, and a re-tune was
+// required. Well, because some intruction latencies has changed. Most
+// noticeably those intensively used:
+//
+//                      Itanium Itanium2
+//      ldf8            9       6               L2 hit
+//      ld8             2       1               L1 hit
+//      getf            2       5
+//      xma[->getf]     7[+1]   4[+0]
+//      add[->st8]      1[+1]   1[+0]
+//
+// What does it mean? You might ratiocinate that the original code
+// should run just faster... Because sum of latencies is smaller...
+// Wrong! Note that getf latency increased. This means that if a loop is
+// scheduled for lower latency (as they were), then it will suffer from
+// stall condition and the code will therefore turn anti-scalable, e.g.
+// original bn_mul_words spun at 5*n or 2.5 times slower than expected
+// on Itanium2! What to do? Reschedule loops for Itanium2? But then
+// Itanium would exhibit anti-scalability. So I've chosen to reschedule
+// for worst latency for every instruction aiming for best *all-round*
+// performance.  
+
+// Q.   How much faster does it get?
+// A.   Here is the output from 'openssl speed rsa dsa' for vanilla
+//      0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
+//      Linux 7.1 2.96-81):
+//
+//                        sign    verify    sign/s verify/s
+//      rsa  512 bits   0.0036s   0.0003s    275.3   2999.2
+//      rsa 1024 bits   0.0203s   0.0011s     49.3    894.1
+//      rsa 2048 bits   0.1331s   0.0040s      7.5    250.9
+//      rsa 4096 bits   0.9270s   0.0147s      1.1     68.1
+//                        sign    verify    sign/s verify/s
+//      dsa  512 bits   0.0035s   0.0043s    288.3    234.8
+//      dsa 1024 bits   0.0111s   0.0135s     90.0     74.2
+//
+//      And here is similar output but for this assembler
+//      implementation:-)
+//
+//                        sign    verify    sign/s verify/s
+//      rsa  512 bits   0.0021s   0.0001s    549.4   9638.5
+//      rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1
+//      rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3
+//      rsa 4096 bits   0.1295s   0.0018s      7.7    561.5
+//                        sign    verify    sign/s verify/s
+//      dsa  512 bits   0.0012s   0.0013s    891.9    756.6
+//      dsa 1024 bits   0.0023s   0.0028s    440.4    376.2
+//      
+//      Yes, you may argue that it's not fair comparison as it's
+//      possible to craft the C implementation with BN_UMULT_HIGH
+//      inline assembler macro. But of course! Here is the output
+//      with the macro:
+//
+//                        sign    verify    sign/s verify/s
+//      rsa  512 bits   0.0020s   0.0002s    495.0   6561.0
+//      rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7
+//      rsa 2048 bits   0.0519s   0.0015s     19.3    667.3
+//      rsa 4096 bits   0.3464s   0.0053s      2.9    187.7
+//                        sign    verify    sign/s verify/s
+//      dsa  512 bits   0.0016s   0.0020s    613.1    510.5
+//      dsa 1024 bits   0.0045s   0.0054s    221.0    183.9
+//
+//      My code is still way faster, huh:-) And I believe that even
+//      higher performance can be achieved. Note that as keys get
+//      longer, performance gain is larger. Why? According to the
+//      profiler there is another player in the field, namely
+//      BN_from_montgomery consuming larger and larger portion of CPU
+//      time as keysize decreases. I therefore consider putting effort
+//      to assembler implementation of the following routine:
+//
+//      void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
+//      {
+//      int      i,j;
+//      BN_ULONG v;
+//
+//      for (i=0; i<nl; i++)
+//              {
+//              v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+//              nrp++;
+//              rp++;
+//              if (((nrp[-1]+=v)&BN_MASK2) < v)
+//                      for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
+//              }
+//      }
+//
+//      It might as well be beneficial to implement even combaX
+//      variants, as it appears as it can literally unleash the
+//      performance (see comment section to bn_mul_comba8 below).
+//
+//      And finally for your reference the output for 0.9.6a compiled
+//      with SGIcc version 0.01.0-12 (keep in mind that for the moment
+//      of this writing it's not possible to convince SGIcc to use
+//      BN_UMULT_HIGH inline assembler macro, yet the code is fast,
+//      i.e. for a compiler generated one:-):
+//
+//                        sign    verify    sign/s verify/s
+//      rsa  512 bits   0.0022s   0.0002s    452.7   5894.3
+//      rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9
+//      rsa 2048 bits   0.0578s   0.0017s     17.3    600.2
+//      rsa 4096 bits   0.3838s   0.0061s      2.6    164.5
+//                        sign    verify    sign/s verify/s
+//      dsa  512 bits   0.0018s   0.0022s    547.3    459.6
+//      dsa 1024 bits   0.0051s   0.0062s    196.6    161.3
+//
+//      Oh! Benchmarks were performed on 733MHz Lion-class Itanium
+//      system running Redhat Linux 7.1 (very special thanks to Ray
+//      McCaffity of Williams Communications for providing an account).
+//
+// Q.   What's the heck with 'rum 1<<5' at the end of every function?
+// A.   Well, by clearing the "upper FP registers written" bit of the
+//      User Mask I want to excuse the kernel from preserving upper
+//      (f32-f128) FP register bank over process context switch, thus
+//      minimizing bus bandwidth consumption during the switch (i.e.
+//      after PKI opration completes and the program is off doing
+//      something else like bulk symmetric encryption). Having said
+//      this, I also want to point out that it might be good idea
+//      to compile the whole toolkit (as well as majority of the
+//      programs for that matter) with -mfixed-range=f32-f127 command
+//      line option. No, it doesn't prevent the compiler from writing
+//      to upper bank, but at least discourages to do so. If you don't
+//      like the idea you have the option to compile the module with
+//      -Drum=nop.m in command line.
+//
+
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#define ADDP    addp4
+#else
+#define ADDP    add
+#endif
+
+#if 1
+//
+// bn_[add|sub]_words routines.
+//
+// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
+// data reside in L1 cache, i.e. 2 ticks away). It's possible to
+// compress the epilogue and get down to 2*n+6, but at the cost of
+// scalability (the neat feature of this implementation is that it
+// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
+// I consider that the epilogue is short enough as it is to trade tiny
+// performance loss on Itanium for scalability.
+//
+// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global bn_add_words#
+.proc   bn_add_words#
+.align  64
+.skip   32      // makes the loop body aligned at 64-byte boundary
+bn_add_words:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+{ .mii; alloc           r2=ar.pfs,4,12,0,16
+        cmp4.le         p6,p0=r35,r0    };;
+{ .mfb; mov             r8=r0                   // return value
+(p6)    br.ret.spnt.many        b0      };;
+
+        .save   ar.lc,r3
+{ .mib; sub             r10=r35,r0,1
+        mov             r3=ar.lc
+        brp.loop.imp    .L_bn_add_words_ctop,.L_bn_add_words_cend-16
+                                        }
+        .body
+{ .mib; ADDP            r14=0,r32               // rp
+        mov             r9=pr           };;
+{ .mii; ADDP            r15=0,r33               // ap
+        mov             ar.lc=r10
+        mov             ar.ec=6         }
+{ .mib; ADDP            r16=0,r34               // bp
+        mov             pr.rot=1<<16    };;
+
+.L_bn_add_words_ctop:
+{ .mii; (p16)   ld8             r32=[r16],8       // b=*(bp++)
+        (p18)   add             r39=r37,r34
+        (p19)   cmp.ltu.unc     p56,p0=r40,r38  }
+{ .mfb; (p0)    nop.m           0x0
+        (p0)    nop.f           0x0
+        (p0)    nop.b           0x0             }
+{ .mii; (p16)   ld8             r35=[r15],8       // a=*(ap++)
+        (p58)   cmp.eq.or       p57,p0=-1,r41     // (p20)
+        (p58)   add             r41=1,r41       } // (p20)
+{ .mfb; (p21)   st8             [r14]=r42,8       // *(rp++)=r
+        (p0)    nop.f           0x0
+        br.ctop.sptk    .L_bn_add_words_ctop    };;
+.L_bn_add_words_cend:
+
+{ .mii;
+(p59)   add             r8=1,r8         // return value
+        mov             pr=r9,0x1ffff
+        mov             ar.lc=r3        }
+{ .mbb; nop.b           0x0
+        br.ret.sptk.many        b0      };;
+.endp   bn_add_words#
+
+//
+// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global bn_sub_words#
+.proc   bn_sub_words#
+.align  64
+.skip   32      // makes the loop body aligned at 64-byte boundary
+bn_sub_words:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+{ .mii; alloc           r2=ar.pfs,4,12,0,16
+        cmp4.le         p6,p0=r35,r0    };;
+{ .mfb; mov             r8=r0                   // return value
+(p6)    br.ret.spnt.many        b0      };;
+
+        .save   ar.lc,r3
+{ .mib; sub             r10=r35,r0,1
+        mov             r3=ar.lc
+        brp.loop.imp    .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+                                        }
+        .body
+{ .mib; ADDP            r14=0,r32               // rp
+        mov             r9=pr           };;
+{ .mii; ADDP            r15=0,r33               // ap
+        mov             ar.lc=r10
+        mov             ar.ec=6         }
+{ .mib; ADDP            r16=0,r34               // bp
+        mov             pr.rot=1<<16    };;
+
+.L_bn_sub_words_ctop:
+{ .mii; (p16)   ld8             r32=[r16],8       // b=*(bp++)
+        (p18)   sub             r39=r37,r34
+        (p19)   cmp.gtu.unc     p56,p0=r40,r38  }
+{ .mfb; (p0)    nop.m           0x0
+        (p0)    nop.f           0x0
+        (p0)    nop.b           0x0             }
+{ .mii; (p16)   ld8             r35=[r15],8       // a=*(ap++)
+        (p58)   cmp.eq.or       p57,p0=0,r41      // (p20)
+        (p58)   add             r41=-1,r41      } // (p20)
+{ .mbb; (p21)   st8             [r14]=r42,8       // *(rp++)=r
+        (p0)    nop.b           0x0
+        br.ctop.sptk    .L_bn_sub_words_ctop    };;
+.L_bn_sub_words_cend:
+
+{ .mii;
+(p59)   add             r8=1,r8         // return value
+        mov             pr=r9,0x1ffff
+        mov             ar.lc=r3        }
+{ .mbb; nop.b           0x0
+        br.ret.sptk.many        b0      };;
+.endp   bn_sub_words#
+#endif
+
+#if 0
+#define XMA_TEMPTATION
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global bn_mul_words#
+.proc   bn_mul_words#
+.align  64
+.skip   32      // makes the loop body aligned at 64-byte boundary
+bn_mul_words:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+#ifdef XMA_TEMPTATION
+{ .mfi; alloc           r2=ar.pfs,4,0,0,0       };;
+#else
+{ .mfi; alloc           r2=ar.pfs,4,12,0,16     };;
+#endif
+{ .mib; mov             r8=r0                   // return value
+        cmp4.le         p6,p0=r34,r0
+(p6)    br.ret.spnt.many        b0              };;
+
+        .save   ar.lc,r3
+{ .mii; sub     r10=r34,r0,1
+        mov     r3=ar.lc
+        mov     r9=pr                   };;
+
+        .body
+{ .mib; setf.sig        f8=r35  // w
+        mov             pr.rot=0x800001<<16
+                        // ------^----- serves as (p50) at first (p27)
+        brp.loop.imp    .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+                                        }
+
+#ifndef XMA_TEMPTATION
+
+{ .mmi; ADDP            r14=0,r32       // rp
+        ADDP            r15=0,r33       // ap
+        mov             ar.lc=r10       }
+{ .mmi; mov             r40=0           // serves as r35 at first (p27)
+        mov             ar.ec=13        };;
+
+// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
+// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
+// bypass L1 cache and L2 latency is actually best-case scenario for
+// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
+// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
+// would give us ~5% in *overall* performance improvement on "wider"
+// IA-64, but would hurt Itanium for about same because of longer
+// epilogue. As it's a matter of few percents in either case I've
+// chosen to trade the scalability for development time (you can see
+// this very instruction sequence in bn_mul_add_words loop which in
+// turn is scalable).
+.L_bn_mul_words_ctop:
+{ .mfi; (p25)   getf.sig        r36=f52                 // low
+        (p21)   xmpy.lu         f48=f37,f8
+        (p28)   cmp.ltu         p54,p50=r41,r39 }
+{ .mfi; (p16)   ldf8            f32=[r15],8
+        (p21)   xmpy.hu         f40=f37,f8
+        (p0)    nop.i           0x0             };;
+{ .mii; (p25)   getf.sig        r32=f44                 // high
+        .pred.rel       "mutex",p50,p54
+        (p50)   add             r40=r38,r35             // (p27)
+        (p54)   add             r40=r38,r35,1   }       // (p27)
+{ .mfb; (p28)   st8             [r14]=r41,8
+        (p0)    nop.f           0x0
+        br.ctop.sptk    .L_bn_mul_words_ctop    };;
+.L_bn_mul_words_cend:
+
+{ .mii; nop.m           0x0
+.pred.rel       "mutex",p51,p55
+(p51)   add             r8=r36,r0
+(p55)   add             r8=r36,r0,1     }
+{ .mfb; nop.m   0x0
+        nop.f   0x0
+        nop.b   0x0                     }
+
+#else   // XMA_TEMPTATION
+
+        setf.sig        f37=r0  // serves as carry at (p18) tick
+        mov             ar.lc=r10
+        mov             ar.ec=5;;
+
+// Most of you examining this code very likely wonder why in the name
+// of Intel the following loop is commented out? Indeed, it looks so
+// neat that you find it hard to believe that it's something wrong
+// with it, right? The catch is that every iteration depends on the
+// result from previous one and the latter isn't available instantly.
+// The loop therefore spins at the latency of xma minus 1, or in other
+// words at 6*(n+4) ticks:-( Compare to the "production" loop above
+// that runs in 2*(n+11) where the low latency problem is worked around
+// by moving the dependency to one-tick latent interger ALU. Note that
+// "distance" between ldf8 and xma is not latency of ldf8, but the
+// *difference* between xma and ldf8 latencies.
+.L_bn_mul_words_ctop:
+{ .mfi; (p16)   ldf8            f32=[r33],8
+        (p18)   xma.hu          f38=f34,f8,f39  }
+{ .mfb; (p20)   stf8            [r32]=f37,8
+        (p18)   xma.lu          f35=f34,f8,f39
+        br.ctop.sptk    .L_bn_mul_words_ctop    };;
+.L_bn_mul_words_cend:
+
+        getf.sig        r8=f41          // the return value
+
+#endif  // XMA_TEMPTATION
+
+{ .mii; nop.m           0x0
+        mov             pr=r9,0x1ffff
+        mov             ar.lc=r3        }
+{ .mfb; rum             1<<5            // clear um.mfh
+        nop.f           0x0
+        br.ret.sptk.many        b0      };;
+.endp   bn_mul_words#
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global bn_mul_add_words#
+.proc   bn_mul_add_words#
+.align  64
+.skip   48      // makes the loop body aligned at 64-byte boundary
+bn_mul_add_words:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+        .save   ar.lc,r3
+        .save   pr,r9
+{ .mmi; alloc           r2=ar.pfs,4,4,0,8
+        cmp4.le         p6,p0=r34,r0
+        mov             r3=ar.lc        };;
+{ .mib; mov             r8=r0           // return value
+        sub             r10=r34,r0,1
+(p6)    br.ret.spnt.many        b0      };;
+
+        .body
+{ .mib; setf.sig        f8=r35          // w
+        mov             r9=pr
+        brp.loop.imp    .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+                                        }
+{ .mmi; ADDP            r14=0,r32       // rp
+        ADDP            r15=0,r33       // ap
+        mov             ar.lc=r10       }
+{ .mii; ADDP            r16=0,r32       // rp copy
+        mov             pr.rot=0x2001<<16
+                        // ------^----- serves as (p40) at first (p27)
+        mov             ar.ec=11        };;
+
+// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
+// Itanium 2. Yes, unlike previous versions it scales:-) Previous
+// version was peforming *all* additions in IALU and was starving
+// for those even on Itanium 2. In this version one addition is
+// moved to FPU and is folded with multiplication. This is at cost
+// of propogating the result from previous call to this subroutine
+// to L2 cache... In other words negligible even for shorter keys.
+// *Overall* performance improvement [over previous version] varies
+// from 11 to 22 percent depending on key length.
+.L_bn_mul_add_words_ctop:
+.pred.rel       "mutex",p40,p42
+{ .mfi; (p23)   getf.sig        r36=f45                 // low
+        (p20)   xma.lu          f42=f36,f8,f50          // low
+        (p40)   add             r39=r39,r35     }       // (p27)
+{ .mfi; (p16)   ldf8            f32=[r15],8             // *(ap++)
+        (p20)   xma.hu          f36=f36,f8,f50          // high
+        (p42)   add             r39=r39,r35,1   };;     // (p27)
+{ .mmi; (p24)   getf.sig        r32=f40                 // high
+        (p16)   ldf8            f46=[r16],8             // *(rp1++)
+        (p40)   cmp.ltu         p41,p39=r39,r35 }       // (p27)
+{ .mib; (p26)   st8             [r14]=r39,8             // *(rp2++)
+        (p42)   cmp.leu         p41,p39=r39,r35         // (p27)
+        br.ctop.sptk    .L_bn_mul_add_words_ctop};;
+.L_bn_mul_add_words_cend:
+
+{ .mmi; .pred.rel       "mutex",p40,p42
+(p40)   add             r8=r35,r0
+(p42)   add             r8=r35,r0,1
+        mov             pr=r9,0x1ffff   }
+{ .mib; rum             1<<5            // clear um.mfh
+        mov             ar.lc=r3
+        br.ret.sptk.many        b0      };;
+.endp   bn_mul_add_words#
+#endif
+
+#if 1
+//
+// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+//
+.global bn_sqr_words#
+.proc   bn_sqr_words#
+.align  64
+.skip   32      // makes the loop body aligned at 64-byte boundary 
+bn_sqr_words:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+{ .mii; alloc           r2=ar.pfs,3,0,0,0
+        sxt4            r34=r34         };;
+{ .mii; cmp.le          p6,p0=r34,r0
+        mov             r8=r0           }       // return value
+{ .mfb; ADDP            r32=0,r32
+        nop.f           0x0
+(p6)    br.ret.spnt.many        b0      };;
+
+        .save   ar.lc,r3
+{ .mii; sub     r10=r34,r0,1
+        mov     r3=ar.lc
+        mov     r9=pr                   };;
+
+        .body
+{ .mib; ADDP            r33=0,r33
+        mov             pr.rot=1<<16
+        brp.loop.imp    .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
+                                        }
+{ .mii; add             r34=8,r32
+        mov             ar.lc=r10
+        mov             ar.ec=18        };;
+
+// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
+// possible to compress the epilogue (I'm getting tired to write this
+// comment over and over) and get down to 2*n+16 at the cost of
+// scalability. The decision will very likely be reconsidered after the
+// benchmark program is profiled. I.e. if perfomance gain on Itanium
+// will appear larger than loss on "wider" IA-64, then the loop should
+// be explicitely split and the epilogue compressed.
+.L_bn_sqr_words_ctop:
+{ .mfi; (p16)   ldf8            f32=[r33],8
+        (p25)   xmpy.lu         f42=f41,f41
+        (p0)    nop.i           0x0             }
+{ .mib; (p33)   stf8            [r32]=f50,16
+        (p0)    nop.i           0x0
+        (p0)    nop.b           0x0             }
+{ .mfi; (p0)    nop.m           0x0
+        (p25)   xmpy.hu         f52=f41,f41
+        (p0)    nop.i           0x0             }
+{ .mib; (p33)   stf8            [r34]=f60,16
+        (p0)    nop.i           0x0
+        br.ctop.sptk    .L_bn_sqr_words_ctop    };;
+.L_bn_sqr_words_cend:
+
+{ .mii; nop.m           0x0
+        mov             pr=r9,0x1ffff
+        mov             ar.lc=r3        }
+{ .mfb; rum             1<<5            // clear um.mfh
+        nop.f           0x0
+        br.ret.sptk.many        b0      };;
+.endp   bn_sqr_words#
+#endif
+
+#if 1
+// Apparently we win nothing by implementing special bn_sqr_comba8.
+// Yes, it is possible to reduce the number of multiplications by
+// almost factor of two, but then the amount of additions would
+// increase by factor of two (as we would have to perform those
+// otherwise performed by xma ourselves). Normally we would trade
+// anyway as multiplications are way more expensive, but not this
+// time... Multiplication kernel is fully pipelined and as we drain
+// one 128-bit multiplication result per clock cycle multiplications
+// are effectively as inexpensive as additions. Special implementation
+// might become of interest for "wider" IA-64 implementation as you'll
+// be able to get through the multiplication phase faster (there won't
+// be any stall issues as discussed in the commentary section below and
+// you therefore will be able to employ all 4 FP units)... But these
+// Itanium days it's simply too hard to justify the effort so I just
+// drop down to bn_mul_comba8 code:-)
+//
+// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+//
+.global bn_sqr_comba8#
+.proc   bn_sqr_comba8#
+.align  64
+bn_sqr_comba8:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc   r2=ar.pfs,2,1,0,0
+        addp4   r33=0,r33
+        addp4   r32=0,r32               };;
+{ .mii;
+#else
+{ .mii; alloc   r2=ar.pfs,2,1,0,0
+#endif
+        mov     r34=r33
+        add     r14=8,r33               };;
+        .body
+{ .mii; add     r17=8,r34
+        add     r15=16,r33
+        add     r18=16,r34              }
+{ .mfb; add     r16=24,r33
+        br      .L_cheat_entry_point8   };;
+.endp   bn_sqr_comba8#
+#endif
+
+#if 1
+// I've estimated this routine to run in ~120 ticks, but in reality
+// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
+// cycles consumed for instructions fetch? Or did I misinterpret some
+// clause in Itanium µ-architecture manual? Comments are welcomed and
+// highly appreciated.
+//
+// On Itanium 2 it takes ~190 ticks. This is because of stalls on
+// result from getf.sig. I do nothing about it at this point for
+// reasons depicted below.
+//
+// However! It should be noted that even 160 ticks is darn good result
+// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
+// C version (compiled with gcc with inline assembler). I really
+// kicked compiler's butt here, didn't I? Yeah! This brings us to the
+// following statement. It's damn shame that this routine isn't called
+// very often nowadays! According to the profiler most CPU time is
+// consumed by bn_mul_add_words called from BN_from_montgomery. In
+// order to estimate what we're missing, I've compared the performance
+// of this routine against "traditional" implementation, i.e. against
+// following routine:
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+// {    r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
+//      r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+//      r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+//      r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+//      r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+//      r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+//      r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+//      r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+// }
+//
+// The one below is over 8 times faster than the one above:-( Even
+// more reasons to "combafy" bn_mul_add_mont...
+//
+// And yes, this routine really made me wish there were an optimizing
+// assembler! It also feels like it deserves a dedication.
+//
+//      To my wife for being there and to my kids...
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define carry1  r14
+#define carry2  r15
+#define carry3  r34
+.global bn_mul_comba8#
+.proc   bn_mul_comba8#
+.align  64
+bn_mul_comba8:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc   r2=ar.pfs,3,0,0,0
+        addp4   r33=0,r33
+        addp4   r34=0,r34               };;
+{ .mii; addp4   r32=0,r32
+#else
+{ .mii; alloc   r2=ar.pfs,3,0,0,0
+#endif
+        add     r14=8,r33
+        add     r17=8,r34               }
+        .body
+{ .mii; add     r15=16,r33
+        add     r18=16,r34
+        add     r16=24,r33              }
+.L_cheat_entry_point8:
+{ .mmi; add     r19=24,r34
+
+        ldf8    f32=[r33],32            };;
+
+{ .mmi; ldf8    f120=[r34],32
+        ldf8    f121=[r17],32           }
+{ .mmi; ldf8    f122=[r18],32
+        ldf8    f123=[r19],32           };;
+{ .mmi; ldf8    f124=[r34]
+        ldf8    f125=[r17]              }
+{ .mmi; ldf8    f126=[r18]
+        ldf8    f127=[r19]              }
+
+{ .mmi; ldf8    f33=[r14],32
+        ldf8    f34=[r15],32            }
+{ .mmi; ldf8    f35=[r16],32;;
+        ldf8    f36=[r33]               }
+{ .mmi; ldf8    f37=[r14]
+        ldf8    f38=[r15]               }
+{ .mfi; ldf8    f39=[r16]
+// -------\ Entering multiplier's heaven /-------
+// ------------\                    /------------
+// -----------------\          /-----------------
+// ----------------------\/----------------------
+                xma.hu  f41=f32,f120,f0         }
+{ .mfi;         xma.lu  f40=f32,f120,f0         };; // (*)
+{ .mfi;         xma.hu  f51=f32,f121,f0         }
+{ .mfi;         xma.lu  f50=f32,f121,f0         };;
+{ .mfi;         xma.hu  f61=f32,f122,f0         }
+{ .mfi;         xma.lu  f60=f32,f122,f0         };;
+{ .mfi;         xma.hu  f71=f32,f123,f0         }
+{ .mfi;         xma.lu  f70=f32,f123,f0         };;
+{ .mfi;         xma.hu  f81=f32,f124,f0         }
+{ .mfi;         xma.lu  f80=f32,f124,f0         };;
+{ .mfi;         xma.hu  f91=f32,f125,f0         }
+{ .mfi;         xma.lu  f90=f32,f125,f0         };;
+{ .mfi;         xma.hu  f101=f32,f126,f0        }
+{ .mfi;         xma.lu  f100=f32,f126,f0        };;
+{ .mfi;         xma.hu  f111=f32,f127,f0        }
+{ .mfi;         xma.lu  f110=f32,f127,f0        };;//
+// (*)  You can argue that splitting at every second bundle would
+//      prevent "wider" IA-64 implementations from achieving the peak
+//      performance. Well, not really... The catch is that if you
+//      intend to keep 4 FP units busy by splitting at every fourth
+//      bundle and thus perform these 16 multiplications in 4 ticks,
+//      the first bundle *below* would stall because the result from
+//      the first xma bundle *above* won't be available for another 3
+//      ticks (if not more, being an optimist, I assume that "wider"
+//      implementation will have same latency:-). This stall will hold
+//      you back and the performance would be as if every second bundle
+//      were split *anyway*...
+{ .mfi; getf.sig        r16=f40
+                xma.hu  f42=f33,f120,f41
+        add             r33=8,r32               }
+{ .mfi;         xma.lu  f41=f33,f120,f41        };;
+{ .mfi; getf.sig        r24=f50
+                xma.hu  f52=f33,f121,f51        }
+{ .mfi;         xma.lu  f51=f33,f121,f51        };;
+{ .mfi; st8             [r32]=r16,16
+                xma.hu  f62=f33,f122,f61        }
+{ .mfi;         xma.lu  f61=f33,f122,f61        };;
+{ .mfi;         xma.hu  f72=f33,f123,f71        }
+{ .mfi;         xma.lu  f71=f33,f123,f71        };;
+{ .mfi;         xma.hu  f82=f33,f124,f81        }
+{ .mfi;         xma.lu  f81=f33,f124,f81        };;
+{ .mfi;         xma.hu  f92=f33,f125,f91        }
+{ .mfi;         xma.lu  f91=f33,f125,f91        };;
+{ .mfi;         xma.hu  f102=f33,f126,f101      }
+{ .mfi;         xma.lu  f101=f33,f126,f101      };;
+{ .mfi;         xma.hu  f112=f33,f127,f111      }
+{ .mfi;         xma.lu  f111=f33,f127,f111      };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r25=f41
+                xma.hu  f43=f34,f120,f42        }
+{ .mfi;         xma.lu  f42=f34,f120,f42        };;
+{ .mfi; getf.sig        r16=f60
+                xma.hu  f53=f34,f121,f52        }
+{ .mfi;         xma.lu  f52=f34,f121,f52        };;
+{ .mfi; getf.sig        r17=f51
+                xma.hu  f63=f34,f122,f62
+        add             r25=r25,r24             }
+{ .mfi;         xma.lu  f62=f34,f122,f62
+        mov             carry1=0                };;
+{ .mfi; cmp.ltu         p6,p0=r25,r24
+                xma.hu  f73=f34,f123,f72        }
+{ .mfi;         xma.lu  f72=f34,f123,f72        };;
+{ .mfi; st8             [r33]=r25,16
+                xma.hu  f83=f34,f124,f82
+(p6)    add             carry1=1,carry1         }
+{ .mfi;         xma.lu  f82=f34,f124,f82        };;
+{ .mfi;         xma.hu  f93=f34,f125,f92        }
+{ .mfi;         xma.lu  f92=f34,f125,f92        };;
+{ .mfi;         xma.hu  f103=f34,f126,f102      }
+{ .mfi;         xma.lu  f102=f34,f126,f102      };;
+{ .mfi;         xma.hu  f113=f34,f127,f112      }
+{ .mfi;         xma.lu  f112=f34,f127,f112      };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r18=f42
+                xma.hu  f44=f35,f120,f43
+        add             r17=r17,r16             }
+{ .mfi;         xma.lu  f43=f35,f120,f43        };;
+{ .mfi; getf.sig        r24=f70
+                xma.hu  f54=f35,f121,f53        }
+{ .mfi; mov             carry2=0
+                xma.lu  f53=f35,f121,f53        };;
+{ .mfi; getf.sig        r25=f61
+                xma.hu  f64=f35,f122,f63
+        cmp.ltu         p7,p0=r17,r16           }
+{ .mfi; add             r18=r18,r17
+                xma.lu  f63=f35,f122,f63        };;
+{ .mfi; getf.sig        r26=f52
+                xma.hu  f74=f35,f123,f73
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r18,r17
+                xma.lu  f73=f35,f123,f73
+        add             r18=r18,carry1          };;
+{ .mfi;
+                xma.hu  f84=f35,f124,f83
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r18,carry1
+                xma.lu  f83=f35,f124,f83        };;
+{ .mfi; st8             [r32]=r18,16
+                xma.hu  f94=f35,f125,f93
+(p7)    add             carry2=1,carry2         }
+{ .mfi;         xma.lu  f93=f35,f125,f93        };;
+{ .mfi;         xma.hu  f104=f35,f126,f103      }
+{ .mfi;         xma.lu  f103=f35,f126,f103      };;
+{ .mfi;         xma.hu  f114=f35,f127,f113      }
+{ .mfi; mov             carry1=0
+                xma.lu  f113=f35,f127,f113
+        add             r25=r25,r24             };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r27=f43
+                xma.hu  f45=f36,f120,f44
+        cmp.ltu         p6,p0=r25,r24           }
+{ .mfi;         xma.lu  f44=f36,f120,f44        
+        add             r26=r26,r25             };;
+{ .mfi; getf.sig        r16=f80
+                xma.hu  f55=f36,f121,f54
+(p6)    add             carry1=1,carry1         }
+{ .mfi;         xma.lu  f54=f36,f121,f54        };;
+{ .mfi; getf.sig        r17=f71
+                xma.hu  f65=f36,f122,f64
+        cmp.ltu         p6,p0=r26,r25           }
+{ .mfi;         xma.lu  f64=f36,f122,f64
+        add             r27=r27,r26             };;
+{ .mfi; getf.sig        r18=f62
+                xma.hu  f75=f36,f123,f74
+(p6)    add             carry1=1,carry1         }
+{ .mfi; cmp.ltu         p6,p0=r27,r26
+                xma.lu  f74=f36,f123,f74
+        add             r27=r27,carry2          };;
+{ .mfi; getf.sig        r19=f53
+                xma.hu  f85=f36,f124,f84
+(p6)    add             carry1=1,carry1         }
+{ .mfi;         xma.lu  f84=f36,f124,f84
+        cmp.ltu         p6,p0=r27,carry2        };;
+{ .mfi; st8             [r33]=r27,16
+                xma.hu  f95=f36,f125,f94
+(p6)    add             carry1=1,carry1         }
+{ .mfi;         xma.lu  f94=f36,f125,f94        };;
+{ .mfi;         xma.hu  f105=f36,f126,f104      }
+{ .mfi; mov             carry2=0
+                xma.lu  f104=f36,f126,f104
+        add             r17=r17,r16             };;
+{ .mfi;         xma.hu  f115=f36,f127,f114
+        cmp.ltu         p7,p0=r17,r16           }
+{ .mfi;         xma.lu  f114=f36,f127,f114
+        add             r18=r18,r17             };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r20=f44
+                xma.hu  f46=f37,f120,f45
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r18,r17
+                xma.lu  f45=f37,f120,f45
+        add             r19=r19,r18             };;
+{ .mfi; getf.sig        r24=f90
+                xma.hu  f56=f37,f121,f55        }
+{ .mfi;         xma.lu  f55=f37,f121,f55        };;
+{ .mfi; getf.sig        r25=f81
+                xma.hu  f66=f37,f122,f65
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r19,r18
+                xma.lu  f65=f37,f122,f65
+        add             r20=r20,r19             };;
+{ .mfi; getf.sig        r26=f72
+                xma.hu  f76=f37,f123,f75
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r20,r19
+                xma.lu  f75=f37,f123,f75
+        add             r20=r20,carry1          };;
+{ .mfi; getf.sig        r27=f63
+                xma.hu  f86=f37,f124,f85
+(p7)    add             carry2=1,carry2         }
+{ .mfi;         xma.lu  f85=f37,f124,f85
+        cmp.ltu         p7,p0=r20,carry1        };;
+{ .mfi; getf.sig        r28=f54
+                xma.hu  f96=f37,f125,f95
+(p7)    add             carry2=1,carry2         }
+{ .mfi; st8             [r32]=r20,16
+                xma.lu  f95=f37,f125,f95        };;
+{ .mfi;         xma.hu  f106=f37,f126,f105      }
+{ .mfi; mov             carry1=0
+                xma.lu  f105=f37,f126,f105
+        add             r25=r25,r24             };;
+{ .mfi;         xma.hu  f116=f37,f127,f115
+        cmp.ltu         p6,p0=r25,r24           }
+{ .mfi;         xma.lu  f115=f37,f127,f115
+        add             r26=r26,r25             };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r29=f45
+                xma.hu  f47=f38,f120,f46
+(p6)    add             carry1=1,carry1         }
+{ .mfi; cmp.ltu         p6,p0=r26,r25
+                xma.lu  f46=f38,f120,f46
+        add             r27=r27,r26             };;
+{ .mfi; getf.sig        r16=f100
+                xma.hu  f57=f38,f121,f56
+(p6)    add             carry1=1,carry1         }
+{ .mfi; cmp.ltu         p6,p0=r27,r26
+                xma.lu  f56=f38,f121,f56
+        add             r28=r28,r27             };;
+{ .mfi; getf.sig        r17=f91
+                xma.hu  f67=f38,f122,f66
+(p6)    add             carry1=1,carry1         }
+{ .mfi; cmp.ltu         p6,p0=r28,r27
+                xma.lu  f66=f38,f122,f66
+        add             r29=r29,r28             };;
+{ .mfi; getf.sig        r18=f82
+                xma.hu  f77=f38,f123,f76
+(p6)    add             carry1=1,carry1         }
+{ .mfi; cmp.ltu         p6,p0=r29,r28
+                xma.lu  f76=f38,f123,f76
+        add             r29=r29,carry2          };;
+{ .mfi; getf.sig        r19=f73
+                xma.hu  f87=f38,f124,f86
+(p6)    add             carry1=1,carry1         }
+{ .mfi;         xma.lu  f86=f38,f124,f86
+        cmp.ltu         p6,p0=r29,carry2        };;
+{ .mfi; getf.sig        r20=f64
+                xma.hu  f97=f38,f125,f96
+(p6)    add             carry1=1,carry1         }
+{ .mfi; st8             [r33]=r29,16
+                xma.lu  f96=f38,f125,f96        };;
+{ .mfi; getf.sig        r21=f55
+                xma.hu  f107=f38,f126,f106      }
+{ .mfi; mov             carry2=0
+                xma.lu  f106=f38,f126,f106
+        add             r17=r17,r16             };;
+{ .mfi;         xma.hu  f117=f38,f127,f116
+        cmp.ltu         p7,p0=r17,r16           }
+{ .mfi;         xma.lu  f116=f38,f127,f116
+        add             r18=r18,r17             };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r22=f46
+                xma.hu  f48=f39,f120,f47
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r18,r17
+                xma.lu  f47=f39,f120,f47
+        add             r19=r19,r18             };;
+{ .mfi; getf.sig        r24=f110
+                xma.hu  f58=f39,f121,f57
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r19,r18
+                xma.lu  f57=f39,f121,f57
+        add             r20=r20,r19             };;
+{ .mfi; getf.sig        r25=f101
+                xma.hu  f68=f39,f122,f67
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r20,r19
+                xma.lu  f67=f39,f122,f67
+        add             r21=r21,r20             };;
+{ .mfi; getf.sig        r26=f92
+                xma.hu  f78=f39,f123,f77
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r21,r20
+                xma.lu  f77=f39,f123,f77
+        add             r22=r22,r21             };;
+{ .mfi; getf.sig        r27=f83
+                xma.hu  f88=f39,f124,f87
+(p7)    add             carry2=1,carry2         }
+{ .mfi; cmp.ltu         p7,p0=r22,r21
+                xma.lu  f87=f39,f124,f87
+        add             r22=r22,carry1          };;
+{ .mfi; getf.sig        r28=f74
+                xma.hu  f98=f39,f125,f97
+(p7)    add             carry2=1,carry2         }
+{ .mfi;         xma.lu  f97=f39,f125,f97
+        cmp.ltu         p7,p0=r22,carry1        };;
+{ .mfi; getf.sig        r29=f65
+                xma.hu  f108=f39,f126,f107
+(p7)    add             carry2=1,carry2         }
+{ .mfi; st8             [r32]=r22,16
+                xma.lu  f107=f39,f126,f107      };;
+{ .mfi; getf.sig        r30=f56
+                xma.hu  f118=f39,f127,f117      }
+{ .mfi;         xma.lu  f117=f39,f127,f117      };;//
+//-------------------------------------------------//
+// Leaving muliplier's heaven... Quite a ride, huh?
+
+{ .mii; getf.sig        r31=f47
+        add             r25=r25,r24
+        mov             carry1=0                };;
+{ .mii;         getf.sig        r16=f111
+        cmp.ltu         p6,p0=r25,r24
+        add             r26=r26,r25             };;
+{ .mfb;         getf.sig        r17=f102        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,r25
+        add             r27=r27,r26             };;
+{ .mfb; nop.m   0x0                             }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r27,r26
+        add             r28=r28,r27             };;
+{ .mii;         getf.sig        r18=f93
+                add             r17=r17,r16
+                mov             carry3=0        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r28,r27
+        add             r29=r29,r28             };;
+{ .mii;         getf.sig        r19=f84
+                cmp.ltu         p7,p0=r17,r16   }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r29,r28
+        add             r30=r30,r29             };;
+{ .mii;         getf.sig        r20=f75
+                add             r18=r18,r17     }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r30,r29
+        add             r31=r31,r30             };;
+{ .mfb;         getf.sig        r21=f66         }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r18,r17
+                add             r19=r19,r18     }
+{ .mfb; nop.m   0x0                             }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r31,r30
+        add             r31=r31,carry2          };;
+{ .mfb;         getf.sig        r22=f57         }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r19,r18
+                add             r20=r20,r19     }
+{ .mfb; nop.m   0x0                             }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r31,carry2        };;
+{ .mfb;         getf.sig        r23=f48         }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r20,r19
+                add             r21=r21,r20     }
+{ .mii;
+(p6)    add             carry1=1,carry1         }
+{ .mfb; st8             [r33]=r31,16            };;
+
+{ .mfb; getf.sig        r24=f112                }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r21,r20
+                add             r22=r22,r21     };;
+{ .mfb; getf.sig        r25=f103                }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r22,r21
+                add             r23=r23,r22     };;
+{ .mfb; getf.sig        r26=f94                 }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r23,r22
+                add             r23=r23,carry1  };;
+{ .mfb; getf.sig        r27=f85                 }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p8=r23,carry1};;
+{ .mii; getf.sig        r28=f76
+        add             r25=r25,r24
+        mov             carry1=0                }
+{ .mii;         st8             [r32]=r23,16
+        (p7)    add             carry2=1,carry3
+        (p8)    add             carry2=0,carry3 };;
+
+{ .mfb; nop.m   0x0                             }
+{ .mii; getf.sig        r29=f67
+        cmp.ltu         p6,p0=r25,r24
+        add             r26=r26,r25             };;
+{ .mfb; getf.sig        r30=f58                 }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,r25
+        add             r27=r27,r26             };;
+{ .mfb;         getf.sig        r16=f113        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r27,r26
+        add             r28=r28,r27             };;
+{ .mfb;         getf.sig        r17=f104        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r28,r27
+        add             r29=r29,r28             };;
+{ .mfb;         getf.sig        r18=f95         }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r29,r28
+        add             r30=r30,r29             };;
+{ .mii;         getf.sig        r19=f86
+                add             r17=r17,r16
+                mov             carry3=0        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r30,r29
+        add             r30=r30,carry2          };;
+{ .mii;         getf.sig        r20=f77
+                cmp.ltu         p7,p0=r17,r16
+                add             r18=r18,r17     }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r30,carry2        };;
+{ .mfb;         getf.sig        r21=f68         }
+{ .mii; st8             [r33]=r30,16
+(p6)    add             carry1=1,carry1         };;
+
+{ .mfb; getf.sig        r24=f114                }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r18,r17
+                add             r19=r19,r18     };;
+{ .mfb; getf.sig        r25=f105                }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r19,r18
+                add             r20=r20,r19     };;
+{ .mfb; getf.sig        r26=f96                 }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r20,r19
+                add             r21=r21,r20     };;
+{ .mfb; getf.sig        r27=f87                 }
+{ .mii; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p0=r21,r20
+                add             r21=r21,carry1  };;
+{ .mib; getf.sig        r28=f78                 
+        add             r25=r25,r24             }
+{ .mib; (p7)    add             carry3=1,carry3
+                cmp.ltu         p7,p8=r21,carry1};;
+{ .mii;         st8             [r32]=r21,16
+        (p7)    add             carry2=1,carry3
+        (p8)    add             carry2=0,carry3 }
+
+{ .mii; mov             carry1=0
+        cmp.ltu         p6,p0=r25,r24
+        add             r26=r26,r25             };;
+{ .mfb;         getf.sig        r16=f115        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,r25
+        add             r27=r27,r26             };;
+{ .mfb;         getf.sig        r17=f106        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r27,r26
+        add             r28=r28,r27             };;
+{ .mfb;         getf.sig        r18=f97         }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r28,r27
+        add             r28=r28,carry2          };;
+{ .mib;         getf.sig        r19=f88
+                add             r17=r17,r16     }
+{ .mib;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r28,carry2        };;
+{ .mii; st8             [r33]=r28,16
+(p6)    add             carry1=1,carry1         }
+
+{ .mii;         mov             carry2=0
+                cmp.ltu         p7,p0=r17,r16
+                add             r18=r18,r17     };;
+{ .mfb; getf.sig        r24=f116                }
+{ .mii; (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r18,r17
+                add             r19=r19,r18     };;
+{ .mfb; getf.sig        r25=f107                }
+{ .mii; (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r19,r18
+                add             r19=r19,carry1  };;
+{ .mfb; getf.sig        r26=f98                 }
+{ .mii; (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r19,carry1};;
+{ .mii;         st8             [r32]=r19,16
+        (p7)    add             carry2=1,carry2 }
+
+{ .mfb; add             r25=r25,r24             };;
+
+{ .mfb;         getf.sig        r16=f117        }
+{ .mii; mov             carry1=0
+        cmp.ltu         p6,p0=r25,r24
+        add             r26=r26,r25             };;
+{ .mfb;         getf.sig        r17=f108        }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,r25
+        add             r26=r26,carry2          };;
+{ .mfb; nop.m   0x0                             }
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,carry2        };;
+{ .mii; st8             [r33]=r26,16
+(p6)    add             carry1=1,carry1         }
+
+{ .mfb;         add             r17=r17,r16     };;
+{ .mfb; getf.sig        r24=f118                }
+{ .mii;         mov             carry2=0
+                cmp.ltu         p7,p0=r17,r16
+                add             r17=r17,carry1  };;
+{ .mii; (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r17,carry1};;
+{ .mii;         st8             [r32]=r17
+        (p7)    add             carry2=1,carry2 };;
+{ .mfb; add             r24=r24,carry2          };;
+{ .mib; st8             [r33]=r24               }
+
+{ .mib; rum             1<<5            // clear um.mfh
+        br.ret.sptk.many        b0      };;
+.endp   bn_mul_comba8#
+#undef  carry3
+#undef  carry2
+#undef  carry1
+#endif
+
+#if 1
+// It's possible to make it faster (see comment to bn_sqr_comba8), but
+// I reckon it doesn't worth the effort. Basically because the routine
+// (actually both of them) practically never called... So I just play
+// same trick as with bn_sqr_comba8.
+//
+// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+//
+.global bn_sqr_comba4#
+.proc   bn_sqr_comba4#
+.align  64
+bn_sqr_comba4:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc   r2=ar.pfs,2,1,0,0
+        addp4   r32=0,r32
+        addp4   r33=0,r33               };;
+{ .mii;
+#else
+{ .mii; alloc   r2=ar.pfs,2,1,0,0
+#endif
+        mov     r34=r33
+        add     r14=8,r33               };;
+        .body
+{ .mii; add     r17=8,r34
+        add     r15=16,r33
+        add     r18=16,r34              }
+{ .mfb; add     r16=24,r33
+        br      .L_cheat_entry_point4   };;
+.endp   bn_sqr_comba4#
+#endif
+
+#if 1
+// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
+//
+// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define carry1  r14
+#define carry2  r15
+.global bn_mul_comba4#
+.proc   bn_mul_comba4#
+.align  64
+bn_mul_comba4:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+{ .mii; alloc   r2=ar.pfs,3,0,0,0
+        addp4   r33=0,r33
+        addp4   r34=0,r34               };;
+{ .mii; addp4   r32=0,r32
+#else
+{ .mii; alloc   r2=ar.pfs,3,0,0,0
+#endif
+        add     r14=8,r33
+        add     r17=8,r34               }
+        .body
+{ .mii; add     r15=16,r33
+        add     r18=16,r34
+        add     r16=24,r33              };;
+.L_cheat_entry_point4:
+{ .mmi; add     r19=24,r34
+
+        ldf8    f32=[r33]               }
+
+{ .mmi; ldf8    f120=[r34]
+        ldf8    f121=[r17]              };;
+{ .mmi; ldf8    f122=[r18]
+        ldf8    f123=[r19]              }
+
+{ .mmi; ldf8    f33=[r14]
+        ldf8    f34=[r15]               }
+{ .mfi; ldf8    f35=[r16]
+
+                xma.hu  f41=f32,f120,f0         }
+{ .mfi;         xma.lu  f40=f32,f120,f0         };;
+{ .mfi;         xma.hu  f51=f32,f121,f0         }
+{ .mfi;         xma.lu  f50=f32,f121,f0         };;
+{ .mfi;         xma.hu  f61=f32,f122,f0         }
+{ .mfi;         xma.lu  f60=f32,f122,f0         };;
+{ .mfi;         xma.hu  f71=f32,f123,f0         }
+{ .mfi;         xma.lu  f70=f32,f123,f0         };;//
+// Major stall takes place here, and 3 more places below. Result from
+// first xma is not available for another 3 ticks.
+{ .mfi; getf.sig        r16=f40
+                xma.hu  f42=f33,f120,f41
+        add             r33=8,r32               }
+{ .mfi;         xma.lu  f41=f33,f120,f41        };;
+{ .mfi; getf.sig        r24=f50
+                xma.hu  f52=f33,f121,f51        }
+{ .mfi;         xma.lu  f51=f33,f121,f51        };;
+{ .mfi; st8             [r32]=r16,16
+                xma.hu  f62=f33,f122,f61        }
+{ .mfi;         xma.lu  f61=f33,f122,f61        };;
+{ .mfi;         xma.hu  f72=f33,f123,f71        }
+{ .mfi;         xma.lu  f71=f33,f123,f71        };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r25=f41
+                xma.hu  f43=f34,f120,f42        }
+{ .mfi;         xma.lu  f42=f34,f120,f42        };;
+{ .mfi; getf.sig        r16=f60
+                xma.hu  f53=f34,f121,f52        }
+{ .mfi;         xma.lu  f52=f34,f121,f52        };;
+{ .mfi; getf.sig        r17=f51
+                xma.hu  f63=f34,f122,f62
+        add             r25=r25,r24             }
+{ .mfi; mov             carry1=0
+                xma.lu  f62=f34,f122,f62        };;
+{ .mfi; st8             [r33]=r25,16
+                xma.hu  f73=f34,f123,f72
+        cmp.ltu         p6,p0=r25,r24           }
+{ .mfi;         xma.lu  f72=f34,f123,f72        };;//
+//-------------------------------------------------//
+{ .mfi; getf.sig        r18=f42
+                xma.hu  f44=f35,f120,f43
+(p6)    add             carry1=1,carry1         }
+{ .mfi; add             r17=r17,r16
+                xma.lu  f43=f35,f120,f43
+        mov             carry2=0                };;
+{ .mfi; getf.sig        r24=f70
+                xma.hu  f54=f35,f121,f53
+        cmp.ltu         p7,p0=r17,r16           }
+{ .mfi;         xma.lu  f53=f35,f121,f53        };;
+{ .mfi; getf.sig        r25=f61
+                xma.hu  f64=f35,f122,f63
+        add             r18=r18,r17             }
+{ .mfi;         xma.lu  f63=f35,f122,f63
+(p7)    add             carry2=1,carry2         };;
+{ .mfi; getf.sig        r26=f52
+                xma.hu  f74=f35,f123,f73
+        cmp.ltu         p7,p0=r18,r17           }
+{ .mfi;         xma.lu  f73=f35,f123,f73
+        add             r18=r18,carry1          };;
+//-------------------------------------------------//
+{ .mii; st8             [r32]=r18,16
+(p7)    add             carry2=1,carry2
+        cmp.ltu         p7,p0=r18,carry1        };;
+
+{ .mfi; getf.sig        r27=f43 // last major stall
+(p7)    add             carry2=1,carry2         };;
+{ .mii;         getf.sig        r16=f71
+        add             r25=r25,r24
+        mov             carry1=0                };;
+{ .mii;         getf.sig        r17=f62 
+        cmp.ltu         p6,p0=r25,r24
+        add             r26=r26,r25             };;
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,r25
+        add             r27=r27,r26             };;
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r27,r26
+        add             r27=r27,carry2          };;
+{ .mii;         getf.sig        r18=f53
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r27,carry2        };;
+{ .mfi; st8             [r33]=r27,16
+(p6)    add             carry1=1,carry1         }
+
+{ .mii;         getf.sig        r19=f44
+                add             r17=r17,r16
+                mov             carry2=0        };;
+{ .mii; getf.sig        r24=f72
+                cmp.ltu         p7,p0=r17,r16
+                add             r18=r18,r17     };;
+{ .mii; (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r18,r17
+                add             r19=r19,r18     };;
+{ .mii; (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r19,r18
+                add             r19=r19,carry1  };;
+{ .mii; getf.sig        r25=f63
+        (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r19,carry1};;
+{ .mii;         st8             [r32]=r19,16
+        (p7)    add             carry2=1,carry2 }
+
+{ .mii; getf.sig        r26=f54
+        add             r25=r25,r24
+        mov             carry1=0                };;
+{ .mii;         getf.sig        r16=f73
+        cmp.ltu         p6,p0=r25,r24
+        add             r26=r26,r25             };;
+{ .mii;
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,r25
+        add             r26=r26,carry2          };;
+{ .mii;         getf.sig        r17=f64
+(p6)    add             carry1=1,carry1
+        cmp.ltu         p6,p0=r26,carry2        };;
+{ .mii; st8             [r33]=r26,16
+(p6)    add             carry1=1,carry1         }
+
+{ .mii; getf.sig        r24=f74
+                add             r17=r17,r16     
+                mov             carry2=0        };;
+{ .mii;         cmp.ltu         p7,p0=r17,r16
+                add             r17=r17,carry1  };;
+
+{ .mii; (p7)    add             carry2=1,carry2
+                cmp.ltu         p7,p0=r17,carry1};;
+{ .mii;         st8             [r32]=r17,16
+        (p7)    add             carry2=1,carry2 };;
+
+{ .mii; add             r24=r24,carry2          };;
+{ .mii; st8             [r33]=r24               }
+
+{ .mib; rum             1<<5            // clear um.mfh
+        br.ret.sptk.many        b0      };;
+.endp   bn_mul_comba4#
+#undef  carry2
+#undef  carry1
+#endif
+
+#if 1
+//
+// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+//
+// In the nutshell it's a port of my MIPS III/IV implementation.
+//
+#define AT      r14
+#define H       r16
+#define HH      r20
+#define L       r17
+#define D       r18
+#define DH      r22
+#define I       r21
+
+#if 0
+// Some preprocessors (most notably HP-UX) appear to be allergic to
+// macros enclosed to parenthesis [as these three were].
+#define cont    p16
+#define break   p0      // p20
+#define equ     p24
+#else
+cont=p16
+break=p0
+equ=p24
+#endif
+
+.global abort#
+.global bn_div_words#
+.proc   bn_div_words#
+.align  64
+bn_div_words:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r2
+        .save   b0,r3
+{ .mii; alloc           r2=ar.pfs,3,5,0,8
+        mov             r3=b0
+        mov             r10=pr          };;
+{ .mmb; cmp.eq          p6,p0=r34,r0
+        mov             r8=-1
+(p6)    br.ret.spnt.many        b0      };;
+
+        .body
+{ .mii; mov             H=r32           // save h
+        mov             ar.ec=0         // don't rotate at exit
+        mov             pr.rot=0        }
+{ .mii; mov             L=r33           // save l
+        mov             r36=r0          };;
+
+.L_divw_shift:  // -vv- note signed comparison
+{ .mfi; (p0)    cmp.lt          p16,p0=r0,r34   // d
+        (p0)    shladd          r33=r34,1,r0    }
+{ .mfb; (p0)    add             r35=1,r36
+        (p0)    nop.f           0x0
+(p16)   br.wtop.dpnt            .L_divw_shift   };;
+
+{ .mii; mov             D=r34
+        shr.u           DH=r34,32
+        sub             r35=64,r36              };;
+{ .mii; setf.sig        f7=DH
+        shr.u           AT=H,r35
+        mov             I=r36                   };;
+{ .mib; cmp.ne          p6,p0=r0,AT
+        shl             H=H,r36
+(p6)    br.call.spnt.clr        b0=abort        };;     // overflow, die...
+
+{ .mfi; fcvt.xuf.s1     f7=f7
+        shr.u           AT=L,r35                };;
+{ .mii; shl             L=L,r36
+        or              H=H,AT                  };;
+
+{ .mii; nop.m           0x0
+        cmp.leu         p6,p0=D,H;;
+(p6)    sub             H=H,D                   }
+
+{ .mlx; setf.sig        f14=D
+        movl            AT=0xffffffff           };;
+///////////////////////////////////////////////////////////
+{ .mii; setf.sig        f6=H
+        shr.u           HH=H,32;;
+        cmp.eq          p6,p7=HH,DH             };;
+{ .mfb;
+(p6)    setf.sig        f8=AT
+(p7)    fcvt.xuf.s1     f6=f6
+(p7)    br.call.sptk    b6=.L_udiv64_32_b6      };;
+
+{ .mfi; getf.sig        r33=f8                          // q
+        xmpy.lu         f9=f8,f14               }
+{ .mfi; xmpy.hu         f10=f8,f14
+        shrp            H=H,L,32                };;
+
+{ .mmi; getf.sig        r35=f9                          // tl
+        getf.sig        r31=f10                 };;     // th
+
+.L_divw_1st_iter:
+{ .mii; (p0)    add             r32=-1,r33
+        (p0)    cmp.eq          equ,cont=HH,r31         };;
+{ .mii; (p0)    cmp.ltu         p8,p0=r35,D
+        (p0)    sub             r34=r35,D
+        (equ)   cmp.leu         break,cont=r35,H        };;
+{ .mib; (cont)  cmp.leu         cont,break=HH,r31
+        (p8)    add             r31=-1,r31
+(cont)  br.wtop.spnt            .L_divw_1st_iter        };;
+///////////////////////////////////////////////////////////
+{ .mii; sub             H=H,r35
+        shl             r8=r33,32
+        shl             L=L,32                  };;
+///////////////////////////////////////////////////////////
+{ .mii; setf.sig        f6=H
+        shr.u           HH=H,32;;
+        cmp.eq          p6,p7=HH,DH             };;
+{ .mfb;
+(p6)    setf.sig        f8=AT
+(p7)    fcvt.xuf.s1     f6=f6
+(p7)    br.call.sptk    b6=.L_udiv64_32_b6      };;
+
+{ .mfi; getf.sig        r33=f8                          // q
+        xmpy.lu         f9=f8,f14               }
+{ .mfi; xmpy.hu         f10=f8,f14
+        shrp            H=H,L,32                };;
+
+{ .mmi; getf.sig        r35=f9                          // tl
+        getf.sig        r31=f10                 };;     // th
+
+.L_divw_2nd_iter:
+{ .mii; (p0)    add             r32=-1,r33
+        (p0)    cmp.eq          equ,cont=HH,r31         };;
+{ .mii; (p0)    cmp.ltu         p8,p0=r35,D
+        (p0)    sub             r34=r35,D
+        (equ)   cmp.leu         break,cont=r35,H        };;
+{ .mib; (cont)  cmp.leu         cont,break=HH,r31
+        (p8)    add             r31=-1,r31
+(cont)  br.wtop.spnt            .L_divw_2nd_iter        };;
+///////////////////////////////////////////////////////////
+{ .mii; sub     H=H,r35
+        or      r8=r8,r33
+        mov     ar.pfs=r2               };;
+{ .mii; shr.u   r9=H,I                  // remainder if anybody wants it
+        mov     pr=r10,0x1ffff          }
+{ .mfb; br.ret.sptk.many        b0      };;
+
+// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+// procedure.
+//
+// inputs:      f6 = (double)a, f7 = (double)b
+// output:      f8 = (int)(a/b)
+// clobbered:   f8,f9,f10,f11,pred
+pred=p15
+// One can argue that this snippet is copyrighted to Intel
+// Corporation, as it's essentially identical to one of those
+// found in "Divide, Square Root and Remainder" section at
+// http://www.intel.com/software/products/opensource/libraries/num.htm.
+// Yes, I admit that the referred code was used as template,
+// but after I realized that there hardly is any other instruction
+// sequence which would perform this operation. I mean I figure that
+// any independent attempt to implement high-performance division
+// will result in code virtually identical to the Intel code. It
+// should be noted though that below division kernel is 1 cycle
+// faster than Intel one (note commented splits:-), not to mention
+// original prologue (rather lack of one) and epilogue.
+.align  32
+.skip   16
+.L_udiv64_32_b6:
+        frcpa.s1        f8,pred=f6,f7;;         // [0]  y0 = 1 / b
+
+(pred)  fnma.s1         f9=f7,f8,f1             // [5]  e0 = 1 - b * y0
+(pred)  fmpy.s1         f10=f6,f8;;             // [5]  q0 = a * y0
+(pred)  fmpy.s1         f11=f9,f9               // [10] e1 = e0 * e0
+(pred)  fma.s1          f10=f9,f10,f10;;        // [10] q1 = q0 + e0 * q0
+(pred)  fma.s1          f8=f9,f8,f8     //;;    // [15] y1 = y0 + e0 * y0
+(pred)  fma.s1          f9=f11,f10,f10;;        // [15] q2 = q1 + e1 * q1
+(pred)  fma.s1          f8=f11,f8,f8    //;;    // [20] y2 = y1 + e1 * y1
+(pred)  fnma.s1         f10=f7,f9,f6;;          // [20] r2 = a - b * q2
+(pred)  fma.s1          f8=f10,f8,f9;;          // [25] q3 = q2 + r2 * y2
+
+        fcvt.fxu.trunc.s1       f8=f8           // [30] q = trunc(q3)
+        br.ret.sptk.many        b6;;
+.endp   bn_div_words#
+#endif
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2.s b/src/lib/libcrypto/bn/asm/pa-risc2.s
new file mode 100644
index 0000000000..f3b16290eb
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/pa-risc2.s
@@ -0,0 +1,1618 @@
+;
+; PA-RISC 2.0 implementation of bn_asm code, based on the
+; 64-bit version of the code.  This code is effectively the
+; same as the 64-bit version except the register model is
+; slightly different given all values must be 32-bit between
+; function calls.  Thus the 64-bit return values are returned
+; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
+;
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+        .level  2.0N
+        .space  $TEXT$
+        .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 32-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28,r29  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+n           .reg %r23
+
+;
+; Note that the "w" argument for bn_mul_add_words and bn_mul_words
+; is passed on the stack at a delta of -56 from the top of stack
+; as the routine is entered.
+;
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r23
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;                                                               int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg3 = num
+; -56(sp) =  w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
+bn_mul_add_words
+        .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+        .proc
+        .callinfo frame=128
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP                         ; Needed to make the loop 16-byte aligned
+        NOP                         ; needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+        NOP
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+
+    STD     %r8,40(%sp)         ; save r8  
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+        LDO     128(%sp),%sp        ; bump stack
+
+        ;
+        ; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+        ;
+        CMPIB,= 1,num,bn_mul_add_words_single_top
+        FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+        LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+        CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret1            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+        
+    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg3 = num
+; w on stack at -56(sp)
+
+bn_mul_words
+        .proc
+        .callinfo frame=128
+    .entry
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+        LDO     128(%sp),%sp    ; bump stack
+
+        ;
+        ; See if only 1 word to do, thus just do cleanup
+        ;
+        CMPIB,= 1,num,bn_mul_words_single_top
+        FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+        COPY    ht_1,%ret1                ; carry = ht
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret1                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; If only 1, the goto straight to cleanup
+        ;
+        CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+        .proc
+    .entry
+        .callinfo
+        .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_add_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_add_words_unroll2
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+        ADD     t,%ret1,t                    ; t = t+c;
+        ADD,DC  %r0,%r0,%ret1                ; set c to carry
+        ADD     t,b,l                        ; l = t + b[0]
+        ADD,DC  %ret1,%r0,%ret1              ; c+= carry
+        STD     l,0(r_ptr)
+
+        LDD     8(a_ptr),t
+        LDD     8(b_ptr),b
+        ADD     t,%ret1,t                     ; t = t+c;
+        ADD,DC  %r0,%r0,%ret1                 ; set c to carry
+        ADD     t,b,l                         ; l = t + b[0]
+        ADD,DC  %ret1,%r0,%ret1               ; c+= carry
+        STD     l,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_add_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+
+        ADD     t,%ret1,t                 ; t = t+c;
+        ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
+        ADD     t,b,l                     ; l = t + b[0]
+        ADD,DC  %ret1,%r0,%ret1           ; c+= carry
+        STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+        .proc
+        .callinfo 
+        .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_sub_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_sub_words_unroll2
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
+
+        CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret1
+        STD     sub_tmp1,0(r_ptr)
+
+        LDD     8(a_ptr),t1
+        LDD     8(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret1
+        STD     sub_tmp1,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_sub_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret1
+
+        STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just output from the HP C compiler.  
+;
+;------------------------------------------------------------------------------
+bn_div_words
+        .PROC
+        .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+        .IMPORT BN_num_bits_word,CODE
+        ;--- not PIC    .IMPORT __iob,DATA
+        ;--- not PIC    .IMPORT fprintf,CODE
+        .IMPORT abort,CODE
+        .IMPORT $$div2U,MILLICODE
+        .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+        .ENTRY
+        STW     %r2,-20(%r30)   ;offset 0x8ec
+        STW,MA  %r3,192(%r30)   ;offset 0x8f0
+        STW     %r4,-188(%r30)  ;offset 0x8f4
+        DEPD    %r5,31,32,%r6   ;offset 0x8f8
+        STD     %r6,-184(%r30)  ;offset 0x8fc
+        DEPD    %r7,31,32,%r8   ;offset 0x900
+        STD     %r8,-176(%r30)  ;offset 0x904
+        STW     %r9,-168(%r30)  ;offset 0x908
+        LDD     -248(%r30),%r3  ;offset 0x90c
+        COPY    %r26,%r4        ;offset 0x910
+        COPY    %r24,%r5        ;offset 0x914
+        DEPD    %r25,31,32,%r4  ;offset 0x918
+        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
+        DEPD    %r23,31,32,%r5  ;offset 0x920
+        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
+        EXTRD,U %r29,31,32,%r28 ;offset 0x928
+$0006002A
+        LDO     -1(%r29),%r29   ;offset 0x92c
+        SUB     %r23,%r7,%r23   ;offset 0x930
+$00060024
+        SUB     %r4,%r31,%r25   ;offset 0x934
+        AND     %r25,%r19,%r26  ;offset 0x938
+        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
+        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
+        OR      %r20,%r24,%r21  ;offset 0x944
+        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
+        SUB     %r31,%r2,%r31   ;offset 0x94c
+$00060046
+$0006002E
+        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
+        EXTRD,U %r23,31,32,%r26 ;offset 0x954
+        AND     %r25,%r19,%r24  ;offset 0x958
+        ADD,L   %r31,%r26,%r31  ;offset 0x95c
+        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
+        LDO     1(%r31),%r31    ;offset 0x964
+$00060032
+        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
+        LDO     -1(%r29),%r29   ;offset 0x96c
+        ADD,L   %r4,%r3,%r4     ;offset 0x970
+$00060036
+        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
+        SUB     %r5,%r24,%r28   ;offset 0x978
+$0006003A
+        SUB     %r4,%r31,%r24   ;offset 0x97c
+        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
+        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
+        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
+$0006001C
+        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
+        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
+        MOVB,TR %r6,%r29,$D1    ;offset 0x994
+        STD     %r29,-152(%r30) ;offset 0x998
+$0006000C
+        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
+        COPY    %r3,%r26        ;offset 0x9a0
+        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
+        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
+        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
+        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
+        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
+        LDI     64,%r20 ;offset 0x9b4
+        DEPD    %r7,31,32,%r5   ;offset 0x9b8
+        DEPD    %r8,31,32,%r4   ;offset 0x9bc
+        DEPD    %r9,31,32,%r3   ;offset 0x9c0
+        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
+        COPY    %r28,%r24       ;offset 0x9c8
+        MTSARCM %r24    ;offset 0x9cc
+        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
+        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
+$00060012
+        SUBI    64,%r24,%r31    ;offset 0x9d8
+        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
+        SUB     %r4,%r3,%r4     ;offset 0x9e0
+$00060016
+        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
+        COPY    %r0,%r9 ;offset 0x9e8
+        MTSARCM %r31    ;offset 0x9ec
+        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
+        SUBI    64,%r31,%r26    ;offset 0x9f4
+        MTSAR   %r26    ;offset 0x9f8
+        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
+        MTSARCM %r31    ;offset 0xa00
+        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
+$0006001A
+        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
+        AND     %r3,%r19,%r29   ;offset 0xa0c
+        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
+        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
+        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+$D2
+        ;--- not PIC    ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+        ;--- not PIC    LDIL    LR'C$7,%r21     ;offset 0xa24
+        ;--- not PIC    LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+        ;--- not PIC    .CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+        ;--- not PIC    B,L     fprintf,%r2     ;offset 0xa2c
+        ;--- not PIC    LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+        .CALL           ;
+        B,L     abort,%r2       ;offset 0xa34
+        NOP             ;offset 0xa38
+        B       $D3     ;offset 0xa3c
+        LDW     -212(%r30),%r2  ;offset 0xa40
+$00060020
+        COPY    %r4,%r26        ;offset 0xa44
+        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
+        COPY    %r2,%r24        ;offset 0xa4c
+        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+        B,L     $$div2U,%r31    ;offset 0xa50
+        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
+        DEPD    %r28,31,32,%r29 ;offset 0xa58
+$00060022
+        STD     %r29,-152(%r30) ;offset 0xa5c
+$D1
+        AND     %r5,%r19,%r24   ;offset 0xa60
+        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
+        STW     %r2,-160(%r30)  ;offset 0xa68
+        STW     %r7,-128(%r30)  ;offset 0xa6c
+        FLDD    -152(%r30),%fr4 ;offset 0xa70
+        FLDD    -152(%r30),%fr7 ;offset 0xa74
+        FLDW    -160(%r30),%fr8L        ;offset 0xa78
+        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
+        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
+        FSTD    %fr10,-136(%r30)        ;offset 0xa84
+        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
+        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
+        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
+        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
+        FSTD    %fr11,-112(%r30)        ;offset 0xa98
+        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
+        LDD     -136(%r30),%r28 ;offset 0xaa0
+        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
+        LDD     -144(%r30),%r20 ;offset 0xaa8
+        ADD,L   %r20,%r31,%r31  ;offset 0xaac
+        LDD     -112(%r30),%r22 ;offset 0xab0
+        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
+        LDD     -120(%r30),%r21 ;offset 0xab8
+        B       $00060024       ;offset 0xabc
+        ADD,L   %r21,%r22,%r23  ;offset 0xac0
+$D0
+        OR      %r9,%r29,%r29   ;offset 0xac4
+$00060040
+        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
+$00060002
+$L2
+        LDW     -212(%r30),%r2  ;offset 0xacc
+$D3
+        LDW     -168(%r30),%r9  ;offset 0xad0
+        LDD     -176(%r30),%r8  ;offset 0xad4
+        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
+        LDD     -184(%r30),%r6  ;offset 0xadc
+        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
+        LDW     -188(%r30),%r4  ;offset 0xae4
+        BVE     (%r2)   ;offset 0xae8
+        .EXIT
+        LDW,MB  -192(%r30),%r3  ;offset 0xaec
+        .PROCEND        ;in=23,25;out=28,29;fpin=105,107;
+
+
+
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+        .PROC
+        .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+        STD     c2,32(r_ptr)          ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+        SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)          ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+        STD     c1,48(r_ptr)          ; r[6] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+        STD     c2,56(r_ptr)          ; r[7] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+        SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+        STD     c3,64(r_ptr)          ; r[8] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+        STD     c1,72(r_ptr)          ; r[9] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a5L,a5R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+        SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+        STD     c2,80(r_ptr)          ; r[10] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+        STD     c3,88(r_ptr)          ; r[11] = c3;
+        COPY    %r0,c3
+        
+        SQR_ADD_C a6L,a6R,c1,c2,c3
+        SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+        STD     c1,96(r_ptr)          ; r[12] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+        STD     c2,104(r_ptr)         ; r[13] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a7L,a7R,c3,c1,c2
+        STD     c3, 112(r_ptr)       ; r[14] = c3
+        STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+        STD     c2,32(r_ptr)           ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)           ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        STD     c1,48(r_ptr)           ; r[6] = c1;
+        STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        COPY      %r0,c1
+        
+        MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+        STD       c2,56(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+        STD       c3,64(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+        STD       c1,72(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+        STD       c2,80(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+        STD       c3,88(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+        STD       c1,96(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+        STD       c2,104(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+        STD       c3,112(r_ptr)
+        STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+;--- not PIC    .SPACE  $TEXT$
+;--- not PIC    .SUBSPA $CODE$
+;--- not PIC    .SPACE  $PRIVATE$,SORT=16
+;--- not PIC    .IMPORT $global$,DATA
+;--- not PIC    .SPACE  $TEXT$
+;--- not PIC    .SUBSPA $CODE$
+;--- not PIC    .SUBSPA $LIT$,ACCESS=0x2c
+;--- not PIC    C$7
+;--- not PIC    .ALIGN  8
+;--- not PIC    .STRINGZ        "Division would overflow (%d)\n"
+        .END
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2W.s b/src/lib/libcrypto/bn/asm/pa-risc2W.s
new file mode 100644
index 0000000000..a99545754d
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/pa-risc2W.s
@@ -0,0 +1,1605 @@
+;
+; PA-RISC 64-bit implementation of bn_asm code
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+        .level  2.0W
+        .space  $TEXT$
+        .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 64-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     global data pointer    ; r27  (dp)
+;     argument pointer       ; r29  (ap)
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+w           .reg %r23
+n           .reg %r23
+
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r29
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;                                                               int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = num
+; arg3 = w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
+bn_mul_add_words
+        .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+        .proc
+        .callinfo frame=128
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP                         ; Needed to make the loop 16-byte aligned
+        NOP                         ; Needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    STD     %r8,40(%sp)         ; save r8  
+
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+        STD     w,56(%sp)           ; store w on stack
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+        ;
+        CMPIB,= 1,num,bn_mul_add_words_single_top
+        FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
+        ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+        LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+        CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret0            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+; arg3 = w
+
+bn_mul_words
+        .proc
+        .callinfo frame=128
+    .entry
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+        STD     w,56(%sp)           ; w on stack
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; See if only 1 word to do, thus just do cleanup
+        ;
+        CMPIB,= 1,num,bn_mul_words_single_top
+        FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+        ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
+        ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+        COPY    ht_1,%ret0                ; carry = ht
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret0                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+        NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+        LDO     128(%sp),%sp       ; bump stack
+
+        ;
+        ; If only 1, the goto straight to cleanup
+        ;
+        CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+        LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+        CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+        ;
+        ; Top of loop aligned on 64-byte boundary
+        ;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+        .proc
+    .entry
+        .callinfo
+        .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_add_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_add_words_unroll2
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+        ADD     t,%ret0,t                    ; t = t+c;
+        ADD,DC  %r0,%r0,%ret0                ; set c to carry
+        ADD     t,b,l                        ; l = t + b[0]
+        ADD,DC  %ret0,%r0,%ret0              ; c+= carry
+        STD     l,0(r_ptr)
+
+        LDD     8(a_ptr),t
+        LDD     8(b_ptr),b
+        ADD     t,%ret0,t                     ; t = t+c;
+        ADD,DC  %r0,%r0,%ret0                 ; set c to carry
+        ADD     t,b,l                         ; l = t + b[0]
+        ADD,DC  %ret0,%r0,%ret0               ; c+= carry
+        STD     l,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_add_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+        LDD     0(a_ptr),t
+        LDD     0(b_ptr),b
+
+        ADD     t,%ret0,t                 ; t = t+c;
+        ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
+        ADD     t,b,l                     ; l = t + b[0]
+        ADD,DC  %ret0,%r0,%ret0           ; c+= carry
+        STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+        NOP
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+        .proc
+        .callinfo 
+        .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+        ;
+        ; If 2 or more numbers do the loop
+        ;
+        CMPIB,= 1,n,bn_sub_words_single_top
+        NOP
+
+        ;
+        ; This loop is unrolled 2 times (64-byte aligned as well)
+        ;
+bn_sub_words_unroll2
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
+
+        CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret0
+        STD     sub_tmp1,0(r_ptr)
+
+        LDD     8(a_ptr),t1
+        LDD     8(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret0
+        STD     sub_tmp1,8(r_ptr)
+
+        LDO     -2(n),n
+        LDO     16(a_ptr),a_ptr
+        LDO     16(b_ptr),b_ptr
+
+        CMPIB,<= 2,n,bn_sub_words_unroll2
+        LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+        LDD     0(a_ptr),t1
+        LDD     0(b_ptr),t2
+        SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+        SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+        CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+        LDO      1(%r0),sub_tmp2
+        
+        CMPCLR,*= t1,t2,%r0
+        COPY    sub_tmp2,%ret0
+
+        STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+        NOP
+        .PROCEND        ;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just modified assembly from the compiler, thus the
+; lack of variable names.
+;
+;------------------------------------------------------------------------------
+bn_div_words
+        .proc
+        .callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+        .IMPORT BN_num_bits_word,CODE,NO_RELOCATION
+        .IMPORT __iob,DATA
+        .IMPORT fprintf,CODE,NO_RELOCATION
+        .IMPORT abort,CODE,NO_RELOCATION
+        .IMPORT $$div2U,MILLICODE
+    .entry
+    STD     %r2,-16(%r30)   
+    STD,MA  %r3,352(%r30)   
+    STD     %r4,-344(%r30)  
+    STD     %r5,-336(%r30)  
+    STD     %r6,-328(%r30)  
+    STD     %r7,-320(%r30)  
+    STD     %r8,-312(%r30)  
+    STD     %r9,-304(%r30)  
+    STD     %r10,-296(%r30)
+
+    STD     %r27,-288(%r30)             ; save gp
+
+    COPY    %r24,%r3           ; save d 
+    COPY    %r26,%r4           ; save h (high 64-bits)
+    LDO      -1(%r0),%ret0     ; return -1 by default   
+
+    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
+    COPY    %r25,%r5           ; save l (low 64-bits)
+
+    LDO     -48(%r30),%r29     ; create ap 
+    .CALL   ;in=26,29;out=28;
+    B,L     BN_num_bits_word,%r2 
+    COPY    %r3,%r26        
+    LDD     -288(%r30),%r27    ; restore gp 
+    LDI     64,%r21 
+
+    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
+    COPY    %ret0,%r24             ; i   
+    MTSARCM %r24    
+    DEPDI,Z -1,%sar,1,%r29  
+    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
+
+$00000012
+    SUBI    64,%r24,%r31                       ; i = 64 - i;
+    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
+    SUB     %r4,%r3,%r4                        ; h -= d
+    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
+    COPY    %r0,%r10                           ; ret = 0
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
+    SUBI    64,%r31,%r19                       ; 64 - i; redundent
+    MTSAR   %r19                               ; (64 -i) to shift
+    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
+
+$0000001A
+    DEPDI,Z -1,31,32,%r19                      
+    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
+    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
+    LDO     2(%r0),%r9
+    STD    %r3,-280(%r30)                      ; "d" to stack
+
+$0000001C
+    DEPDI,Z -1,63,32,%r29                      ; 
+    EXTRD,U %r4,31,32,%r31                     ; h >> 32
+    CMPB,*=,N  %r31,%r6,$D2                    ; if ((h>>32) != dh)(forward) div
+    COPY    %r4,%r26       
+    EXTRD,U %r4,31,32,%r25 
+    COPY    %r6,%r24      
+    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+    B,L     $$div2U,%r2     
+    EXTRD,U %r6,31,32,%r23  
+    DEPD    %r28,31,32,%r29 
+$D2
+    STD     %r29,-272(%r30)                   ; q
+    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
+    EXTRD,U %r24,31,32,%r24                 ; ??? 
+    FLDD    -272(%r30),%fr7                 ; q
+    FLDD    -280(%r30),%fr8                 ; d
+    XMPYU   %fr8L,%fr7L,%fr10  
+    FSTD    %fr10,-256(%r30)   
+    XMPYU   %fr8L,%fr7R,%fr22  
+    FSTD    %fr22,-264(%r30)   
+    XMPYU   %fr8R,%fr7L,%fr11 
+    XMPYU   %fr8R,%fr7R,%fr23
+    FSTD    %fr11,-232(%r30)
+    FSTD    %fr23,-240(%r30)
+    LDD     -256(%r30),%r28
+    DEPD,Z  %r28,31,32,%r2 
+    LDD     -264(%r30),%r20
+    ADD,L   %r20,%r2,%r31   
+    LDD     -232(%r30),%r22 
+    DEPD,Z  %r22,31,32,%r22 
+    LDD     -240(%r30),%r21 
+    B       $00000024       ; enter loop  
+    ADD,L   %r21,%r22,%r23 
+
+$0000002A
+    LDO     -1(%r29),%r29   
+    SUB     %r23,%r8,%r23   
+$00000024
+    SUB     %r4,%r31,%r25   
+    AND     %r25,%r19,%r26  
+    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
+    DEPD,Z  %r25,31,32,%r20 
+    OR      %r20,%r24,%r21  
+    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
+    SUB     %r31,%r6,%r31   
+;-------------Break path---------------------
+
+$00000046
+    DEPD,Z  %r23,31,32,%r25              ;tl
+    EXTRD,U %r23,31,32,%r26              ;t
+    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
+    ADD,L   %r31,%r26,%r31               ;th += t; 
+    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
+    LDO     1(%r31),%r31                 ; th++;
+    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
+    LDO     -1(%r29),%r29                ;q--; 
+    ADD,L   %r4,%r3,%r4                  ;h += d;
+$00000036
+    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
+    SUB     %r5,%r24,%r28                ; l -= tl;
+    SUB     %r4,%r31,%r24                ; h -= th;
+    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
+    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
+    b      $0000001C
+    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
+
+$D1
+    OR      %r10,%r29,%r28           ; ret |= q
+$D3
+    LDD     -368(%r30),%r2  
+$D0
+    LDD     -296(%r30),%r10 
+    LDD     -304(%r30),%r9  
+    LDD     -312(%r30),%r8  
+    LDD     -320(%r30),%r7  
+    LDD     -328(%r30),%r6  
+    LDD     -336(%r30),%r5  
+    LDD     -344(%r30),%r4  
+    BVE     (%r2)   
+        .EXIT
+    LDD,MB  -352(%r30),%r3 
+
+bn_div_err_case
+    MFIA    %r6     
+    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
+    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
+    ADDIL   LT'__iob,%r27,%r1       
+    LDD     RT'__iob(%r1),%r26      
+    ADDIL   L'C$4-bn_div_words,%r6,%r1    
+    LDO     R'C$4-bn_div_words(%r1),%r25  
+    LDO     64(%r26),%r26   
+    .CALL           ;in=24,25,26,29;out=28;
+    B,L     fprintf,%r2    
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    .CALL           ;in=29;
+    B,L     abort,%r2      
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    B       $D0         
+    LDD     -368(%r30),%r2  
+        .PROCEND        ;in=24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+        .PROC
+        .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+        STD     c2,32(r_ptr)          ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+        SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)          ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+        STD     c1,48(r_ptr)          ; r[6] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+        SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+        STD     c2,56(r_ptr)          ; r[7] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+        SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+        STD     c3,64(r_ptr)          ; r[8] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+        SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+        SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+        STD     c1,72(r_ptr)          ; r[9] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a5L,a5R,c2,c3,c1
+        SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+        SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+        STD     c2,80(r_ptr)          ; r[10] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+        SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+        STD     c3,88(r_ptr)          ; r[11] = c3;
+        COPY    %r0,c3
+        
+        SQR_ADD_C a6L,a6R,c1,c2,c3
+        SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+        STD     c1,96(r_ptr)          ; r[12] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+        STD     c2,104(r_ptr)         ; r[13] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a7L,a7R,c3,c1,c2
+        STD     c3, 112(r_ptr)       ; r[14] = c3
+        STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+        SQR_ADD_C a0L,a0R,c1,c2,c3
+
+        STD     c1,0(r_ptr)          ; r[0] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+        STD     c2,8(r_ptr)          ; r[1] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C a1L,a1R,c3,c1,c2
+        SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+        STD     c3,16(r_ptr)            ; r[2] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+        SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+        STD     c1,24(r_ptr)           ; r[3] = c1;
+        COPY    %r0,c1
+
+        SQR_ADD_C a2L,a2R,c2,c3,c1
+        SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+        STD     c2,32(r_ptr)           ; r[4] = c2;
+        COPY    %r0,c2
+
+        SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+        STD     c3,40(r_ptr)           ; r[5] = c3;
+        COPY    %r0,c3
+
+        SQR_ADD_C a3L,a3R,c1,c2,c3
+        STD     c1,48(r_ptr)           ; r[6] = c1;
+        STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        COPY      %r0,c1
+        
+        MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+        STD       c2,56(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+        STD       c3,64(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+        STD       c1,72(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+        MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+        MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+        MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+        MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+        STD       c2,80(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+        MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+        MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+        MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+        STD       c3,88(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+        MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+        MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+        STD       c1,96(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+        MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+        STD       c2,104(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+        STD       c3,112(r_ptr)
+        STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+        .proc
+        .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+        .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+        .align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+        ;
+        ; Zero out carries
+        ;
+        COPY     %r0,c1
+        COPY     %r0,c2
+        COPY     %r0,c3
+
+        LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+        ;
+        ; Load up all of the values we are going to use
+        ;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+        MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+        STD       c1,0(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+        STD       c2,8(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+        MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+        MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+        STD       c3,16(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+        MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+        MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+        MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+        STD       c1,24(r_ptr)
+        COPY      %r0,c1
+
+        MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+        MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+        MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+        STD       c2,32(r_ptr)
+        COPY      %r0,c2
+
+        MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+        MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+        STD       c3,40(r_ptr)
+        COPY      %r0,c3
+
+        MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+        STD       c1,48(r_ptr)
+        STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+        .PROCEND        
+
+
+        .SPACE  $TEXT$
+        .SUBSPA $CODE$
+        .SPACE  $PRIVATE$,SORT=16
+        .IMPORT $global$,DATA
+        .SPACE  $TEXT$
+        .SUBSPA $CODE$
+        .SUBSPA $LIT$,ACCESS=0x2c
+C$4
+        .ALIGN  8
+        .STRINGZ        "Division would overflow (%d)\n"
+        .END
diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl
new file mode 100644
index 0000000000..307c7ccb35
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/ppc.pl
@@ -0,0 +1,2081 @@
+#!/usr/bin/env perl
+#
+# Implemented as a Perl wrapper as we want to support several different
+# architectures with single file. We pick up the target based on the
+# file name we are asked to generate.
+#
+# It should be noted though that this perl code is nothing like
+# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much
+# as pre-processor to cover for platform differences in name decoration,
+# linker tables, 32-/64-bit instruction sets...
+#
+# As you might know there're several PowerPC ABI in use. Most notably
+# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs
+# are similar enough to implement leaf(!) functions, which would be ABI
+# neutral. And that's what you find here: ABI neutral leaf functions.
+# In case you wonder what that is...
+#
+#       AIX performance
+#
+#       MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.
+#
+#       The following is the performance of 32-bit compiler
+#       generated code:
+#
+#       OpenSSL 0.9.6c 21 dec 2001
+#       built on: Tue Jun 11 11:06:51 EDT 2002
+#       options:bn(64,32) ...
+#compiler: cc -DTHREADS  -DAIX -DB_ENDIAN -DBN_LLONG -O3
+#                  sign    verify    sign/s verify/s
+#rsa  512 bits   0.0098s   0.0009s    102.0   1170.6
+#rsa 1024 bits   0.0507s   0.0026s     19.7    387.5
+#rsa 2048 bits   0.3036s   0.0085s      3.3    117.1
+#rsa 4096 bits   2.0040s   0.0299s      0.5     33.4
+#dsa  512 bits   0.0087s   0.0106s    114.3     94.5
+#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0    
+#
+#       Same bechmark with this assembler code:
+#
+#rsa  512 bits   0.0056s   0.0005s    178.6   2049.2
+#rsa 1024 bits   0.0283s   0.0015s     35.3    674.1
+#rsa 2048 bits   0.1744s   0.0050s      5.7    201.2
+#rsa 4096 bits   1.1644s   0.0179s      0.9     55.7
+#dsa  512 bits   0.0052s   0.0062s    191.6    162.0
+#dsa 1024 bits   0.0149s   0.0180s     67.0     55.5
+#
+#       Number of operations increases by at almost 75%
+#
+#       Here are performance numbers for 64-bit compiler
+#       generated code:
+#
+#       OpenSSL 0.9.6g [engine] 9 Aug 2002
+#       built on: Fri Apr 18 16:59:20 EDT 2003
+#       options:bn(64,64) ...
+#       compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3
+#                  sign    verify    sign/s verify/s
+#rsa  512 bits   0.0028s   0.0003s    357.1   3844.4
+#rsa 1024 bits   0.0148s   0.0008s     67.5   1239.7
+#rsa 2048 bits   0.0963s   0.0028s     10.4    353.0
+#rsa 4096 bits   0.6538s   0.0102s      1.5     98.1
+#dsa  512 bits   0.0026s   0.0032s    382.5    313.7
+#dsa 1024 bits   0.0081s   0.0099s    122.8    100.6
+#
+#       Same benchmark with this assembler code:
+#
+#rsa  512 bits   0.0020s   0.0002s    510.4   6273.7
+#rsa 1024 bits   0.0088s   0.0005s    114.1   2128.3
+#rsa 2048 bits   0.0540s   0.0016s     18.5    622.5
+#rsa 4096 bits   0.3700s   0.0058s      2.7    171.0
+#dsa  512 bits   0.0016s   0.0020s    610.7    507.1
+#dsa 1024 bits   0.0047s   0.0058s    212.5    173.2
+#       
+#       Again, performance increases by at about 75%
+#
+#       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
+#       OpenSSL 0.9.7c 30 Sep 2003
+#
+#       Original code.
+#
+#rsa  512 bits   0.0011s   0.0001s    906.1  11012.5
+#rsa 1024 bits   0.0060s   0.0003s    166.6   3363.1
+#rsa 2048 bits   0.0370s   0.0010s     27.1    982.4
+#rsa 4096 bits   0.2426s   0.0036s      4.1    280.4
+#dsa  512 bits   0.0010s   0.0012s   1038.1    841.5
+#dsa 1024 bits   0.0030s   0.0037s    329.6    269.7
+#dsa 2048 bits   0.0101s   0.0127s     98.9     78.6
+#
+#       Same benchmark with this assembler code:
+#
+#rsa  512 bits   0.0007s   0.0001s   1416.2  16645.9
+#rsa 1024 bits   0.0036s   0.0002s    274.4   5380.6
+#rsa 2048 bits   0.0222s   0.0006s     45.1   1589.5
+#rsa 4096 bits   0.1469s   0.0022s      6.8    449.6
+#dsa  512 bits   0.0006s   0.0007s   1664.2   1376.2
+#dsa 1024 bits   0.0018s   0.0023s    545.0    442.2
+#dsa 2048 bits   0.0061s   0.0075s    163.5    132.8
+#
+#        Performance increase of ~60%
+#
+#       If you have comments or suggestions to improve code send
+#       me a note at schari@us.ibm.com
+#
+
+$opf = shift;
+
+if ($opf =~ /32\.s/) {
+        $BITS=  32;
+        $BNSZ=  $BITS/8;
+        $ISA=   "\"ppc\"";
+
+        $LD=    "lwz";          # load
+        $LDU=   "lwzu";         # load and update
+        $ST=    "stw";          # store
+        $STU=   "stwu";         # store and update
+        $UMULL= "mullw";        # unsigned multiply low
+        $UMULH= "mulhwu";       # unsigned multiply high
+        $UDIV=  "divwu";        # unsigned divide
+        $UCMPI= "cmplwi";       # unsigned compare with immediate
+        $UCMP=  "cmplw";        # unsigned compare
+        $COUNTZ="cntlzw";       # count leading zeros
+        $SHL=   "slw";          # shift left
+        $SHR=   "srw";          # unsigned shift right
+        $SHRI=  "srwi";         # unsigned shift right by immediate     
+        $SHLI=  "slwi";         # shift left by immediate
+        $CLRU=  "clrlwi";       # clear upper bits
+        $INSR=  "insrwi";       # insert right
+        $ROTL=  "rotlwi";       # rotate left by immediate
+} elsif ($opf =~ /64\.s/) {
+        $BITS=  64;
+        $BNSZ=  $BITS/8;
+        $ISA=   "\"ppc64\"";
+
+        # same as above, but 64-bit mnemonics...
+        $LD=    "ld";           # load
+        $LDU=   "ldu";          # load and update
+        $ST=    "std";          # store
+        $STU=   "stdu";         # store and update
+        $UMULL= "mulld";        # unsigned multiply low
+        $UMULH= "mulhdu";       # unsigned multiply high
+        $UDIV=  "divdu";        # unsigned divide
+        $UCMPI= "cmpldi";       # unsigned compare with immediate
+        $UCMP=  "cmpld";        # unsigned compare
+        $COUNTZ="cntlzd";       # count leading zeros
+        $SHL=   "sld";          # shift left
+        $SHR=   "srd";          # unsigned shift right
+        $SHRI=  "srdi";         # unsigned shift right by immediate     
+        $SHLI=  "sldi";         # shift left by immediate
+        $CLRU=  "clrldi";       # clear upper bits
+        $INSR=  "insrdi";       # insert right 
+        $ROTL=  "rotldi";       # rotate left by immediate
+} else { die "nonsense $opf"; }
+
+( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
+
+# function entry points from the AIX code
+#
+# There are other, more elegant, ways to handle this. We (IBM) chose
+# this approach as it plays well with scripts we run to 'namespace'
+# OpenSSL .i.e. we add a prefix to all the public symbols so we can
+# co-exist in the same process with other implementations of OpenSSL.
+# 'cleverer' ways of doing these substitutions tend to hide data we
+# need to be obvious.
+#
+my @items = ("bn_sqr_comba4",
+             "bn_sqr_comba8",
+             "bn_mul_comba4",
+             "bn_mul_comba8",
+             "bn_sub_words",
+             "bn_add_words",
+             "bn_div_words",
+             "bn_sqr_words",
+             "bn_mul_words",
+             "bn_mul_add_words");
+
+if    ($opf =~ /linux/) {  do_linux();  }
+elsif ($opf =~ /aix/)   {  do_aix();    }
+elsif ($opf =~ /osx/)   {  do_osx();    }
+else                    {  do_bsd();    }
+
+sub do_linux {
+    $d=&data();
+
+    if ($BITS==64) {
+      foreach $t (@items) {
+        $d =~ s/\.$t:/\
+\t.section\t".opd","aw"\
+\t.align\t3\
+\t.globl\t$t\
+$t:\
+\t.quad\t.$t,.TOC.\@tocbase,0\
+\t.size\t$t,24\
+\t.previous\n\
+\t.type\t.$t,\@function\
+\t.globl\t.$t\
+.$t:/g;
+      }
+    }
+    else {
+      foreach $t (@items) {
+        $d=~s/\.$t/$t/g;
+      }
+    }
+    # hide internal labels to avoid pollution of name table...
+    $d=~s/Lppcasm_/.Lppcasm_/gm;
+    print $d;
+}
+
+sub do_aix {
+    # AIX assembler is smart enough to please the linker without
+    # making us do something special...
+    print &data();
+}
+
+# MacOSX 32 bit
+sub do_osx {
+    $d=&data();
+    # Change the bn symbol prefix from '.' to '_'
+    foreach $t (@items) {
+      $d=~s/\.$t/_$t/g;
+    }
+    # Change .machine to something OS X asm will accept
+    $d=~s/\.machine.*/.text/g;
+    $d=~s/\#/;/g; # change comment from '#' to ';'
+    print $d;
+}
+
+# BSD (Untested)
+sub do_bsd {
+    $d=&data();
+    foreach $t (@items) {
+      $d=~s/\.$t/_$t/g;
+    }
+    print $d;
+}
+
+sub data {
+        local($data)=<<EOF;
+#--------------------------------------------------------------------
+#
+#
+#
+#
+#       File:           ppc32.s
+#
+#       Created by:     Suresh Chari
+#                       IBM Thomas J. Watson Research Library
+#                       Hawthorne, NY
+#
+#
+#       Description:    Optimized assembly routines for OpenSSL crypto
+#                       on the 32 bitPowerPC platform.
+#
+#
+#       Version History
+#
+#       2. Fixed bn_add,bn_sub and bn_div_words, added comments,
+#          cleaned up code. Also made a single version which can
+#          be used for both the AIX and Linux compilers. See NOTE
+#          below.
+#                               12/05/03                Suresh Chari
+#                       (with lots of help from)        Andy Polyakov
+##      
+#       1. Initial version      10/20/02                Suresh Chari
+#
+#
+#       The following file works for the xlc,cc
+#       and gcc compilers.
+#
+#       NOTE:   To get the file to link correctly with the gcc compiler
+#               you have to change the names of the routines and remove
+#               the first .(dot) character. This should automatically
+#               be done in the build process.
+#
+#       Hand optimized assembly code for the following routines
+#       
+#       bn_sqr_comba4
+#       bn_sqr_comba8
+#       bn_mul_comba4
+#       bn_mul_comba8
+#       bn_sub_words
+#       bn_add_words
+#       bn_div_words
+#       bn_sqr_words
+#       bn_mul_words
+#       bn_mul_add_words
+#
+#       NOTE:   It is possible to optimize this code more for
+#       specific PowerPC or Power architectures. On the Northstar
+#       architecture the optimizations in this file do
+#        NOT provide much improvement.
+#
+#       If you have comments or suggestions to improve code send
+#       me a note at schari\@us.ibm.com
+#
+#--------------------------------------------------------------------------
+#
+#       Defines to be used in the assembly code.
+#       
+.set r0,0       # we use it as storage for value of 0
+.set SP,1       # preserved
+.set RTOC,2     # preserved 
+.set r3,3       # 1st argument/return value
+.set r4,4       # 2nd argument/volatile register
+.set r5,5       # 3rd argument/volatile register
+.set r6,6       # ...
+.set r7,7
+.set r8,8
+.set r9,9
+.set r10,10
+.set r11,11
+.set r12,12
+.set r13,13     # not used, nor any other "below" it...
+
+.set BO_IF_NOT,4
+.set BO_IF,12
+.set BO_dCTR_NZERO,16
+.set BO_dCTR_ZERO,18
+.set BO_ALWAYS,20
+.set CR0_LT,0;
+.set CR0_GT,1;
+.set CR0_EQ,2
+.set CR1_FX,4;
+.set CR1_FEX,5;
+.set CR1_VX,6
+.set LR,8
+
+#       Declare function names to be global
+#       NOTE:   For gcc these names MUST be changed to remove
+#               the first . i.e. for example change ".bn_sqr_comba4"
+#               to "bn_sqr_comba4". This should be automatically done
+#               in the build.
+        
+        .globl  .bn_sqr_comba4
+        .globl  .bn_sqr_comba8
+        .globl  .bn_mul_comba4
+        .globl  .bn_mul_comba8
+        .globl  .bn_sub_words
+        .globl  .bn_add_words
+        .globl  .bn_div_words
+        .globl  .bn_sqr_words
+        .globl  .bn_mul_words
+        .globl  .bn_mul_add_words
+        
+# .text section
+        
+        .machine        $ISA
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_sqr_comba4" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+
+.align  4
+.bn_sqr_comba4:
+#
+# Optimized version of bn_sqr_comba4.
+#
+# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:       
+# 
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+# Here's the assembly
+#
+#
+        xor             r0,r0,r0                # set r0 = 0. Used in the addze
+                                                # instructions below
+        
+                                                #sqr_add_c(a,0,c1,c2,c3)
+        $LD             r5,`0*$BNSZ`(r4)                
+        $UMULL          r9,r5,r5                
+        $UMULH          r10,r5,r5               #in first iteration. No need
+                                                #to add since c1=c2=c3=0.
+                                                # Note c3(r11) is NOT set to 0
+                                                # but will be.
+
+        $ST             r9,`0*$BNSZ`(r3)        # r[0]=c1;
+                                                # sqr_add_c2(a,1,0,c2,c3,c1);
+        $LD             r6,`1*$BNSZ`(r4)                
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+                                        
+        addc            r7,r7,r7                # compute (r7,r8)=2*(r7,r8)
+        adde            r8,r8,r8
+        addze           r9,r0                   # catch carry if any.
+                                                # r9= r0(=0) and carry 
+        
+        addc            r10,r7,r10              # now add to temp result.
+        addze           r11,r8                  # r8 added to r11 which is 0 
+        addze           r9,r9
+        
+        $ST             r10,`1*$BNSZ`(r3)       #r[1]=c2; 
+                                                #sqr_add_c(a,1,c3,c1,c2)
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r0
+                                                #sqr_add_c2(a,2,0,c3,c1,c2)
+        $LD             r6,`2*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r7,r7,r7
+        adde            r8,r8,r8
+        addze           r10,r10
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        $ST             r11,`2*$BNSZ`(r3)       #r[2]=c3 
+                                                #sqr_add_c2(a,3,0,c1,c2,c3);
+        $LD             r6,`3*$BNSZ`(r4)                
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r7,r7,r7
+        adde            r8,r8,r8
+        addze           r11,r0
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+                                                #sqr_add_c2(a,2,1,c1,c2,c3);
+        $LD             r5,`1*$BNSZ`(r4)
+        $LD             r6,`2*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r7,r7,r7
+        adde            r8,r8,r8
+        addze           r11,r11
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        $ST             r9,`3*$BNSZ`(r3)        #r[3]=c1
+                                                #sqr_add_c(a,2,c2,c3,c1);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r0
+                                                #sqr_add_c2(a,3,1,c2,c3,c1);
+        $LD             r6,`3*$BNSZ`(r4)                
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r7,r7,r7
+        adde            r8,r8,r8
+        addze           r9,r9
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        $ST             r10,`4*$BNSZ`(r3)       #r[4]=c2
+                                                #sqr_add_c2(a,3,2,c3,c1,c2);
+        $LD             r5,`2*$BNSZ`(r4)                
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r7,r7,r7
+        adde            r8,r8,r8
+        addze           r10,r0
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        $ST             r11,`5*$BNSZ`(r3)       #r[5] = c3
+                                                #sqr_add_c(a,3,c1,c2,c3);
+        $UMULL          r7,r6,r6                
+        $UMULH          r8,r6,r6
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+
+        $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1
+        $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_sqr_comba8" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+        
+.align  4
+.bn_sqr_comba8:
+#
+# This is an optimized version of the bn_sqr_comba8 routine.
+# Tightly uses the adde instruction
+#
+#
+# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+# r3 contains r
+# r4 contains a
+#
+# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:       
+# 
+# r5,r6 are the two BN_ULONGs being multiplied.
+# r7,r8 are the results of the 32x32 giving 64 bit multiply.
+# r9,r10, r11 are the equivalents of c1,c2, c3.
+#
+# Possible optimization of loading all 8 longs of a into registers
+# doesnt provide any speedup
+# 
+
+        xor             r0,r0,r0                #set r0 = 0.Used in addze
+                                                #instructions below.
+
+                                                #sqr_add_c(a,0,c1,c2,c3);
+        $LD             r5,`0*$BNSZ`(r4)
+        $UMULL          r9,r5,r5                #1st iteration: no carries.
+        $UMULH          r10,r5,r5
+        $ST             r9,`0*$BNSZ`(r3)        # r[0]=c1;
+                                                #sqr_add_c2(a,1,0,c2,c3,c1);
+        $LD             r6,`1*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6        
+        
+        addc            r10,r7,r10              #add the two register number
+        adde            r11,r8,r0               # (r8,r7) to the three register
+        addze           r9,r0                   # number (r9,r11,r10).NOTE:r0=0
+        
+        addc            r10,r7,r10              #add the two register number
+        adde            r11,r8,r11              # (r8,r7) to the three register
+        addze           r9,r9                   # number (r9,r11,r10).
+        
+        $ST             r10,`1*$BNSZ`(r3)       # r[1]=c2
+                                
+                                                #sqr_add_c(a,1,c3,c1,c2);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r0
+                                                #sqr_add_c2(a,2,0,c3,c1,c2);
+        $LD             r6,`2*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        
+        $ST             r11,`2*$BNSZ`(r3)       #r[2]=c3
+                                                #sqr_add_c2(a,3,0,c1,c2,c3);
+        $LD             r6,`3*$BNSZ`(r4)        #r6 = a[3]. r5 is already a[0].
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r0
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+                                                #sqr_add_c2(a,2,1,c1,c2,c3);
+        $LD             r5,`1*$BNSZ`(r4)
+        $LD             r6,`2*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        
+        $ST             r9,`3*$BNSZ`(r3)        #r[3]=c1;
+                                                #sqr_add_c(a,2,c2,c3,c1);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r0
+                                                #sqr_add_c2(a,3,1,c2,c3,c1);
+        $LD             r6,`3*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+                                                #sqr_add_c2(a,4,0,c2,c3,c1);
+        $LD             r5,`0*$BNSZ`(r4)
+        $LD             r6,`4*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        $ST             r10,`4*$BNSZ`(r3)       #r[4]=c2;
+                                                #sqr_add_c2(a,5,0,c3,c1,c2);
+        $LD             r6,`5*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r0
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+                                                #sqr_add_c2(a,4,1,c3,c1,c2);
+        $LD             r5,`1*$BNSZ`(r4)
+        $LD             r6,`4*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+                                                #sqr_add_c2(a,3,2,c3,c1,c2);
+        $LD             r5,`2*$BNSZ`(r4)
+        $LD             r6,`3*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        $ST             r11,`5*$BNSZ`(r3)       #r[5]=c3;
+                                                #sqr_add_c(a,3,c1,c2,c3);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r0
+                                                #sqr_add_c2(a,4,2,c1,c2,c3);
+        $LD             r6,`4*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+                                                #sqr_add_c2(a,5,1,c1,c2,c3);
+        $LD             r5,`1*$BNSZ`(r4)
+        $LD             r6,`5*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+                                                #sqr_add_c2(a,6,0,c1,c2,c3);
+        $LD             r5,`0*$BNSZ`(r4)
+        $LD             r6,`6*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1;
+                                                #sqr_add_c2(a,7,0,c2,c3,c1);
+        $LD             r6,`7*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r0
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+                                                #sqr_add_c2(a,6,1,c2,c3,c1);
+        $LD             r5,`1*$BNSZ`(r4)
+        $LD             r6,`6*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+                                                #sqr_add_c2(a,5,2,c2,c3,c1);
+        $LD             r5,`2*$BNSZ`(r4)
+        $LD             r6,`5*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+                                                #sqr_add_c2(a,4,3,c2,c3,c1);
+        $LD             r5,`3*$BNSZ`(r4)
+        $LD             r6,`4*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2;
+                                                #sqr_add_c(a,4,c3,c1,c2);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r0
+                                                #sqr_add_c2(a,5,3,c3,c1,c2);
+        $LD             r6,`5*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+                                                #sqr_add_c2(a,6,2,c3,c1,c2);
+        $LD             r5,`2*$BNSZ`(r4)
+        $LD             r6,`6*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+                                                #sqr_add_c2(a,7,1,c3,c1,c2);
+        $LD             r5,`1*$BNSZ`(r4)
+        $LD             r6,`7*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        $ST             r11,`8*$BNSZ`(r3)       #r[8]=c3;
+                                                #sqr_add_c2(a,7,2,c1,c2,c3);
+        $LD             r5,`2*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r0
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+                                                #sqr_add_c2(a,6,3,c1,c2,c3);
+        $LD             r5,`3*$BNSZ`(r4)
+        $LD             r6,`6*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+                                                #sqr_add_c2(a,5,4,c1,c2,c3);
+        $LD             r5,`4*$BNSZ`(r4)
+        $LD             r6,`5*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        $ST             r9,`9*$BNSZ`(r3)        #r[9]=c1;
+                                                #sqr_add_c(a,5,c2,c3,c1);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r0
+                                                #sqr_add_c2(a,6,4,c2,c3,c1);
+        $LD             r6,`6*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+                                                #sqr_add_c2(a,7,3,c2,c3,c1);
+        $LD             r5,`3*$BNSZ`(r4)
+        $LD             r6,`7*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        $ST             r10,`10*$BNSZ`(r3)      #r[10]=c2;
+                                                #sqr_add_c2(a,7,4,c3,c1,c2);
+        $LD             r5,`4*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r0
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+                                                #sqr_add_c2(a,6,5,c3,c1,c2);
+        $LD             r5,`5*$BNSZ`(r4)
+        $LD             r6,`6*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        addze           r10,r10
+        $ST             r11,`11*$BNSZ`(r3)      #r[11]=c3;
+                                                #sqr_add_c(a,6,c1,c2,c3);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r0
+                                                #sqr_add_c2(a,7,5,c1,c2,c3)
+        $LD             r6,`7*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        addc            r9,r7,r9
+        adde            r10,r8,r10
+        addze           r11,r11
+        $ST             r9,`12*$BNSZ`(r3)       #r[12]=c1;
+        
+                                                #sqr_add_c2(a,7,6,c2,c3,c1)
+        $LD             r5,`6*$BNSZ`(r4)
+        $UMULL          r7,r5,r6
+        $UMULH          r8,r5,r6
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r0
+        addc            r10,r7,r10
+        adde            r11,r8,r11
+        addze           r9,r9
+        $ST             r10,`13*$BNSZ`(r3)      #r[13]=c2;
+                                                #sqr_add_c(a,7,c3,c1,c2);
+        $UMULL          r7,r6,r6
+        $UMULH          r8,r6,r6
+        addc            r11,r7,r11
+        adde            r9,r8,r9
+        $ST             r11,`14*$BNSZ`(r3)      #r[14]=c3;
+        $ST             r9, `15*$BNSZ`(r3)      #r[15]=c1;
+
+
+        bclr    BO_ALWAYS,CR0_LT
+
+        .long   0x00000000
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_mul_comba4" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+
+.align  4
+.bn_mul_comba4:
+#
+# This is an optimized version of the bn_mul_comba4 routine.
+#
+# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+        xor     r0,r0,r0                #r0=0. Used in addze below.
+                                        #mul_add_c(a[0],b[0],c1,c2,c3);
+        $LD     r6,`0*$BNSZ`(r4)                
+        $LD     r7,`0*$BNSZ`(r5)                
+        $UMULL  r10,r6,r7               
+        $UMULH  r11,r6,r7               
+        $ST     r10,`0*$BNSZ`(r3)       #r[0]=c1
+                                        #mul_add_c(a[0],b[1],c2,c3,c1);
+        $LD     r7,`1*$BNSZ`(r5)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r8,r11
+        adde    r12,r9,r0
+        addze   r10,r0
+                                        #mul_add_c(a[1],b[0],c2,c3,c1);
+        $LD     r6, `1*$BNSZ`(r4)               
+        $LD     r7, `0*$BNSZ`(r5)               
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r8,r11
+        adde    r12,r9,r12
+        addze   r10,r10
+        $ST     r11,`1*$BNSZ`(r3)       #r[1]=c2
+                                        #mul_add_c(a[2],b[0],c3,c1,c2);
+        $LD     r6,`2*$BNSZ`(r4)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r8,r12
+        adde    r10,r9,r10
+        addze   r11,r0
+                                        #mul_add_c(a[1],b[1],c3,c1,c2);
+        $LD     r6,`1*$BNSZ`(r4)                
+        $LD     r7,`1*$BNSZ`(r5)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r8,r12
+        adde    r10,r9,r10
+        addze   r11,r11
+                                        #mul_add_c(a[0],b[2],c3,c1,c2);
+        $LD     r6,`0*$BNSZ`(r4)                
+        $LD     r7,`2*$BNSZ`(r5)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r8,r12
+        adde    r10,r9,r10
+        addze   r11,r11
+        $ST     r12,`2*$BNSZ`(r3)       #r[2]=c3
+                                        #mul_add_c(a[0],b[3],c1,c2,c3);
+        $LD     r7,`3*$BNSZ`(r5)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r8,r10
+        adde    r11,r9,r11
+        addze   r12,r0
+                                        #mul_add_c(a[1],b[2],c1,c2,c3);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r8,r10
+        adde    r11,r9,r11
+        addze   r12,r12
+                                        #mul_add_c(a[2],b[1],c1,c2,c3);
+        $LD     r6,`2*$BNSZ`(r4)
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r8,r10
+        adde    r11,r9,r11
+        addze   r12,r12
+                                        #mul_add_c(a[3],b[0],c1,c2,c3);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`0*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r8,r10
+        adde    r11,r9,r11
+        addze   r12,r12
+        $ST     r10,`3*$BNSZ`(r3)       #r[3]=c1
+                                        #mul_add_c(a[3],b[1],c2,c3,c1);
+        $LD     r7,`1*$BNSZ`(r5)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r8,r11
+        adde    r12,r9,r12
+        addze   r10,r0
+                                        #mul_add_c(a[2],b[2],c2,c3,c1);
+        $LD     r6,`2*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r8,r11
+        adde    r12,r9,r12
+        addze   r10,r10
+                                        #mul_add_c(a[1],b[3],c2,c3,c1);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r8,r11
+        adde    r12,r9,r12
+        addze   r10,r10
+        $ST     r11,`4*$BNSZ`(r3)       #r[4]=c2
+                                        #mul_add_c(a[2],b[3],c3,c1,c2);
+        $LD     r6,`2*$BNSZ`(r4)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r8,r12
+        adde    r10,r9,r10
+        addze   r11,r0
+                                        #mul_add_c(a[3],b[2],c3,c1,c2);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r4)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r8,r12
+        adde    r10,r9,r10
+        addze   r11,r11
+        $ST     r12,`5*$BNSZ`(r3)       #r[5]=c3
+                                        #mul_add_c(a[3],b[3],c1,c2,c3);
+        $LD     r7,`3*$BNSZ`(r5)                
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r8,r10
+        adde    r11,r9,r11
+
+        $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1
+        $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_mul_comba8" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+        
+.align  4
+.bn_mul_comba8:
+#
+# Optimized version of the bn_mul_comba8 routine.
+#
+# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+# r3 contains r
+# r4 contains a
+# r5 contains b
+# r6, r7 are the 2 BN_ULONGs being multiplied.
+# r8, r9 are the results of the 32x32 giving 64 multiply.
+# r10, r11, r12 are the equivalents of c1, c2, and c3.
+#
+        xor     r0,r0,r0                #r0=0. Used in addze below.
+        
+                                        #mul_add_c(a[0],b[0],c1,c2,c3);
+        $LD     r6,`0*$BNSZ`(r4)        #a[0]
+        $LD     r7,`0*$BNSZ`(r5)        #b[0]
+        $UMULL  r10,r6,r7
+        $UMULH  r11,r6,r7
+        $ST     r10,`0*$BNSZ`(r3)       #r[0]=c1;
+                                        #mul_add_c(a[0],b[1],c2,c3,c1);
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        addze   r12,r9                  # since we didnt set r12 to zero before.
+        addze   r10,r0
+                                        #mul_add_c(a[1],b[0],c2,c3,c1);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`0*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+        $ST     r11,`1*$BNSZ`(r3)       #r[1]=c2;
+                                        #mul_add_c(a[2],b[0],c3,c1,c2);
+        $LD     r6,`2*$BNSZ`(r4)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r0
+                                        #mul_add_c(a[1],b[1],c3,c1,c2);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[0],b[2],c3,c1,c2);
+        $LD     r6,`0*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+        $ST     r12,`2*$BNSZ`(r3)       #r[2]=c3;
+                                        #mul_add_c(a[0],b[3],c1,c2,c3);
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r0
+                                        #mul_add_c(a[1],b[2],c1,c2,c3);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                
+                                        #mul_add_c(a[2],b[1],c1,c2,c3);
+        $LD     r6,`2*$BNSZ`(r4)
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[3],b[0],c1,c2,c3);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`0*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+        $ST     r10,`3*$BNSZ`(r3)       #r[3]=c1;
+                                        #mul_add_c(a[4],b[0],c2,c3,c1);
+        $LD     r6,`4*$BNSZ`(r4)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r0
+                                        #mul_add_c(a[3],b[1],c2,c3,c1);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[2],b[2],c2,c3,c1);
+        $LD     r6,`2*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[1],b[3],c2,c3,c1);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[0],b[4],c2,c3,c1);
+        $LD     r6,`0*$BNSZ`(r4)
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+        $ST     r11,`4*$BNSZ`(r3)       #r[4]=c2;
+                                        #mul_add_c(a[0],b[5],c3,c1,c2);
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r0
+                                        #mul_add_c(a[1],b[4],c3,c1,c2);
+        $LD     r6,`1*$BNSZ`(r4)                
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[2],b[3],c3,c1,c2);
+        $LD     r6,`2*$BNSZ`(r4)                
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[3],b[2],c3,c1,c2);
+        $LD     r6,`3*$BNSZ`(r4)                
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[4],b[1],c3,c1,c2);
+        $LD     r6,`4*$BNSZ`(r4)                
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[5],b[0],c3,c1,c2);
+        $LD     r6,`5*$BNSZ`(r4)                
+        $LD     r7,`0*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+        $ST     r12,`5*$BNSZ`(r3)       #r[5]=c3;
+                                        #mul_add_c(a[6],b[0],c1,c2,c3);
+        $LD     r6,`6*$BNSZ`(r4)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r0
+                                        #mul_add_c(a[5],b[1],c1,c2,c3);
+        $LD     r6,`5*$BNSZ`(r4)
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[4],b[2],c1,c2,c3);
+        $LD     r6,`4*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[3],b[3],c1,c2,c3);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[2],b[4],c1,c2,c3);
+        $LD     r6,`2*$BNSZ`(r4)
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[1],b[5],c1,c2,c3);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[0],b[6],c1,c2,c3);
+        $LD     r6,`0*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+        $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1;
+                                        #mul_add_c(a[0],b[7],c2,c3,c1);
+        $LD     r7,`7*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r0
+                                        #mul_add_c(a[1],b[6],c2,c3,c1);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[2],b[5],c2,c3,c1);
+        $LD     r6,`2*$BNSZ`(r4)
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[3],b[4],c2,c3,c1);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[4],b[3],c2,c3,c1);
+        $LD     r6,`4*$BNSZ`(r4)
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[5],b[2],c2,c3,c1);
+        $LD     r6,`5*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[6],b[1],c2,c3,c1);
+        $LD     r6,`6*$BNSZ`(r4)
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[7],b[0],c2,c3,c1);
+        $LD     r6,`7*$BNSZ`(r4)
+        $LD     r7,`0*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+        $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2;
+                                        #mul_add_c(a[7],b[1],c3,c1,c2);
+        $LD     r7,`1*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r0
+                                        #mul_add_c(a[6],b[2],c3,c1,c2);
+        $LD     r6,`6*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[5],b[3],c3,c1,c2);
+        $LD     r6,`5*$BNSZ`(r4)
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[4],b[4],c3,c1,c2);
+        $LD     r6,`4*$BNSZ`(r4)
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[3],b[5],c3,c1,c2);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[2],b[6],c3,c1,c2);
+        $LD     r6,`2*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[1],b[7],c3,c1,c2);
+        $LD     r6,`1*$BNSZ`(r4)
+        $LD     r7,`7*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+        $ST     r12,`8*$BNSZ`(r3)       #r[8]=c3;
+                                        #mul_add_c(a[2],b[7],c1,c2,c3);
+        $LD     r6,`2*$BNSZ`(r4)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r0
+                                        #mul_add_c(a[3],b[6],c1,c2,c3);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[4],b[5],c1,c2,c3);
+        $LD     r6,`4*$BNSZ`(r4)
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[5],b[4],c1,c2,c3);
+        $LD     r6,`5*$BNSZ`(r4)
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[6],b[3],c1,c2,c3);
+        $LD     r6,`6*$BNSZ`(r4)
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[7],b[2],c1,c2,c3);
+        $LD     r6,`7*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+        $ST     r10,`9*$BNSZ`(r3)       #r[9]=c1;
+                                        #mul_add_c(a[7],b[3],c2,c3,c1);
+        $LD     r7,`3*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r0
+                                        #mul_add_c(a[6],b[4],c2,c3,c1);
+        $LD     r6,`6*$BNSZ`(r4)
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[5],b[5],c2,c3,c1);
+        $LD     r6,`5*$BNSZ`(r4)
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[4],b[6],c2,c3,c1);
+        $LD     r6,`4*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+                                        #mul_add_c(a[3],b[7],c2,c3,c1);
+        $LD     r6,`3*$BNSZ`(r4)
+        $LD     r7,`7*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+        $ST     r11,`10*$BNSZ`(r3)      #r[10]=c2;
+                                        #mul_add_c(a[4],b[7],c3,c1,c2);
+        $LD     r6,`4*$BNSZ`(r4)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r0
+                                        #mul_add_c(a[5],b[6],c3,c1,c2);
+        $LD     r6,`5*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[6],b[5],c3,c1,c2);
+        $LD     r6,`6*$BNSZ`(r4)
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+                                        #mul_add_c(a[7],b[4],c3,c1,c2);
+        $LD     r6,`7*$BNSZ`(r4)
+        $LD     r7,`4*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        addze   r11,r11
+        $ST     r12,`11*$BNSZ`(r3)      #r[11]=c3;
+                                        #mul_add_c(a[7],b[5],c1,c2,c3);
+        $LD     r7,`5*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r0
+                                        #mul_add_c(a[6],b[6],c1,c2,c3);
+        $LD     r6,`6*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+                                        #mul_add_c(a[5],b[7],c1,c2,c3);
+        $LD     r6,`5*$BNSZ`(r4)
+        $LD     r7,`7*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r10,r10,r8
+        adde    r11,r11,r9
+        addze   r12,r12
+        $ST     r10,`12*$BNSZ`(r3)      #r[12]=c1;
+                                        #mul_add_c(a[6],b[7],c2,c3,c1);
+        $LD     r6,`6*$BNSZ`(r4)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r0
+                                        #mul_add_c(a[7],b[6],c2,c3,c1);
+        $LD     r6,`7*$BNSZ`(r4)
+        $LD     r7,`6*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r11,r11,r8
+        adde    r12,r12,r9
+        addze   r10,r10
+        $ST     r11,`13*$BNSZ`(r3)      #r[13]=c2;
+                                        #mul_add_c(a[7],b[7],c3,c1,c2);
+        $LD     r7,`7*$BNSZ`(r5)
+        $UMULL  r8,r6,r7
+        $UMULH  r9,r6,r7
+        addc    r12,r12,r8
+        adde    r10,r10,r9
+        $ST     r12,`14*$BNSZ`(r3)      #r[14]=c3;
+        $ST     r10,`15*$BNSZ`(r3)      #r[15]=c1;
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_sub_words" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+#
+.align  4
+.bn_sub_words:
+#
+#       Handcoded version of bn_sub_words
+#
+#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+#       r3 = r
+#       r4 = a
+#       r5 = b
+#       r6 = n
+#
+#       Note:   No loop unrolling done since this is not a performance
+#               critical loop.
+
+        xor     r0,r0,r0        #set r0 = 0
+#
+#       check for r6 = 0 AND set carry bit.
+#
+        subfc.  r7,r0,r6        # If r6 is 0 then result is 0.
+                                # if r6 > 0 then result !=0
+                                # In either case carry bit is set.
+        bc      BO_IF,CR0_EQ,Lppcasm_sub_adios
+        addi    r4,r4,-$BNSZ
+        addi    r3,r3,-$BNSZ
+        addi    r5,r5,-$BNSZ
+        mtctr   r6
+Lppcasm_sub_mainloop:   
+        $LDU    r7,$BNSZ(r4)
+        $LDU    r8,$BNSZ(r5)
+        subfe   r6,r8,r7        # r6 = r7+carry bit + onescomplement(r8)
+                                # if carry = 1 this is r7-r8. Else it
+                                # is r7-r8 -1 as we need.
+        $STU    r6,$BNSZ(r3)
+        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
+Lppcasm_sub_adios:      
+        subfze  r3,r0           # if carry bit is set then r3 = 0 else -1
+        andi.   r3,r3,1         # keep only last bit.
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_add_words" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+
+.align  4
+.bn_add_words:
+#
+#       Handcoded version of bn_add_words
+#
+#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+#
+#       r3 = r
+#       r4 = a
+#       r5 = b
+#       r6 = n
+#
+#       Note:   No loop unrolling done since this is not a performance
+#               critical loop.
+
+        xor     r0,r0,r0
+#
+#       check for r6 = 0. Is this needed?
+#
+        addic.  r6,r6,0         #test r6 and clear carry bit.
+        bc      BO_IF,CR0_EQ,Lppcasm_add_adios
+        addi    r4,r4,-$BNSZ
+        addi    r3,r3,-$BNSZ
+        addi    r5,r5,-$BNSZ
+        mtctr   r6
+Lppcasm_add_mainloop:   
+        $LDU    r7,$BNSZ(r4)
+        $LDU    r8,$BNSZ(r5)
+        adde    r8,r7,r8
+        $STU    r8,$BNSZ(r3)
+        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
+Lppcasm_add_adios:      
+        addze   r3,r0                   #return carry bit.
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_div_words" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+
+.align  4
+.bn_div_words:
+#
+#       This is a cleaned up version of code generated by
+#       the AIX compiler. The only optimization is to use
+#       the PPC instruction to count leading zeros instead
+#       of call to num_bits_word. Since this was compiled
+#       only at level -O2 we can possibly squeeze it more?
+#       
+#       r3 = h
+#       r4 = l
+#       r5 = d
+        
+        $UCMPI  0,r5,0                  # compare r5 and 0
+        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div1   # proceed if d!=0
+        li      r3,-1                   # d=0 return -1
+        bclr    BO_ALWAYS,CR0_LT        
+Lppcasm_div1:
+        xor     r0,r0,r0                #r0=0
+        $COUNTZ r7,r5                   #r7 = num leading 0s in d.
+        subfic  r8,r7,$BITS             #r8 = BN_num_bits_word(d)
+        cmpi    0,0,r8,$BITS            #
+        bc      BO_IF,CR0_EQ,Lppcasm_div2       #proceed if (r8==$BITS) 
+        li      r9,1                    # r9=1
+        $SHL    r10,r9,r8               # r9<<=r8
+        $UCMP   0,r3,r10                #       
+        bc      BO_IF,CR0_GT,Lppcasm_div2       #or if (h > (1<<r8))
+        $UDIV   r3,r3,r0                #if not assert(0) divide by 0!
+                                        #that's how we signal overflow
+        bclr    BO_ALWAYS,CR0_LT        #return. NEVER REACHED.
+Lppcasm_div2:
+        $UCMP   0,r3,r5                 #h>=d?
+        bc      BO_IF,CR0_LT,Lppcasm_div3       #goto Lppcasm_div3 if not
+        subf    r3,r5,r3                #h-=d ; 
+Lppcasm_div3:                           #r7 = BN_BITS2-i. so r7=i
+        cmpi    0,0,r7,0                # is (i == 0)?
+        bc      BO_IF,CR0_EQ,Lppcasm_div4
+        $SHL    r3,r3,r7                # h = (h<< i)
+        $SHR    r8,r4,r8                # r8 = (l >> BN_BITS2 -i)
+        $SHL    r5,r5,r7                # d<<=i
+        or      r3,r3,r8                # h = (h<<i)|(l>>(BN_BITS2-i))
+        $SHL    r4,r4,r7                # l <<=i
+Lppcasm_div4:
+        $SHRI   r9,r5,`$BITS/2`         # r9 = dh
+                                        # dl will be computed when needed
+                                        # as it saves registers.
+        li      r6,2                    #r6=2
+        mtctr   r6                      #counter will be in count.
+Lppcasm_divouterloop: 
+        $SHRI   r8,r3,`$BITS/2`         #r8 = (h>>BN_BITS4)
+        $SHRI   r11,r4,`$BITS/2`        #r11= (l&BN_MASK2h)>>BN_BITS4
+                                        # compute here for innerloop.
+        $UCMP   0,r8,r9                 # is (h>>BN_BITS4)==dh
+        bc      BO_IF_NOT,CR0_EQ,Lppcasm_div5   # goto Lppcasm_div5 if not
+
+        li      r8,-1
+        $CLRU   r8,r8,`$BITS/2`         #q = BN_MASK2l 
+        b       Lppcasm_div6
+Lppcasm_div5:
+        $UDIV   r8,r3,r9                #q = h/dh
+Lppcasm_div6:
+        $UMULL  r12,r9,r8               #th = q*dh
+        $CLRU   r10,r5,`$BITS/2`        #r10=dl
+        $UMULL  r6,r8,r10               #tl = q*dl
+        
+Lppcasm_divinnerloop:
+        subf    r10,r12,r3              #t = h -th
+        $SHRI   r7,r10,`$BITS/2`        #r7= (t &BN_MASK2H), sort of...
+        addic.  r7,r7,0                 #test if r7 == 0. used below.
+                                        # now want to compute
+                                        # r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
+                                        # the following 2 instructions do that
+        $SHLI   r7,r10,`$BITS/2`        # r7 = (t<<BN_BITS4)
+        or      r7,r7,r11               # r7|=((l&BN_MASK2h)>>BN_BITS4)
+        $UCMP   1,r6,r7                 # compare (tl <= r7)
+        bc      BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
+        bc      BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
+        addi    r8,r8,-1                #q--
+        subf    r12,r9,r12              #th -=dh
+        $CLRU   r10,r5,`$BITS/2`        #r10=dl. t is no longer needed in loop.
+        subf    r6,r10,r6               #tl -=dl
+        b       Lppcasm_divinnerloop
+Lppcasm_divinnerexit:
+        $SHRI   r10,r6,`$BITS/2`        #t=(tl>>BN_BITS4)
+        $SHLI   r11,r6,`$BITS/2`        #tl=(tl<<BN_BITS4)&BN_MASK2h;
+        $UCMP   1,r4,r11                # compare l and tl
+        add     r12,r12,r10             # th+=t
+        bc      BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7
+        addi    r12,r12,1               # th++
+Lppcasm_div7:
+        subf    r11,r11,r4              #r11=l-tl
+        $UCMP   1,r3,r12                #compare h and th
+        bc      BO_IF_NOT,CR1_FX,Lppcasm_div8   #if (h>=th) goto Lppcasm_div8
+        addi    r8,r8,-1                # q--
+        add     r3,r5,r3                # h+=d
+Lppcasm_div8:
+        subf    r12,r12,r3              #r12 = h-th
+        $SHLI   r4,r11,`$BITS/2`        #l=(l&BN_MASK2l)<<BN_BITS4
+                                        # want to compute
+                                        # h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
+                                        # the following 2 instructions will do this.
+        $INSR   r11,r12,`$BITS/2`,`$BITS/2`     # r11 is the value we want rotated $BITS/2.
+        $ROTL   r3,r11,`$BITS/2`        # rotate by $BITS/2 and store in r3
+        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
+        $SHLI   r0,r8,`$BITS/2`         #ret =q<<BN_BITS4
+        b       Lppcasm_divouterloop
+Lppcasm_div9:
+        or      r3,r8,r0
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_sqr_words" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+.align  4
+.bn_sqr_words:
+#
+#       Optimized version of bn_sqr_words
+#
+#       void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+#
+#       r3 = r
+#       r4 = a
+#       r5 = n
+#
+#       r6 = a[i].
+#       r7,r8 = product.
+#
+#       No unrolling done here. Not performance critical.
+
+        addic.  r5,r5,0                 #test r5.
+        bc      BO_IF,CR0_EQ,Lppcasm_sqr_adios
+        addi    r4,r4,-$BNSZ
+        addi    r3,r3,-$BNSZ
+        mtctr   r5
+Lppcasm_sqr_mainloop:   
+                                        #sqr(r[0],r[1],a[0]);
+        $LDU    r6,$BNSZ(r4)
+        $UMULL  r7,r6,r6
+        $UMULH  r8,r6,r6
+        $STU    r7,$BNSZ(r3)
+        $STU    r8,$BNSZ(r3)
+        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
+Lppcasm_sqr_adios:      
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_mul_words" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+
+.align  4       
+.bn_mul_words:
+#
+# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+        xor     r0,r0,r0
+        xor     r12,r12,r12             # used for carry
+        rlwinm. r7,r5,30,2,31           # num >> 2
+        bc      BO_IF,CR0_EQ,Lppcasm_mw_REM
+        mtctr   r7
+Lppcasm_mw_LOOP:        
+                                        #mul(rp[0],ap[0],w,c1);
+        $LD     r8,`0*$BNSZ`(r4)
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        addc    r9,r9,r12
+        #addze  r10,r10                 #carry is NOT ignored.
+                                        #will be taken care of
+                                        #in second spin below
+                                        #using adde.
+        $ST     r9,`0*$BNSZ`(r3)
+                                        #mul(rp[1],ap[1],w,c1);
+        $LD     r8,`1*$BNSZ`(r4)        
+        $UMULL  r11,r6,r8
+        $UMULH  r12,r6,r8
+        adde    r11,r11,r10
+        #addze  r12,r12
+        $ST     r11,`1*$BNSZ`(r3)
+                                        #mul(rp[2],ap[2],w,c1);
+        $LD     r8,`2*$BNSZ`(r4)
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        adde    r9,r9,r12
+        #addze  r10,r10
+        $ST     r9,`2*$BNSZ`(r3)
+                                        #mul_add(rp[3],ap[3],w,c1);
+        $LD     r8,`3*$BNSZ`(r4)
+        $UMULL  r11,r6,r8
+        $UMULH  r12,r6,r8
+        adde    r11,r11,r10
+        addze   r12,r12                 #this spin we collect carry into
+                                        #r12
+        $ST     r11,`3*$BNSZ`(r3)
+        
+        addi    r3,r3,`4*$BNSZ`
+        addi    r4,r4,`4*$BNSZ`
+        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP
+
+Lppcasm_mw_REM:
+        andi.   r5,r5,0x3
+        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+                                        #mul(rp[0],ap[0],w,c1);
+        $LD     r8,`0*$BNSZ`(r4)
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        addc    r9,r9,r12
+        addze   r10,r10
+        $ST     r9,`0*$BNSZ`(r3)
+        addi    r12,r10,0
+        
+        addi    r5,r5,-1
+        cmpli   0,0,r5,0
+        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+
+        
+                                        #mul(rp[1],ap[1],w,c1);
+        $LD     r8,`1*$BNSZ`(r4)        
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        addc    r9,r9,r12
+        addze   r10,r10
+        $ST     r9,`1*$BNSZ`(r3)
+        addi    r12,r10,0
+        
+        addi    r5,r5,-1
+        cmpli   0,0,r5,0
+        bc      BO_IF,CR0_EQ,Lppcasm_mw_OVER
+        
+                                        #mul_add(rp[2],ap[2],w,c1);
+        $LD     r8,`2*$BNSZ`(r4)
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        addc    r9,r9,r12
+        addze   r10,r10
+        $ST     r9,`2*$BNSZ`(r3)
+        addi    r12,r10,0
+                
+Lppcasm_mw_OVER:        
+        addi    r3,r12,0
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+
+#
+#       NOTE:   The following label name should be changed to
+#               "bn_mul_add_words" i.e. remove the first dot
+#               for the gcc compiler. This should be automatically
+#               done in the build
+#
+
+.align  4
+.bn_mul_add_words:
+#
+# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+#
+# r3 = rp
+# r4 = ap
+# r5 = num
+# r6 = w
+#
+# empirical evidence suggests that unrolled version performs best!!
+#
+        xor     r0,r0,r0                #r0 = 0
+        xor     r12,r12,r12             #r12 = 0 . used for carry               
+        rlwinm. r7,r5,30,2,31           # num >> 2
+        bc      BO_IF,CR0_EQ,Lppcasm_maw_leftover       # if (num < 4) go LPPCASM_maw_leftover
+        mtctr   r7
+Lppcasm_maw_mainloop:   
+                                        #mul_add(rp[0],ap[0],w,c1);
+        $LD     r8,`0*$BNSZ`(r4)
+        $LD     r11,`0*$BNSZ`(r3)
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        addc    r9,r9,r12               #r12 is carry.
+        addze   r10,r10
+        addc    r9,r9,r11
+        #addze  r10,r10
+                                        #the above instruction addze
+                                        #is NOT needed. Carry will NOT
+                                        #be ignored. It's not affected
+                                        #by multiply and will be collected
+                                        #in the next spin
+        $ST     r9,`0*$BNSZ`(r3)
+        
+                                        #mul_add(rp[1],ap[1],w,c1);
+        $LD     r8,`1*$BNSZ`(r4)        
+        $LD     r9,`1*$BNSZ`(r3)
+        $UMULL  r11,r6,r8
+        $UMULH  r12,r6,r8
+        adde    r11,r11,r10             #r10 is carry.
+        addze   r12,r12
+        addc    r11,r11,r9
+        #addze  r12,r12
+        $ST     r11,`1*$BNSZ`(r3)
+        
+                                        #mul_add(rp[2],ap[2],w,c1);
+        $LD     r8,`2*$BNSZ`(r4)
+        $UMULL  r9,r6,r8
+        $LD     r11,`2*$BNSZ`(r3)
+        $UMULH  r10,r6,r8
+        adde    r9,r9,r12
+        addze   r10,r10
+        addc    r9,r9,r11
+        #addze  r10,r10
+        $ST     r9,`2*$BNSZ`(r3)
+        
+                                        #mul_add(rp[3],ap[3],w,c1);
+        $LD     r8,`3*$BNSZ`(r4)
+        $UMULL  r11,r6,r8
+        $LD     r9,`3*$BNSZ`(r3)
+        $UMULH  r12,r6,r8
+        adde    r11,r11,r10
+        addze   r12,r12
+        addc    r11,r11,r9
+        addze   r12,r12
+        $ST     r11,`3*$BNSZ`(r3)
+        addi    r3,r3,`4*$BNSZ`
+        addi    r4,r4,`4*$BNSZ`
+        bc      BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop
+        
+Lppcasm_maw_leftover:
+        andi.   r5,r5,0x3
+        bc      BO_IF,CR0_EQ,Lppcasm_maw_adios
+        addi    r3,r3,-$BNSZ
+        addi    r4,r4,-$BNSZ
+                                        #mul_add(rp[0],ap[0],w,c1);
+        mtctr   r5
+        $LDU    r8,$BNSZ(r4)
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        $LDU    r11,$BNSZ(r3)
+        addc    r9,r9,r11
+        addze   r10,r10
+        addc    r9,r9,r12
+        addze   r12,r10
+        $ST     r9,0(r3)
+        
+        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+                                        #mul_add(rp[1],ap[1],w,c1);
+        $LDU    r8,$BNSZ(r4)    
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        $LDU    r11,$BNSZ(r3)
+        addc    r9,r9,r11
+        addze   r10,r10
+        addc    r9,r9,r12
+        addze   r12,r10
+        $ST     r9,0(r3)
+        
+        bc      BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
+                                        #mul_add(rp[2],ap[2],w,c1);
+        $LDU    r8,$BNSZ(r4)
+        $UMULL  r9,r6,r8
+        $UMULH  r10,r6,r8
+        $LDU    r11,$BNSZ(r3)
+        addc    r9,r9,r11
+        addze   r10,r10
+        addc    r9,r9,r12
+        addze   r12,r10
+        $ST     r9,0(r3)
+                
+Lppcasm_maw_adios:      
+        addi    r3,r12,0
+        bclr    BO_ALWAYS,CR0_LT
+        .long   0x00000000
+        .align  4
+EOF
+        $data =~ s/\`([^\`]*)\`/eval $1/gem;
+
+        # if some assembler chokes on some simplified mnemonic,
+        # this is the spot to fix it up, e.g.:
+        # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare
+        $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;
+        # assembler X doesn't accept li, load immediate value
+        #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;
+        return($data);
+}
diff --git a/src/lib/libcrypto/bn/asm/sparcv8.S b/src/lib/libcrypto/bn/asm/sparcv8.S
new file mode 100644
index 0000000000..88c5dc480a
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/sparcv8.S
@@ -0,0 +1,1458 @@
+.ident  "sparcv8.s, Version 1.4"
+.ident  "SPARC v8 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * See bn_asm.sparc.v8plus.S for more details.
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.1  - new loop unrolling model(*);
+ * 1.2  - made gas friendly;
+ * 1.3  - fixed problem with /usr/ccs/lib/cpp;
+ * 1.4  - some retunes;
+ *
+ * (*)  see bn_asm.sparc.v8plus.S for details
+ */
+
+.section        ".text",#alloc,#execinstr
+.file           "bn_asm.sparc.v8.S"
+
+.align  32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+        cmp     %o2,0
+        bg,a    .L_bn_mul_add_words_proceed
+        ld      [%o1],%g2
+        retl
+        clr     %o0
+
+.L_bn_mul_add_words_proceed:
+        andcc   %o2,-4,%g0
+        bz      .L_bn_mul_add_words_tail
+        clr     %o5
+
+.L_bn_mul_add_words_loop:
+        ld      [%o0],%o4
+        ld      [%o1+4],%g3
+        umul    %o3,%g2,%g2
+        rd      %y,%g1
+        addcc   %o4,%o5,%o4
+        addx    %g1,0,%g1
+        addcc   %o4,%g2,%o4
+        st      %o4,[%o0]
+        addx    %g1,0,%o5
+
+        ld      [%o0+4],%o4
+        ld      [%o1+8],%g2
+        umul    %o3,%g3,%g3
+        dec     4,%o2
+        rd      %y,%g1
+        addcc   %o4,%o5,%o4
+        addx    %g1,0,%g1
+        addcc   %o4,%g3,%o4
+        st      %o4,[%o0+4]
+        addx    %g1,0,%o5
+
+        ld      [%o0+8],%o4
+        ld      [%o1+12],%g3
+        umul    %o3,%g2,%g2
+        inc     16,%o1
+        rd      %y,%g1
+        addcc   %o4,%o5,%o4
+        addx    %g1,0,%g1
+        addcc   %o4,%g2,%o4
+        st      %o4,[%o0+8]
+        addx    %g1,0,%o5
+
+        ld      [%o0+12],%o4
+        umul    %o3,%g3,%g3
+        inc     16,%o0
+        rd      %y,%g1
+        addcc   %o4,%o5,%o4
+        addx    %g1,0,%g1
+        addcc   %o4,%g3,%o4
+        st      %o4,[%o0-4]
+        addx    %g1,0,%o5
+        andcc   %o2,-4,%g0
+        bnz,a   .L_bn_mul_add_words_loop
+        ld      [%o1],%g2
+
+        tst     %o2
+        bnz,a   .L_bn_mul_add_words_tail
+        ld      [%o1],%g2
+.L_bn_mul_add_words_return:
+        retl
+        mov     %o5,%o0
+        nop
+
+.L_bn_mul_add_words_tail:
+        ld      [%o0],%o4
+        umul    %o3,%g2,%g2
+        addcc   %o4,%o5,%o4
+        rd      %y,%g1
+        addx    %g1,0,%g1
+        addcc   %o4,%g2,%o4
+        addx    %g1,0,%o5
+        deccc   %o2
+        bz      .L_bn_mul_add_words_return
+        st      %o4,[%o0]
+
+        ld      [%o1+4],%g2
+        ld      [%o0+4],%o4
+        umul    %o3,%g2,%g2
+        rd      %y,%g1
+        addcc   %o4,%o5,%o4
+        addx    %g1,0,%g1
+        addcc   %o4,%g2,%o4
+        addx    %g1,0,%o5
+        deccc   %o2
+        bz      .L_bn_mul_add_words_return
+        st      %o4,[%o0+4]
+
+        ld      [%o1+8],%g2
+        ld      [%o0+8],%o4
+        umul    %o3,%g2,%g2
+        rd      %y,%g1
+        addcc   %o4,%o5,%o4
+        addx    %g1,0,%g1
+        addcc   %o4,%g2,%o4
+        st      %o4,[%o0+8]
+        retl
+        addx    %g1,0,%o0
+
+.type   bn_mul_add_words,#function
+.size   bn_mul_add_words,(.-bn_mul_add_words)
+
+.align  32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+        cmp     %o2,0
+        bg,a    .L_bn_mul_words_proceeed
+        ld      [%o1],%g2
+        retl
+        clr     %o0
+
+.L_bn_mul_words_proceeed:
+        andcc   %o2,-4,%g0
+        bz      .L_bn_mul_words_tail
+        clr     %o5
+
+.L_bn_mul_words_loop:
+        ld      [%o1+4],%g3
+        umul    %o3,%g2,%g2
+        addcc   %g2,%o5,%g2
+        rd      %y,%g1
+        addx    %g1,0,%o5
+        st      %g2,[%o0]
+
+        ld      [%o1+8],%g2
+        umul    %o3,%g3,%g3
+        addcc   %g3,%o5,%g3
+        rd      %y,%g1
+        dec     4,%o2
+        addx    %g1,0,%o5
+        st      %g3,[%o0+4]
+
+        ld      [%o1+12],%g3
+        umul    %o3,%g2,%g2
+        addcc   %g2,%o5,%g2
+        rd      %y,%g1
+        inc     16,%o1
+        st      %g2,[%o0+8]
+        addx    %g1,0,%o5
+
+        umul    %o3,%g3,%g3
+        addcc   %g3,%o5,%g3
+        rd      %y,%g1
+        inc     16,%o0
+        addx    %g1,0,%o5
+        st      %g3,[%o0-4]
+        andcc   %o2,-4,%g0
+        nop
+        bnz,a   .L_bn_mul_words_loop
+        ld      [%o1],%g2
+
+        tst     %o2
+        bnz,a   .L_bn_mul_words_tail
+        ld      [%o1],%g2
+.L_bn_mul_words_return:
+        retl
+        mov     %o5,%o0
+        nop
+
+.L_bn_mul_words_tail:
+        umul    %o3,%g2,%g2
+        addcc   %g2,%o5,%g2
+        rd      %y,%g1
+        addx    %g1,0,%o5
+        deccc   %o2
+        bz      .L_bn_mul_words_return
+        st      %g2,[%o0]
+        nop
+
+        ld      [%o1+4],%g2
+        umul    %o3,%g2,%g2
+        addcc   %g2,%o5,%g2
+        rd      %y,%g1
+        addx    %g1,0,%o5
+        deccc   %o2
+        bz      .L_bn_mul_words_return
+        st      %g2,[%o0+4]
+
+        ld      [%o1+8],%g2
+        umul    %o3,%g2,%g2
+        addcc   %g2,%o5,%g2
+        rd      %y,%g1
+        st      %g2,[%o0+8]
+        retl
+        addx    %g1,0,%o0
+
+.type   bn_mul_words,#function
+.size   bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+        cmp     %o2,0
+        bg,a    .L_bn_sqr_words_proceeed
+        ld      [%o1],%g2
+        retl
+        clr     %o0
+
+.L_bn_sqr_words_proceeed:
+        andcc   %o2,-4,%g0
+        bz      .L_bn_sqr_words_tail
+        clr     %o5
+
+.L_bn_sqr_words_loop:
+        ld      [%o1+4],%g3
+        umul    %g2,%g2,%o4
+        st      %o4,[%o0]
+        rd      %y,%o5
+        st      %o5,[%o0+4]
+
+        ld      [%o1+8],%g2
+        umul    %g3,%g3,%o4
+        dec     4,%o2
+        st      %o4,[%o0+8]
+        rd      %y,%o5
+        st      %o5,[%o0+12]
+        nop
+
+        ld      [%o1+12],%g3
+        umul    %g2,%g2,%o4
+        st      %o4,[%o0+16]
+        rd      %y,%o5
+        inc     16,%o1
+        st      %o5,[%o0+20]
+
+        umul    %g3,%g3,%o4
+        inc     32,%o0
+        st      %o4,[%o0-8]
+        rd      %y,%o5
+        st      %o5,[%o0-4]
+        andcc   %o2,-4,%g2
+        bnz,a   .L_bn_sqr_words_loop
+        ld      [%o1],%g2
+
+        tst     %o2
+        nop
+        bnz,a   .L_bn_sqr_words_tail
+        ld      [%o1],%g2
+.L_bn_sqr_words_return:
+        retl
+        clr     %o0
+
+.L_bn_sqr_words_tail:
+        umul    %g2,%g2,%o4
+        st      %o4,[%o0]
+        deccc   %o2
+        rd      %y,%o5
+        bz      .L_bn_sqr_words_return
+        st      %o5,[%o0+4]
+
+        ld      [%o1+4],%g2
+        umul    %g2,%g2,%o4
+        st      %o4,[%o0+8]
+        deccc   %o2
+        rd      %y,%o5
+        nop
+        bz      .L_bn_sqr_words_return
+        st      %o5,[%o0+12]
+
+        ld      [%o1+8],%g2
+        umul    %g2,%g2,%o4
+        st      %o4,[%o0+16]
+        rd      %y,%o5
+        st      %o5,[%o0+20]
+        retl
+        clr     %o0
+
+.type   bn_sqr_words,#function
+.size   bn_sqr_words,(.-bn_sqr_words)
+
+.align  32
+
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+        wr      %o0,%y
+        udiv    %o1,%o2,%o0
+        retl
+        nop
+
+.type   bn_div_words,#function
+.size   bn_div_words,(.-bn_div_words)
+
+.align  32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+        cmp     %o3,0
+        bg,a    .L_bn_add_words_proceed
+        ld      [%o1],%o4
+        retl
+        clr     %o0
+
+.L_bn_add_words_proceed:
+        andcc   %o3,-4,%g0
+        bz      .L_bn_add_words_tail
+        clr     %g1
+        ba      .L_bn_add_words_warn_loop
+        addcc   %g0,0,%g0       ! clear carry flag
+
+.L_bn_add_words_loop:
+        ld      [%o1],%o4
+.L_bn_add_words_warn_loop:
+        ld      [%o2],%o5
+        ld      [%o1+4],%g3
+        ld      [%o2+4],%g4
+        dec     4,%o3
+        addxcc  %o5,%o4,%o5
+        st      %o5,[%o0]
+
+        ld      [%o1+8],%o4
+        ld      [%o2+8],%o5
+        inc     16,%o1
+        addxcc  %g3,%g4,%g3
+        st      %g3,[%o0+4]
+        
+        ld      [%o1-4],%g3
+        ld      [%o2+12],%g4
+        inc     16,%o2
+        addxcc  %o5,%o4,%o5
+        st      %o5,[%o0+8]
+
+        inc     16,%o0
+        addxcc  %g3,%g4,%g3
+        st      %g3,[%o0-4]
+        addx    %g0,0,%g1
+        andcc   %o3,-4,%g0
+        bnz,a   .L_bn_add_words_loop
+        addcc   %g1,-1,%g0
+
+        tst     %o3
+        bnz,a   .L_bn_add_words_tail
+        ld      [%o1],%o4
+.L_bn_add_words_return:
+        retl
+        mov     %g1,%o0
+
+.L_bn_add_words_tail:
+        addcc   %g1,-1,%g0
+        ld      [%o2],%o5
+        addxcc  %o5,%o4,%o5
+        addx    %g0,0,%g1
+        deccc   %o3
+        bz      .L_bn_add_words_return
+        st      %o5,[%o0]
+
+        ld      [%o1+4],%o4
+        addcc   %g1,-1,%g0
+        ld      [%o2+4],%o5
+        addxcc  %o5,%o4,%o5
+        addx    %g0,0,%g1
+        deccc   %o3
+        bz      .L_bn_add_words_return
+        st      %o5,[%o0+4]
+
+        ld      [%o1+8],%o4
+        addcc   %g1,-1,%g0
+        ld      [%o2+8],%o5
+        addxcc  %o5,%o4,%o5
+        st      %o5,[%o0+8]
+        retl
+        addx    %g0,0,%o0
+
+.type   bn_add_words,#function
+.size   bn_add_words,(.-bn_add_words)
+
+.align  32
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+        cmp     %o3,0
+        bg,a    .L_bn_sub_words_proceed
+        ld      [%o1],%o4
+        retl
+        clr     %o0
+
+.L_bn_sub_words_proceed:
+        andcc   %o3,-4,%g0
+        bz      .L_bn_sub_words_tail
+        clr     %g1
+        ba      .L_bn_sub_words_warm_loop
+        addcc   %g0,0,%g0       ! clear carry flag
+
+.L_bn_sub_words_loop:
+        ld      [%o1],%o4
+.L_bn_sub_words_warm_loop:
+        ld      [%o2],%o5
+        ld      [%o1+4],%g3
+        ld      [%o2+4],%g4
+        dec     4,%o3
+        subxcc  %o4,%o5,%o5
+        st      %o5,[%o0]
+
+        ld      [%o1+8],%o4
+        ld      [%o2+8],%o5
+        inc     16,%o1
+        subxcc  %g3,%g4,%g4
+        st      %g4,[%o0+4]
+        
+        ld      [%o1-4],%g3
+        ld      [%o2+12],%g4
+        inc     16,%o2
+        subxcc  %o4,%o5,%o5
+        st      %o5,[%o0+8]
+
+        inc     16,%o0
+        subxcc  %g3,%g4,%g4
+        st      %g4,[%o0-4]
+        addx    %g0,0,%g1
+        andcc   %o3,-4,%g0
+        bnz,a   .L_bn_sub_words_loop
+        addcc   %g1,-1,%g0
+
+        tst     %o3
+        nop
+        bnz,a   .L_bn_sub_words_tail
+        ld      [%o1],%o4
+.L_bn_sub_words_return:
+        retl
+        mov     %g1,%o0
+
+.L_bn_sub_words_tail:
+        addcc   %g1,-1,%g0
+        ld      [%o2],%o5
+        subxcc  %o4,%o5,%o5
+        addx    %g0,0,%g1
+        deccc   %o3
+        bz      .L_bn_sub_words_return
+        st      %o5,[%o0]
+        nop
+
+        ld      [%o1+4],%o4
+        addcc   %g1,-1,%g0
+        ld      [%o2+4],%o5
+        subxcc  %o4,%o5,%o5
+        addx    %g0,0,%g1
+        deccc   %o3
+        bz      .L_bn_sub_words_return
+        st      %o5,[%o0+4]
+
+        ld      [%o1+8],%o4
+        addcc   %g1,-1,%g0
+        ld      [%o2+8],%o5
+        subxcc  %o4,%o5,%o5
+        st      %o5,[%o0+8]
+        retl
+        addx    %g0,0,%o0
+
+.type   bn_sub_words,#function
+.size   bn_sub_words,(.-bn_sub_words)
+
+#define FRAME_SIZE      -96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1     %o0
+#define t_2     %o1
+#define c_1     %o2
+#define c_2     %o3
+#define c_3     %o4
+
+#define ap(I)   [%i1+4*I]
+#define bp(I)   [%i2+4*I]
+#define rp(I)   [%i0+4*I]
+
+#define a_0     %l0
+#define a_1     %l1
+#define a_2     %l2
+#define a_3     %l3
+#define a_4     %l4
+#define a_5     %l5
+#define a_6     %l6
+#define a_7     %l7
+
+#define b_0     %i3
+#define b_1     %i4
+#define b_2     %i5
+#define b_3     %o5
+#define b_4     %g1
+#define b_5     %g2
+#define b_6     %g3
+#define b_7     %g4
+
+.align  32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+        save    %sp,FRAME_SIZE,%sp
+        ld      ap(0),a_0
+        ld      bp(0),b_0
+        umul    a_0,b_0,c_1     !=!mul_add_c(a[0],b[0],c1,c2,c3);
+        ld      bp(1),b_1
+        rd      %y,c_2
+        st      c_1,rp(0)       !r[0]=c1;
+
+        umul    a_0,b_1,t_1     !=!mul_add_c(a[0],b[1],c2,c3,c1);
+        ld      ap(1),a_1
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  %g0,t_2,c_3     !=
+        addx    %g0,%g0,c_1
+        ld      ap(2),a_2
+        umul    a_1,b_0,t_1     !mul_add_c(a[1],b[0],c2,c3,c1);
+        addcc   c_2,t_1,c_2     !=
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        st      c_2,rp(1)       !r[1]=c2;
+        addx    c_1,%g0,c_1     !=
+
+        umul    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    %g0,%g0,c_2
+        ld      bp(2),b_2
+        umul    a_1,b_1,t_1     !mul_add_c(a[1],b[1],c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        ld      bp(3),b_3
+        addx    c_2,%g0,c_2     !=
+        umul    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        st      c_3,rp(2)       !r[2]=c3;
+
+        umul    a_0,b_3,t_1     !mul_add_c(a[0],b[3],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    %g0,%g0,c_3
+        umul    a_1,b_2,t_1     !=!mul_add_c(a[1],b[2],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        ld      ap(3),a_3
+        umul    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2          !=
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        ld      ap(4),a_4
+        umul    a_3,b_0,t_1     !mul_add_c(a[3],b[0],c1,c2,c3);!=
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        st      c_1,rp(3)       !r[3]=c1;
+
+        umul    a_4,b_0,t_1     !mul_add_c(a[4],b[0],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        umul    a_3,b_1,t_1     !mul_add_c(a[3],b[1],c2,c3,c1);
+        addcc   c_2,t_1,c_2     !=
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        umul    a_2,b_2,t_1     !=!mul_add_c(a[2],b[2],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        ld      bp(4),b_4
+        umul    a_1,b_3,t_1     !mul_add_c(a[1],b[3],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        ld      bp(5),b_5
+        umul    a_0,b_4,t_1     !=!mul_add_c(a[0],b[4],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        st      c_2,rp(4)       !r[4]=c2;
+
+        umul    a_0,b_5,t_1     !mul_add_c(a[0],b[5],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2
+        umul    a_1,b_4,t_1     !mul_add_c(a[1],b[4],c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_2,b_3,t_1     !=!mul_add_c(a[2],b[3],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        umul    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        ld      ap(5),a_5
+        umul    a_4,b_1,t_1     !mul_add_c(a[4],b[1],c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        ld      ap(6),a_6
+        addx    c_2,%g0,c_2     !=
+        umul    a_5,b_0,t_1     !mul_add_c(a[5],b[0],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        st      c_3,rp(5)       !r[5]=c3;
+
+        umul    a_6,b_0,t_1     !mul_add_c(a[6],b[0],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    %g0,%g0,c_3
+        umul    a_5,b_1,t_1     !=!mul_add_c(a[5],b[1],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        umul    a_4,b_2,t_1     !mul_add_c(a[4],b[2],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        umul    a_3,b_3,t_1     !mul_add_c(a[3],b[3],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2          !=
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        umul    a_2,b_4,t_1     !mul_add_c(a[2],b[4],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        ld      bp(6),b_6
+        addx    c_3,%g0,c_3     !=
+        umul    a_1,b_5,t_1     !mul_add_c(a[1],b[5],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        ld      bp(7),b_7
+        umul    a_0,b_6,t_1     !mul_add_c(a[0],b[6],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        st      c_1,rp(6)       !r[6]=c1;
+        addx    c_3,%g0,c_3     !=
+
+        umul    a_0,b_7,t_1     !mul_add_c(a[0],b[7],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    %g0,%g0,c_1
+        umul    a_1,b_6,t_1     !mul_add_c(a[1],b[6],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        umul    a_2,b_5,t_1     !mul_add_c(a[2],b[5],c2,c3,c1);
+        addcc   c_2,t_1,c_2     !=
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        umul    a_3,b_4,t_1     !=!mul_add_c(a[3],b[4],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        umul    a_4,b_3,t_1     !mul_add_c(a[4],b[3],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_5,b_2,t_1     !mul_add_c(a[5],b[2],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        ld      ap(7),a_7
+        umul    a_6,b_1,t_1     !=!mul_add_c(a[6],b[1],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        umul    a_7,b_0,t_1     !mul_add_c(a[7],b[0],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        st      c_2,rp(7)       !r[7]=c2;
+
+        umul    a_7,b_1,t_1     !mul_add_c(a[7],b[1],c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2
+        umul    a_6,b_2,t_1     !=!mul_add_c(a[6],b[2],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        umul    a_5,b_3,t_1     !mul_add_c(a[5],b[3],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        umul    a_4,b_4,t_1     !mul_add_c(a[4],b[4],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_3,b_5,t_1     !mul_add_c(a[3],b[5],c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_2,b_6,t_1     !=!mul_add_c(a[2],b[6],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        umul    a_1,b_7,t_1     !mul_add_c(a[1],b[7],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !
+        addx    c_2,%g0,c_2
+        st      c_3,rp(8)       !r[8]=c3;
+
+        umul    a_2,b_7,t_1     !mul_add_c(a[2],b[7],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    %g0,%g0,c_3
+        umul    a_3,b_6,t_1     !=!mul_add_c(a[3],b[6],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        umul    a_4,b_5,t_1     !mul_add_c(a[4],b[5],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        umul    a_5,b_4,t_1     !mul_add_c(a[5],b[4],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2          !=
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        umul    a_6,b_3,t_1     !mul_add_c(a[6],b[3],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        umul    a_7,b_2,t_1     !=!mul_add_c(a[7],b[2],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        st      c_1,rp(9)       !r[9]=c1;
+
+        umul    a_7,b_3,t_1     !mul_add_c(a[7],b[3],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        umul    a_6,b_4,t_1     !mul_add_c(a[6],b[4],c2,c3,c1);
+        addcc   c_2,t_1,c_2     !=
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        umul    a_5,b_5,t_1     !=!mul_add_c(a[5],b[5],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        umul    a_4,b_6,t_1     !mul_add_c(a[4],b[6],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_3,b_7,t_1     !mul_add_c(a[3],b[7],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        st      c_2,rp(10)      !r[10]=c2;
+
+        umul    a_4,b_7,t_1     !=!mul_add_c(a[4],b[7],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2     !=
+        umul    a_5,b_6,t_1     !mul_add_c(a[5],b[6],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        umul    a_6,b_5,t_1     !mul_add_c(a[6],b[5],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_7,b_4,t_1     !mul_add_c(a[7],b[4],c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        st      c_3,rp(11)      !r[11]=c3;
+        addx    c_2,%g0,c_2     !=
+
+        umul    a_7,b_5,t_1     !mul_add_c(a[7],b[5],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    %g0,%g0,c_3
+        umul    a_6,b_6,t_1     !mul_add_c(a[6],b[6],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2          !=
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        umul    a_5,b_7,t_1     !mul_add_c(a[5],b[7],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        st      c_1,rp(12)      !r[12]=c1;
+        addx    c_3,%g0,c_3     !=
+
+        umul    a_6,b_7,t_1     !mul_add_c(a[6],b[7],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    %g0,%g0,c_1
+        umul    a_7,b_6,t_1     !mul_add_c(a[7],b[6],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        st      c_2,rp(13)      !r[13]=c2;
+
+        umul    a_7,b_7,t_1     !=!mul_add_c(a[7],b[7],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        nop                     !=
+        st      c_3,rp(14)      !r[14]=c3;
+        st      c_1,rp(15)      !r[15]=c1;
+
+        ret
+        restore %g0,%g0,%o0
+
+.type   bn_mul_comba8,#function
+.size   bn_mul_comba8,(.-bn_mul_comba8)
+
+.align  32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+        save    %sp,FRAME_SIZE,%sp
+        ld      ap(0),a_0
+        ld      bp(0),b_0
+        umul    a_0,b_0,c_1     !=!mul_add_c(a[0],b[0],c1,c2,c3);
+        ld      bp(1),b_1
+        rd      %y,c_2
+        st      c_1,rp(0)       !r[0]=c1;
+
+        umul    a_0,b_1,t_1     !=!mul_add_c(a[0],b[1],c2,c3,c1);
+        ld      ap(1),a_1
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  %g0,t_2,c_3
+        addx    %g0,%g0,c_1
+        ld      ap(2),a_2
+        umul    a_1,b_0,t_1     !=!mul_add_c(a[1],b[0],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        st      c_2,rp(1)       !r[1]=c2;
+
+        umul    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2
+        ld      bp(2),b_2
+        umul    a_1,b_1,t_1     !=!mul_add_c(a[1],b[1],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        ld      bp(3),b_3
+        umul    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        st      c_3,rp(2)       !r[2]=c3;
+
+        umul    a_0,b_3,t_1     !=!mul_add_c(a[0],b[3],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    %g0,%g0,c_3     !=
+        umul    a_1,b_2,t_1     !mul_add_c(a[1],b[2],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        ld      ap(3),a_3
+        umul    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        umul    a_3,b_0,t_1     !=!mul_add_c(a[3],b[0],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        st      c_1,rp(3)       !r[3]=c1;
+
+        umul    a_3,b_1,t_1     !mul_add_c(a[3],b[1],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        umul    a_2,b_2,t_1     !mul_add_c(a[2],b[2],c2,c3,c1);
+        addcc   c_2,t_1,c_2     !=
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        umul    a_1,b_3,t_1     !=!mul_add_c(a[1],b[3],c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        st      c_2,rp(4)       !r[4]=c2;
+
+        umul    a_2,b_3,t_1     !mul_add_c(a[2],b[3],c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2
+        umul    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        st      c_3,rp(5)       !r[5]=c3;
+        addx    c_2,%g0,c_2     !=
+
+        umul    a_3,b_3,t_1     !mul_add_c(a[3],b[3],c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        st      c_1,rp(6)       !r[6]=c1;
+        st      c_2,rp(7)       !r[7]=c2;
+        
+        ret
+        restore %g0,%g0,%o0
+
+.type   bn_mul_comba4,#function
+.size   bn_mul_comba4,(.-bn_mul_comba4)
+
+.align  32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+        save    %sp,FRAME_SIZE,%sp
+        ld      ap(0),a_0
+        ld      ap(1),a_1
+        umul    a_0,a_0,c_1     !=!sqr_add_c(a,0,c1,c2,c3);
+        rd      %y,c_2
+        st      c_1,rp(0)       !r[0]=c1;
+
+        ld      ap(2),a_2
+        umul    a_0,a_1,t_1     !=!sqr_add_c2(a,1,0,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  %g0,t_2,c_3
+        addx    %g0,%g0,c_1     !=
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3
+        st      c_2,rp(1)       !r[1]=c2;
+        addx    c_1,%g0,c_1     !=
+
+        umul    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    %g0,%g0,c_2
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        ld      ap(3),a_3
+        umul    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        st      c_3,rp(2)       !r[2]=c3;
+
+        umul    a_0,a_3,t_1     !=!sqr_add_c2(a,3,0,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    %g0,%g0,c_3     !=
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        ld      ap(4),a_4
+        addx    c_3,%g0,c_3     !=
+        umul    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        st      c_1,rp(3)       !r[3]=c1;
+
+        umul    a_4,a_0,t_1     !sqr_add_c2(a,4,0,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        ld      ap(5),a_5
+        umul    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
+        addcc   c_2,t_1,c_2     !=
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        st      c_2,rp(4)       !r[4]=c2;
+        addx    c_1,%g0,c_1     !=
+
+        umul    a_0,a_5,t_1     !sqr_add_c2(a,5,0,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    %g0,%g0,c_2
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        umul    a_1,a_4,t_1     !sqr_add_c2(a,4,1,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        ld      ap(6),a_6
+        umul    a_2,a_3,t_1     !sqr_add_c2(a,3,2,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        st      c_3,rp(5)       !r[5]=c3;
+
+        umul    a_6,a_0,t_1     !sqr_add_c2(a,6,0,c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    %g0,%g0,c_3
+        addcc   c_1,t_1,c_1     !=
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        umul    a_5,a_1,t_1     !sqr_add_c2(a,5,1,c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        addcc   c_1,t_1,c_1     !=
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        umul    a_4,a_2,t_1     !sqr_add_c2(a,4,2,c1,c2,c3);
+        addcc   c_1,t_1,c_1     !=
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        addcc   c_1,t_1,c_1     !=
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3
+        ld      ap(7),a_7
+        umul    a_3,a_3,t_1     !=!sqr_add_c(a,3,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        st      c_1,rp(6)       !r[6]=c1;
+
+        umul    a_0,a_7,t_1     !sqr_add_c2(a,7,0,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_1,a_6,t_1     !sqr_add_c2(a,6,1,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_2,a_5,t_1     !sqr_add_c2(a,5,2,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_3,a_4,t_1     !sqr_add_c2(a,4,3,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        st      c_2,rp(7)       !r[7]=c2;
+
+        umul    a_7,a_1,t_1     !sqr_add_c2(a,7,1,c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2
+        addcc   c_3,t_1,c_3     !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_6,a_2,t_1     !sqr_add_c2(a,6,2,c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        addcc   c_3,t_1,c_3     !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_5,a_3,t_1     !sqr_add_c2(a,5,3,c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        addcc   c_3,t_1,c_3     !=
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_4,a_4,t_1     !sqr_add_c(a,4,c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        st      c_3,rp(8)       !r[8]=c3;
+        addx    c_2,%g0,c_2     !=
+
+        umul    a_2,a_7,t_1     !sqr_add_c2(a,7,2,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    %g0,%g0,c_3
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        umul    a_3,a_6,t_1     !sqr_add_c2(a,6,3,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        umul    a_4,a_5,t_1     !sqr_add_c2(a,5,4,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        st      c_1,rp(9)       !r[9]=c1;
+
+        umul    a_7,a_3,t_1     !sqr_add_c2(a,7,3,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_6,a_4,t_1     !sqr_add_c2(a,6,4,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_5,a_5,t_1     !sqr_add_c(a,5,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        st      c_2,rp(10)      !r[10]=c2;
+
+        umul    a_4,a_7,t_1     !=!sqr_add_c2(a,7,4,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2     !=
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2
+        umul    a_5,a_6,t_1     !=!sqr_add_c2(a,6,5,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    c_2,%g0,c_2     !=
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1
+        st      c_3,rp(11)      !r[11]=c3;
+        addx    c_2,%g0,c_2     !=
+
+        umul    a_7,a_5,t_1     !sqr_add_c2(a,7,5,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    %g0,%g0,c_3
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        umul    a_6,a_6,t_1     !sqr_add_c(a,6,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        st      c_1,rp(12)      !r[12]=c1;
+
+        umul    a_6,a_7,t_1     !sqr_add_c2(a,7,6,c2,c3,c1);
+        addcc   c_2,t_1,c_2     !=
+        rd      %y,t_2
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        addcc   c_2,t_1,c_2     !=
+        addxcc  c_3,t_2,c_3
+        st      c_2,rp(13)      !r[13]=c2;
+        addx    c_1,%g0,c_1     !=
+
+        umul    a_7,a_7,t_1     !sqr_add_c(a,7,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1     !=
+        st      c_3,rp(14)      !r[14]=c3;
+        st      c_1,rp(15)      !r[15]=c1;
+
+        ret
+        restore %g0,%g0,%o0
+
+.type   bn_sqr_comba8,#function
+.size   bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align  32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+        save    %sp,FRAME_SIZE,%sp
+        ld      ap(0),a_0
+        umul    a_0,a_0,c_1     !sqr_add_c(a,0,c1,c2,c3);
+        ld      ap(1),a_1       !=
+        rd      %y,c_2
+        st      c_1,rp(0)       !r[0]=c1;
+
+        ld      ap(2),a_2
+        umul    a_0,a_1,t_1     !=!sqr_add_c2(a,1,0,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2
+        addxcc  %g0,t_2,c_3
+        addx    %g0,%g0,c_1     !=
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1     !=
+        st      c_2,rp(1)       !r[1]=c2;
+
+        umul    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2          !=
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1     !=
+        addx    c_2,%g0,c_2
+        ld      ap(3),a_3
+        umul    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
+        addcc   c_3,t_1,c_3     !=
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        st      c_3,rp(2)       !r[2]=c3;
+        addx    c_2,%g0,c_2     !=
+
+        umul    a_0,a_3,t_1     !sqr_add_c2(a,3,0,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    %g0,%g0,c_3
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        umul    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        addx    c_3,%g0,c_3
+        addcc   c_1,t_1,c_1
+        addxcc  c_2,t_2,c_2
+        addx    c_3,%g0,c_3     !=
+        st      c_1,rp(3)       !r[3]=c1;
+
+        umul    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    %g0,%g0,c_1
+        addcc   c_2,t_1,c_2
+        addxcc  c_3,t_2,c_3     !=
+        addx    c_1,%g0,c_1
+        umul    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
+        addcc   c_2,t_1,c_2
+        rd      %y,t_2          !=
+        addxcc  c_3,t_2,c_3
+        addx    c_1,%g0,c_1
+        st      c_2,rp(4)       !r[4]=c2;
+
+        umul    a_2,a_3,t_1     !=!sqr_add_c2(a,3,2,c3,c1,c2);
+        addcc   c_3,t_1,c_3
+        rd      %y,t_2
+        addxcc  c_1,t_2,c_1
+        addx    %g0,%g0,c_2     !=
+        addcc   c_3,t_1,c_3
+        addxcc  c_1,t_2,c_1
+        st      c_3,rp(5)       !r[5]=c3;
+        addx    c_2,%g0,c_2     !=
+
+        umul    a_3,a_3,t_1     !sqr_add_c(a,3,c1,c2,c3);
+        addcc   c_1,t_1,c_1
+        rd      %y,t_2
+        addxcc  c_2,t_2,c_2     !=
+        st      c_1,rp(6)       !r[6]=c1;
+        st      c_2,rp(7)       !r[7]=c2;
+        
+        ret
+        restore %g0,%g0,%o0
+
+.type   bn_sqr_comba4,#function
+.size   bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align  32
diff --git a/src/lib/libcrypto/bn/asm/sparcv8plus.S b/src/lib/libcrypto/bn/asm/sparcv8plus.S
new file mode 100644
index 0000000000..0074dfdb75
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/sparcv8plus.S
@@ -0,0 +1,1535 @@
+.ident  "sparcv8plus.s, Version 1.4"
+.ident  "SPARC v9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * Questions-n-answers.
+ *
+ * Q. How to compile?
+ * A. With SC4.x/SC5.x:
+ *
+ *      cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    and with gcc:
+ *
+ *      gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    or if above fails (it does if you have gas installed):
+ *
+ *      gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
+ *
+ *    Quick-n-dirty way to fuse the module into the library.
+ *    Provided that the library is already configured and built
+ *    (in 0.9.2 case with no-asm option):
+ *
+ *      # cd crypto/bn
+ *      # cp /some/place/bn_asm.sparc.v8plus.S .
+ *      # cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *      # make
+ *      # cd ../..
+ *      # make; make test
+ *
+ *    Quick-n-dirty way to get rid of it:
+ *
+ *      # cd crypto/bn
+ *      # touch bn_asm.c
+ *      # make
+ *      # cd ../..
+ *      # make; make test
+ *
+ * Q. V8plus achitecture? What kind of beast is that?
+ * A. Well, it's rather a programming model than an architecture...
+ *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
+ *    special conditions, namely when kernel doesn't preserve upper
+ *    32 bits of otherwise 64-bit registers during a context switch.
+ *
+ * Q. Why just UltraSPARC? What about SuperSPARC?
+ * A. Original release did target UltraSPARC only. Now SuperSPARC
+ *    version is provided along. Both version share bn_*comba[48]
+ *    implementations (see comment later in code for explanation).
+ *    But what's so special about this UltraSPARC implementation?
+ *    Why didn't I let compiler do the job? Trouble is that most of
+ *    available compilers (well, SC5.0 is the only exception) don't
+ *    attempt to take advantage of UltraSPARC's 64-bitness under
+ *    32-bit kernels even though it's perfectly possible (see next
+ *    question).
+ *
+ * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
+ *    doesn't work?
+ * A. You can't adress *all* registers as 64-bit wide:-( The catch is
+ *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
+ *    preserved if you're in a leaf function, i.e. such never calling
+ *    any other functions. All functions in this module are leaf and
+ *    10 registers is a handful. And as a matter of fact none-"comba"
+ *    routines don't require even that much and I could even afford to
+ *    not allocate own stack frame for 'em:-)
+ *
+ * Q. What about 64-bit kernels?
+ * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
+ *    under evaluation and development...
+ *
+ * Q. What about shared libraries?
+ * A. What about 'em? Kidding again:-) Code does *not* contain any
+ *    code position dependencies and it's safe to include it into
+ *    shared library as is.
+ *
+ * Q. How much faster does it go?
+ * A. Do you have a good benchmark? In either case below is what I
+ *    experience with crypto/bn/expspeed.c test program:
+ *
+ *      v8plus module on U10/300MHz against bn_asm.c compiled with:
+ *
+ *      cc-5.0 -xarch=v8plus -xO5 -xdepend      +7-12%
+ *      cc-4.2 -xarch=v8plus -xO5 -xdepend      +25-35%
+ *      egcs-1.1.2 -mcpu=ultrasparc -O3         +35-45%
+ *
+ *      v8 module on SS10/60MHz against bn_asm.c compiled with:
+ *
+ *      cc-5.0 -xarch=v8 -xO5 -xdepend          +7-10%
+ *      cc-4.2 -xarch=v8 -xO5 -xdepend          +10%
+ *      egcs-1.1.2 -mv8 -O3                     +35-45%
+ *
+ *    As you can see it's damn hard to beat the new Sun C compiler
+ *    and it's in first place GNU C users who will appreciate this
+ *    assembler implementation:-)       
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.0  - initial release;
+ * 1.1  - new loop unrolling model(*);
+ *      - some more fine tuning;
+ * 1.2  - made gas friendly;
+ *      - updates to documentation concerning v9;
+ *      - new performance comparison matrix;
+ * 1.3  - fixed problem with /usr/ccs/lib/cpp;
+ * 1.4  - native V9 bn_*_comba[48] implementation (15% more efficient)
+ *        resulting in slight overall performance kick;
+ *      - some retunes;
+ *      - support for GNU as added;
+ *
+ * (*)  Originally unrolled loop looked like this:
+ *          for (;;) {
+ *              op(p+0); if (--n==0) break;
+ *              op(p+1); if (--n==0) break;
+ *              op(p+2); if (--n==0) break;
+ *              op(p+3); if (--n==0) break;
+ *              p+=4;
+ *          }
+ *      I unroll according to following:
+ *          while (n&~3) {
+ *              op(p+0); op(p+1); op(p+2); op(p+3);
+ *              p+=4; n=-4;
+ *          }
+ *          if (n) {
+ *              op(p+0); if (--n==0) return;
+ *              op(p+2); if (--n==0) return;
+ *              op(p+3); return;
+ *          }
+ */
+
+/*
+ * GNU assembler can't stand stuw:-(
+ */
+#define stuw st
+
+.section        ".text",#alloc,#execinstr
+.file           "bn_asm.sparc.v8plus.S"
+
+.align  32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+        brgz,a  %o2,.L_bn_mul_add_words_proceed
+        lduw    [%o1],%g2
+        retl
+        clr     %o0
+
+.L_bn_mul_add_words_proceed:
+        srl     %o3,%g0,%o3     ! clruw %o3
+        andcc   %o2,-4,%g0
+        bz,pn   %icc,.L_bn_mul_add_words_tail
+        clr     %o5
+
+.L_bn_mul_add_words_loop:       ! wow! 32 aligned!
+        lduw    [%o0],%g1
+        lduw    [%o1+4],%g3
+        mulx    %o3,%g2,%g2
+        add     %g1,%o5,%o4
+        nop
+        add     %o4,%g2,%o4
+        stuw    %o4,[%o0]
+        srlx    %o4,32,%o5
+
+        lduw    [%o0+4],%g1
+        lduw    [%o1+8],%g2
+        mulx    %o3,%g3,%g3
+        add     %g1,%o5,%o4
+        dec     4,%o2
+        add     %o4,%g3,%o4
+        stuw    %o4,[%o0+4]
+        srlx    %o4,32,%o5
+
+        lduw    [%o0+8],%g1
+        lduw    [%o1+12],%g3
+        mulx    %o3,%g2,%g2
+        add     %g1,%o5,%o4
+        inc     16,%o1
+        add     %o4,%g2,%o4
+        stuw    %o4,[%o0+8]
+        srlx    %o4,32,%o5
+
+        lduw    [%o0+12],%g1
+        mulx    %o3,%g3,%g3
+        add     %g1,%o5,%o4
+        inc     16,%o0
+        add     %o4,%g3,%o4
+        andcc   %o2,-4,%g0
+        stuw    %o4,[%o0-4]
+        srlx    %o4,32,%o5
+        bnz,a,pt        %icc,.L_bn_mul_add_words_loop
+        lduw    [%o1],%g2
+
+        brnz,a,pn       %o2,.L_bn_mul_add_words_tail
+        lduw    [%o1],%g2
+.L_bn_mul_add_words_return:
+        retl
+        mov     %o5,%o0
+
+.L_bn_mul_add_words_tail:
+        lduw    [%o0],%g1
+        mulx    %o3,%g2,%g2
+        add     %g1,%o5,%o4
+        dec     %o2
+        add     %o4,%g2,%o4
+        srlx    %o4,32,%o5
+        brz,pt  %o2,.L_bn_mul_add_words_return
+        stuw    %o4,[%o0]
+
+        lduw    [%o1+4],%g2
+        lduw    [%o0+4],%g1
+        mulx    %o3,%g2,%g2
+        add     %g1,%o5,%o4
+        dec     %o2
+        add     %o4,%g2,%o4
+        srlx    %o4,32,%o5
+        brz,pt  %o2,.L_bn_mul_add_words_return
+        stuw    %o4,[%o0+4]
+
+        lduw    [%o1+8],%g2
+        lduw    [%o0+8],%g1
+        mulx    %o3,%g2,%g2
+        add     %g1,%o5,%o4
+        add     %o4,%g2,%o4
+        stuw    %o4,[%o0+8]
+        retl
+        srlx    %o4,32,%o0
+
+.type   bn_mul_add_words,#function
+.size   bn_mul_add_words,(.-bn_mul_add_words)
+
+.align  32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+        brgz,a  %o2,.L_bn_mul_words_proceeed
+        lduw    [%o1],%g2
+        retl
+        clr     %o0
+
+.L_bn_mul_words_proceeed:
+        srl     %o3,%g0,%o3     ! clruw %o3
+        andcc   %o2,-4,%g0
+        bz,pn   %icc,.L_bn_mul_words_tail
+        clr     %o5
+
+.L_bn_mul_words_loop:           ! wow! 32 aligned!
+        lduw    [%o1+4],%g3
+        mulx    %o3,%g2,%g2
+        add     %g2,%o5,%o4
+        nop
+        stuw    %o4,[%o0]
+        srlx    %o4,32,%o5
+
+        lduw    [%o1+8],%g2
+        mulx    %o3,%g3,%g3
+        add     %g3,%o5,%o4
+        dec     4,%o2
+        stuw    %o4,[%o0+4]
+        srlx    %o4,32,%o5
+
+        lduw    [%o1+12],%g3
+        mulx    %o3,%g2,%g2
+        add     %g2,%o5,%o4
+        inc     16,%o1
+        stuw    %o4,[%o0+8]
+        srlx    %o4,32,%o5
+
+        mulx    %o3,%g3,%g3
+        add     %g3,%o5,%o4
+        inc     16,%o0
+        stuw    %o4,[%o0-4]
+        srlx    %o4,32,%o5
+        andcc   %o2,-4,%g0
+        bnz,a,pt        %icc,.L_bn_mul_words_loop
+        lduw    [%o1],%g2
+        nop
+        nop
+
+        brnz,a,pn       %o2,.L_bn_mul_words_tail
+        lduw    [%o1],%g2
+.L_bn_mul_words_return:
+        retl
+        mov     %o5,%o0
+
+.L_bn_mul_words_tail:
+        mulx    %o3,%g2,%g2
+        add     %g2,%o5,%o4
+        dec     %o2
+        srlx    %o4,32,%o5
+        brz,pt  %o2,.L_bn_mul_words_return
+        stuw    %o4,[%o0]
+
+        lduw    [%o1+4],%g2
+        mulx    %o3,%g2,%g2
+        add     %g2,%o5,%o4
+        dec     %o2
+        srlx    %o4,32,%o5
+        brz,pt  %o2,.L_bn_mul_words_return
+        stuw    %o4,[%o0+4]
+
+        lduw    [%o1+8],%g2
+        mulx    %o3,%g2,%g2
+        add     %g2,%o5,%o4
+        stuw    %o4,[%o0+8]
+        retl
+        srlx    %o4,32,%o0
+
+.type   bn_mul_words,#function
+.size   bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+        brgz,a  %o2,.L_bn_sqr_words_proceeed
+        lduw    [%o1],%g2
+        retl
+        clr     %o0
+
+.L_bn_sqr_words_proceeed:
+        andcc   %o2,-4,%g0
+        nop
+        bz,pn   %icc,.L_bn_sqr_words_tail
+        nop
+
+.L_bn_sqr_words_loop:           ! wow! 32 aligned!
+        lduw    [%o1+4],%g3
+        mulx    %g2,%g2,%o4
+        stuw    %o4,[%o0]
+        srlx    %o4,32,%o5
+        stuw    %o5,[%o0+4]
+        nop
+
+        lduw    [%o1+8],%g2
+        mulx    %g3,%g3,%o4
+        dec     4,%o2
+        stuw    %o4,[%o0+8]
+        srlx    %o4,32,%o5
+        stuw    %o5,[%o0+12]
+
+        lduw    [%o1+12],%g3
+        mulx    %g2,%g2,%o4
+        srlx    %o4,32,%o5
+        stuw    %o4,[%o0+16]
+        inc     16,%o1
+        stuw    %o5,[%o0+20]
+
+        mulx    %g3,%g3,%o4
+        inc     32,%o0
+        stuw    %o4,[%o0-8]
+        srlx    %o4,32,%o5
+        andcc   %o2,-4,%g2
+        stuw    %o5,[%o0-4]
+        bnz,a,pt        %icc,.L_bn_sqr_words_loop
+        lduw    [%o1],%g2
+        nop
+
+        brnz,a,pn       %o2,.L_bn_sqr_words_tail
+        lduw    [%o1],%g2
+.L_bn_sqr_words_return:
+        retl
+        clr     %o0
+
+.L_bn_sqr_words_tail:
+        mulx    %g2,%g2,%o4
+        dec     %o2
+        stuw    %o4,[%o0]
+        srlx    %o4,32,%o5
+        brz,pt  %o2,.L_bn_sqr_words_return
+        stuw    %o5,[%o0+4]
+
+        lduw    [%o1+4],%g2
+        mulx    %g2,%g2,%o4
+        dec     %o2
+        stuw    %o4,[%o0+8]
+        srlx    %o4,32,%o5
+        brz,pt  %o2,.L_bn_sqr_words_return
+        stuw    %o5,[%o0+12]
+
+        lduw    [%o1+8],%g2
+        mulx    %g2,%g2,%o4
+        srlx    %o4,32,%o5
+        stuw    %o4,[%o0+16]
+        stuw    %o5,[%o0+20]
+        retl
+        clr     %o0
+
+.type   bn_sqr_words,#function
+.size   bn_sqr_words,(.-bn_sqr_words)
+
+.align  32
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+        sllx    %o0,32,%o0
+        or      %o0,%o1,%o0
+        udivx   %o0,%o2,%o0
+        retl
+        srl     %o0,%g0,%o0     ! clruw %o0
+
+.type   bn_div_words,#function
+.size   bn_div_words,(.-bn_div_words)
+
+.align  32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+        brgz,a  %o3,.L_bn_add_words_proceed
+        lduw    [%o1],%o4
+        retl
+        clr     %o0
+
+.L_bn_add_words_proceed:
+        andcc   %o3,-4,%g0
+        bz,pn   %icc,.L_bn_add_words_tail
+        addcc   %g0,0,%g0       ! clear carry flag
+        nop
+
+.L_bn_add_words_loop:           ! wow! 32 aligned!
+        dec     4,%o3
+        lduw    [%o2],%o5
+        lduw    [%o1+4],%g1
+        lduw    [%o2+4],%g2
+        lduw    [%o1+8],%g3
+        lduw    [%o2+8],%g4
+        addccc  %o5,%o4,%o5
+        stuw    %o5,[%o0]
+
+        lduw    [%o1+12],%o4
+        lduw    [%o2+12],%o5
+        inc     16,%o1
+        addccc  %g1,%g2,%g1
+        stuw    %g1,[%o0+4]
+        
+        inc     16,%o2
+        addccc  %g3,%g4,%g3
+        stuw    %g3,[%o0+8]
+
+        inc     16,%o0
+        addccc  %o5,%o4,%o5
+        stuw    %o5,[%o0-4]
+        and     %o3,-4,%g1
+        brnz,a,pt       %g1,.L_bn_add_words_loop
+        lduw    [%o1],%o4
+
+        brnz,a,pn       %o3,.L_bn_add_words_tail
+        lduw    [%o1],%o4
+.L_bn_add_words_return:
+        clr     %o0
+        retl
+        movcs   %icc,1,%o0
+        nop
+
+.L_bn_add_words_tail:
+        lduw    [%o2],%o5
+        dec     %o3
+        addccc  %o5,%o4,%o5
+        brz,pt  %o3,.L_bn_add_words_return
+        stuw    %o5,[%o0]
+
+        lduw    [%o1+4],%o4
+        lduw    [%o2+4],%o5
+        dec     %o3
+        addccc  %o5,%o4,%o5
+        brz,pt  %o3,.L_bn_add_words_return
+        stuw    %o5,[%o0+4]
+
+        lduw    [%o1+8],%o4
+        lduw    [%o2+8],%o5
+        addccc  %o5,%o4,%o5
+        stuw    %o5,[%o0+8]
+        clr     %o0
+        retl
+        movcs   %icc,1,%o0
+
+.type   bn_add_words,#function
+.size   bn_add_words,(.-bn_add_words)
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+        brgz,a  %o3,.L_bn_sub_words_proceed
+        lduw    [%o1],%o4
+        retl
+        clr     %o0
+
+.L_bn_sub_words_proceed:
+        andcc   %o3,-4,%g0
+        bz,pn   %icc,.L_bn_sub_words_tail
+        addcc   %g0,0,%g0       ! clear carry flag
+        nop
+
+.L_bn_sub_words_loop:           ! wow! 32 aligned!
+        dec     4,%o3
+        lduw    [%o2],%o5
+        lduw    [%o1+4],%g1
+        lduw    [%o2+4],%g2
+        lduw    [%o1+8],%g3
+        lduw    [%o2+8],%g4
+        subccc  %o4,%o5,%o5
+        stuw    %o5,[%o0]
+
+        lduw    [%o1+12],%o4
+        lduw    [%o2+12],%o5
+        inc     16,%o1
+        subccc  %g1,%g2,%g2
+        stuw    %g2,[%o0+4]
+
+        inc     16,%o2
+        subccc  %g3,%g4,%g4
+        stuw    %g4,[%o0+8]
+
+        inc     16,%o0
+        subccc  %o4,%o5,%o5
+        stuw    %o5,[%o0-4]
+        and     %o3,-4,%g1
+        brnz,a,pt       %g1,.L_bn_sub_words_loop
+        lduw    [%o1],%o4
+
+        brnz,a,pn       %o3,.L_bn_sub_words_tail
+        lduw    [%o1],%o4
+.L_bn_sub_words_return:
+        clr     %o0
+        retl
+        movcs   %icc,1,%o0
+        nop
+
+.L_bn_sub_words_tail:           ! wow! 32 aligned!
+        lduw    [%o2],%o5
+        dec     %o3
+        subccc  %o4,%o5,%o5
+        brz,pt  %o3,.L_bn_sub_words_return
+        stuw    %o5,[%o0]
+
+        lduw    [%o1+4],%o4
+        lduw    [%o2+4],%o5
+        dec     %o3
+        subccc  %o4,%o5,%o5
+        brz,pt  %o3,.L_bn_sub_words_return
+        stuw    %o5,[%o0+4]
+
+        lduw    [%o1+8],%o4
+        lduw    [%o2+8],%o5
+        subccc  %o4,%o5,%o5
+        stuw    %o5,[%o0+8]
+        clr     %o0
+        retl
+        movcs   %icc,1,%o0
+
+.type   bn_sub_words,#function
+.size   bn_sub_words,(.-bn_sub_words)
+
+/*
+ * Code below depends on the fact that upper parts of the %l0-%l7
+ * and %i0-%i7 are zeroed by kernel after context switch. In
+ * previous versions this comment stated that "the trouble is that
+ * it's not feasible to implement the mumbo-jumbo in less V9
+ * instructions:-(" which apparently isn't true thanks to
+ * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
+ * results not from the shorter code, but from elimination of
+ * multicycle none-pairable 'rd %y,%rd' instructions.
+ *
+ *                                                      Andy.
+ */
+
+#define FRAME_SIZE      -96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1     %o0
+#define t_2     %o1
+#define c_12    %o2
+#define c_3     %o3
+
+#define ap(I)   [%i1+4*I]
+#define bp(I)   [%i2+4*I]
+#define rp(I)   [%i0+4*I]
+
+#define a_0     %l0
+#define a_1     %l1
+#define a_2     %l2
+#define a_3     %l3
+#define a_4     %l4
+#define a_5     %l5
+#define a_6     %l6
+#define a_7     %l7
+
+#define b_0     %i3
+#define b_1     %i4
+#define b_2     %i5
+#define b_3     %o4
+#define b_4     %o5
+#define b_5     %o7
+#define b_6     %g1
+#define b_7     %g4
+
+.align  32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+        save    %sp,FRAME_SIZE,%sp
+        mov     1,t_2
+        lduw    ap(0),a_0
+        sllx    t_2,32,t_2
+        lduw    bp(0),b_0       !=
+        lduw    bp(1),b_1
+        mulx    a_0,b_0,t_1     !mul_add_c(a[0],b[0],c1,c2,c3);
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(0)       !=!r[0]=c1;
+
+        lduw    ap(1),a_1
+        mulx    a_0,b_1,t_1     !mul_add_c(a[0],b[1],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3             !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(2),a_2
+        mulx    a_1,b_0,t_1     !=!mul_add_c(a[1],b[0],c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12     !=
+        stuw    t_1,rp(1)       !r[1]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
+        addcc   c_12,t_1,c_12   !=
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    bp(2),b_2       !=
+        mulx    a_1,b_1,t_1     !mul_add_c(a[1],b[1],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        lduw    bp(3),b_3
+        mulx    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(2)       !r[2]=c3;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_0,b_3,t_1     !mul_add_c(a[0],b[3],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_1,b_2,t_1     !=!mul_add_c(a[1],b[2],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        lduw    ap(3),a_3
+        mulx    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
+        addcc   c_12,t_1,c_12   !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(4),a_4
+        mulx    a_3,b_0,t_1     !=!mul_add_c(a[3],b[0],c1,c2,c3);!=
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12     !=
+        stuw    t_1,rp(3)       !r[3]=c1;
+        or      c_12,c_3,c_12
+
+        mulx    a_4,b_0,t_1     !mul_add_c(a[4],b[0],c2,c3,c1);
+        addcc   c_12,t_1,c_12   !=
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_3,b_1,t_1     !=!mul_add_c(a[3],b[1],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_2,b_2,t_1     !=!mul_add_c(a[2],b[2],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    bp(4),b_4       !=
+        mulx    a_1,b_3,t_1     !mul_add_c(a[1],b[3],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        lduw    bp(5),b_5
+        mulx    a_0,b_4,t_1     !mul_add_c(a[0],b[4],c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(4)       !r[4]=c2;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_0,b_5,t_1     !mul_add_c(a[0],b[5],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_1,b_4,t_1     !mul_add_c(a[1],b[4],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_2,b_3,t_1     !mul_add_c(a[2],b[3],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        lduw    ap(5),a_5
+        mulx    a_4,b_1,t_1     !mul_add_c(a[4],b[1],c3,c1,c2);
+        addcc   c_12,t_1,c_12   !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(6),a_6
+        mulx    a_5,b_0,t_1     !=!mul_add_c(a[5],b[0],c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12     !=
+        stuw    t_1,rp(5)       !r[5]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_6,b_0,t_1     !mul_add_c(a[6],b[0],c1,c2,c3);
+        addcc   c_12,t_1,c_12   !=
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_5,b_1,t_1     !=!mul_add_c(a[5],b[1],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_4,b_2,t_1     !=!mul_add_c(a[4],b[2],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_3,b_3,t_1     !=!mul_add_c(a[3],b[3],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_2,b_4,t_1     !=!mul_add_c(a[2],b[4],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    bp(6),b_6       !=
+        mulx    a_1,b_5,t_1     !mul_add_c(a[1],b[5],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        lduw    bp(7),b_7
+        mulx    a_0,b_6,t_1     !mul_add_c(a[0],b[6],c1,c2,c3);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(6)       !r[6]=c1;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_0,b_7,t_1     !mul_add_c(a[0],b[7],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_1,b_6,t_1     !mul_add_c(a[1],b[6],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_2,b_5,t_1     !mul_add_c(a[2],b[5],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_3,b_4,t_1     !mul_add_c(a[3],b[4],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_4,b_3,t_1     !mul_add_c(a[4],b[3],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_5,b_2,t_1     !mul_add_c(a[5],b[2],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        lduw    ap(7),a_7
+        mulx    a_6,b_1,t_1     !=!mul_add_c(a[6],b[1],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_7,b_0,t_1     !=!mul_add_c(a[7],b[0],c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12     !=
+        stuw    t_1,rp(7)       !r[7]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_7,b_1,t_1     !=!mul_add_c(a[7],b[1],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        mulx    a_6,b_2,t_1     !mul_add_c(a[6],b[2],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        mulx    a_5,b_3,t_1     !mul_add_c(a[5],b[3],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        mulx    a_4,b_4,t_1     !mul_add_c(a[4],b[4],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        mulx    a_3,b_5,t_1     !mul_add_c(a[3],b[5],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        mulx    a_2,b_6,t_1     !mul_add_c(a[2],b[6],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        mulx    a_1,b_7,t_1     !mul_add_c(a[1],b[7],c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(8)       !r[8]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,b_7,t_1     !=!mul_add_c(a[2],b[7],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        mulx    a_3,b_6,t_1     !mul_add_c(a[3],b[6],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_4,b_5,t_1     !mul_add_c(a[4],b[5],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_5,b_4,t_1     !mul_add_c(a[5],b[4],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_6,b_3,t_1     !mul_add_c(a[6],b[3],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_7,b_2,t_1     !mul_add_c(a[7],b[2],c1,c2,c3);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(9)       !r[9]=c1;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_7,b_3,t_1     !mul_add_c(a[7],b[3],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_6,b_4,t_1     !mul_add_c(a[6],b[4],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_5,b_5,t_1     !mul_add_c(a[5],b[5],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_4,b_6,t_1     !mul_add_c(a[4],b[6],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_3,b_7,t_1     !mul_add_c(a[3],b[7],c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(10)      !r[10]=c2;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_4,b_7,t_1     !mul_add_c(a[4],b[7],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_5,b_6,t_1     !mul_add_c(a[5],b[6],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_6,b_5,t_1     !mul_add_c(a[6],b[5],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_7,b_4,t_1     !mul_add_c(a[7],b[4],c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(11)      !r[11]=c3;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_7,b_5,t_1     !mul_add_c(a[7],b[5],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_6,b_6,t_1     !mul_add_c(a[6],b[6],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_5,b_7,t_1     !mul_add_c(a[5],b[7],c1,c2,c3);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(12)      !r[12]=c1;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_6,b_7,t_1     !mul_add_c(a[6],b[7],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_7,b_6,t_1     !mul_add_c(a[7],b[6],c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        st      t_1,rp(13)      !r[13]=c2;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_7,b_7,t_1     !mul_add_c(a[7],b[7],c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        srlx    t_1,32,c_12     !=
+        stuw    t_1,rp(14)      !r[14]=c3;
+        stuw    c_12,rp(15)     !r[15]=c1;
+
+        ret
+        restore %g0,%g0,%o0     !=
+
+.type   bn_mul_comba8,#function
+.size   bn_mul_comba8,(.-bn_mul_comba8)
+
+.align  32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+        save    %sp,FRAME_SIZE,%sp
+        lduw    ap(0),a_0
+        mov     1,t_2
+        lduw    bp(0),b_0
+        sllx    t_2,32,t_2      !=
+        lduw    bp(1),b_1
+        mulx    a_0,b_0,t_1     !mul_add_c(a[0],b[0],c1,c2,c3);
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(0)       !=!r[0]=c1;
+
+        lduw    ap(1),a_1
+        mulx    a_0,b_1,t_1     !mul_add_c(a[0],b[1],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3             !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(2),a_2
+        mulx    a_1,b_0,t_1     !=!mul_add_c(a[1],b[0],c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12     !=
+        stuw    t_1,rp(1)       !r[1]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,b_0,t_1     !mul_add_c(a[2],b[0],c3,c1,c2);
+        addcc   c_12,t_1,c_12   !=
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    bp(2),b_2       !=
+        mulx    a_1,b_1,t_1     !mul_add_c(a[1],b[1],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3     !=
+        lduw    bp(3),b_3
+        mulx    a_0,b_2,t_1     !mul_add_c(a[0],b[2],c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(2)       !r[2]=c3;
+        or      c_12,c_3,c_12   !=
+
+        mulx    a_0,b_3,t_1     !mul_add_c(a[0],b[3],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        mulx    a_1,b_2,t_1     !mul_add_c(a[1],b[2],c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8        !=
+        add     c_3,t_2,c_3
+        lduw    ap(3),a_3
+        mulx    a_2,b_1,t_1     !mul_add_c(a[2],b[1],c1,c2,c3);
+        addcc   c_12,t_1,c_12   !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_3,b_0,t_1     !mul_add_c(a[3],b[0],c1,c2,c3);!=
+        addcc   c_12,t_1,t_1    !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(3)       !=!r[3]=c1;
+        or      c_12,c_3,c_12
+
+        mulx    a_3,b_1,t_1     !mul_add_c(a[3],b[1],c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3             !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_2,b_2,t_1     !mul_add_c(a[2],b[2],c2,c3,c1);
+        addcc   c_12,t_1,c_12   !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_1,b_3,t_1     !mul_add_c(a[1],b[3],c2,c3,c1);
+        addcc   c_12,t_1,t_1    !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(4)       !=!r[4]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,b_3,t_1     !mul_add_c(a[2],b[3],c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3             !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_3,b_2,t_1     !mul_add_c(a[3],b[2],c3,c1,c2);
+        addcc   c_12,t_1,t_1    !=
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(5)       !=!r[5]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_3,b_3,t_1     !mul_add_c(a[3],b[3],c1,c2,c3);
+        addcc   c_12,t_1,t_1
+        srlx    t_1,32,c_12     !=
+        stuw    t_1,rp(6)       !r[6]=c1;
+        stuw    c_12,rp(7)      !r[7]=c2;
+        
+        ret
+        restore %g0,%g0,%o0
+
+.type   bn_mul_comba4,#function
+.size   bn_mul_comba4,(.-bn_mul_comba4)
+
+.align  32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+        save    %sp,FRAME_SIZE,%sp
+        mov     1,t_2
+        lduw    ap(0),a_0
+        sllx    t_2,32,t_2
+        lduw    ap(1),a_1
+        mulx    a_0,a_0,t_1     !sqr_add_c(a,0,c1,c2,c3);
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(0)       !r[0]=c1;
+
+        lduw    ap(2),a_2
+        mulx    a_0,a_1,t_1     !=!sqr_add_c2(a,1,0,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(1)       !r[1]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(3),a_3
+        mulx    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(2)       !r[2]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_0,a_3,t_1     !sqr_add_c2(a,3,0,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(4),a_4
+        mulx    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        st      t_1,rp(3)       !r[3]=c1;
+        or      c_12,c_3,c_12
+
+        mulx    a_4,a_0,t_1     !sqr_add_c2(a,4,0,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(5),a_5
+        mulx    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(4)       !r[4]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_0,a_5,t_1     !sqr_add_c2(a,5,0,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_1,a_4,t_1     !sqr_add_c2(a,4,1,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(6),a_6
+        mulx    a_2,a_3,t_1     !sqr_add_c2(a,3,2,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(5)       !r[5]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_6,a_0,t_1     !sqr_add_c2(a,6,0,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_5,a_1,t_1     !sqr_add_c2(a,5,1,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_4,a_2,t_1     !sqr_add_c2(a,4,2,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(7),a_7
+        mulx    a_3,a_3,t_1     !=!sqr_add_c(a,3,c1,c2,c3);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(6)       !r[6]=c1;
+        or      c_12,c_3,c_12
+
+        mulx    a_0,a_7,t_1     !sqr_add_c2(a,7,0,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_1,a_6,t_1     !sqr_add_c2(a,6,1,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_2,a_5,t_1     !sqr_add_c2(a,5,2,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_3,a_4,t_1     !sqr_add_c2(a,4,3,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(7)       !r[7]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_7,a_1,t_1     !sqr_add_c2(a,7,1,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_6,a_2,t_1     !sqr_add_c2(a,6,2,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_5,a_3,t_1     !sqr_add_c2(a,5,3,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_4,a_4,t_1     !sqr_add_c(a,4,c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(8)       !r[8]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,a_7,t_1     !sqr_add_c2(a,7,2,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_3,a_6,t_1     !sqr_add_c2(a,6,3,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_4,a_5,t_1     !sqr_add_c2(a,5,4,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(9)       !r[9]=c1;
+        or      c_12,c_3,c_12
+
+        mulx    a_7,a_3,t_1     !sqr_add_c2(a,7,3,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_6,a_4,t_1     !sqr_add_c2(a,6,4,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_5,a_5,t_1     !sqr_add_c(a,5,c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(10)      !r[10]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_4,a_7,t_1     !sqr_add_c2(a,7,4,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_5,a_6,t_1     !sqr_add_c2(a,6,5,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(11)      !r[11]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_7,a_5,t_1     !sqr_add_c2(a,7,5,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_6,a_6,t_1     !sqr_add_c(a,6,c1,c2,c3);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(12)      !r[12]=c1;
+        or      c_12,c_3,c_12
+
+        mulx    a_6,a_7,t_1     !sqr_add_c2(a,7,6,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(13)      !r[13]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_7,a_7,t_1     !sqr_add_c(a,7,c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(14)      !r[14]=c3;
+        stuw    c_12,rp(15)     !r[15]=c1;
+
+        ret
+        restore %g0,%g0,%o0
+
+.type   bn_sqr_comba8,#function
+.size   bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align  32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+        save    %sp,FRAME_SIZE,%sp
+        mov     1,t_2
+        lduw    ap(0),a_0
+        sllx    t_2,32,t_2
+        lduw    ap(1),a_1
+        mulx    a_0,a_0,t_1     !sqr_add_c(a,0,c1,c2,c3);
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(0)       !r[0]=c1;
+
+        lduw    ap(2),a_2
+        mulx    a_0,a_1,t_1     !sqr_add_c2(a,1,0,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(1)       !r[1]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,a_0,t_1     !sqr_add_c2(a,2,0,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        lduw    ap(3),a_3
+        mulx    a_1,a_1,t_1     !sqr_add_c(a,1,c3,c1,c2);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(2)       !r[2]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_0,a_3,t_1     !sqr_add_c2(a,3,0,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_1,a_2,t_1     !sqr_add_c2(a,2,1,c1,c2,c3);
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(3)       !r[3]=c1;
+        or      c_12,c_3,c_12
+
+        mulx    a_3,a_1,t_1     !sqr_add_c2(a,3,1,c2,c3,c1);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,c_12
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        mulx    a_2,a_2,t_1     !sqr_add_c(a,2,c2,c3,c1);
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(4)       !r[4]=c2;
+        or      c_12,c_3,c_12
+
+        mulx    a_2,a_3,t_1     !sqr_add_c2(a,3,2,c3,c1,c2);
+        addcc   c_12,t_1,c_12
+        clr     c_3
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        addcc   c_12,t_1,t_1
+        bcs,a   %xcc,.+8
+        add     c_3,t_2,c_3
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(5)       !r[5]=c3;
+        or      c_12,c_3,c_12
+
+        mulx    a_3,a_3,t_1     !sqr_add_c(a,3,c1,c2,c3);
+        addcc   c_12,t_1,t_1
+        srlx    t_1,32,c_12
+        stuw    t_1,rp(6)       !r[6]=c1;
+        stuw    c_12,rp(7)      !r[7]=c2;
+        
+        ret
+        restore %g0,%g0,%o0
+
+.type   bn_sqr_comba4,#function
+.size   bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align  32
diff --git a/src/lib/libcrypto/bn/asm/x86.pl b/src/lib/libcrypto/bn/asm/x86.pl
new file mode 100644
index 0000000000..1bc4f1bb27
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86.pl
@@ -0,0 +1,28 @@
+#!/usr/local/bin/perl
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+require("x86/mul_add.pl");
+require("x86/mul.pl");
+require("x86/sqr.pl");
+require("x86/div.pl");
+require("x86/add.pl");
+require("x86/sub.pl");
+require("x86/comba.pl");
+
+&asm_init($ARGV[0],$0);
+
+&bn_mul_add_words("bn_mul_add_words");
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_div_words("bn_div_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_mul_comba("bn_mul_comba8",8);
+&bn_mul_comba("bn_mul_comba4",4);
+&bn_sqr_comba("bn_sqr_comba8",8);
+&bn_sqr_comba("bn_sqr_comba4",4);
+
+&asm_finish();
+
diff --git a/src/lib/libcrypto/bn/asm/x86/add.pl b/src/lib/libcrypto/bn/asm/x86/add.pl
new file mode 100644
index 0000000000..0b5cf583e3
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/add.pl
@@ -0,0 +1,76 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_add_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $a="esi";
+        $b="edi";
+        $c="eax";
+        $r="ebx";
+        $tmp1="ecx";
+        $tmp2="edx";
+        $num="ebp";
+
+        &mov($r,&wparam(0));    # get r
+         &mov($a,&wparam(1));   # get a
+        &mov($b,&wparam(2));    # get b
+         &mov($num,&wparam(3)); # get num
+        &xor($c,$c);            # clear carry
+         &and($num,0xfffffff8); # num / 8
+
+        &jz(&label("aw_finish"));
+
+        &set_label("aw_loop",0);
+        for ($i=0; $i<8; $i++)
+                {
+                &comment("Round $i");
+
+                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
+                &add($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &add($tmp1,$tmp2);
+                &adc($c,0);
+                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
+                }
+
+        &comment("");
+        &add($a,32);
+         &add($b,32);
+        &add($r,32);
+         &sub($num,8);
+        &jnz(&label("aw_loop"));
+
+        &set_label("aw_finish",0);
+        &mov($num,&wparam(3));  # get num
+        &and($num,7);
+         &jz(&label("aw_end"));
+
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+                &add($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &add($tmp1,$tmp2);
+                &adc($c,0);
+                 &dec($num) if ($i != 6);
+                &mov(&DWP($i*4,$r,"",0),$tmp1); # *a
+                 &jz(&label("aw_end")) if ($i != 6);
+                }
+        &set_label("aw_end",0);
+
+#       &mov("eax",$c);         # $c is "eax"
+
+        &function_end($name);
+        }
+
+1;
diff --git a/src/lib/libcrypto/bn/asm/x86/comba.pl b/src/lib/libcrypto/bn/asm/x86/comba.pl
new file mode 100644
index 0000000000..2291253629
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/comba.pl
@@ -0,0 +1,277 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub mul_add_c
+        {
+        local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+        # words, and 1 if load return value
+
+        &comment("mul a[$ai]*b[$bi]");
+
+        # "eax" and "edx" will always be pre-loaded.
+        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+        # &mov("edx",&DWP($bi*4,$b,"",0));
+
+        &mul("edx");
+        &add($c0,"eax");
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # laod next a
+         &mov("eax",&wparam(0)) if $pos > 0;                    # load r[]
+         ###
+        &adc($c1,"edx");
+         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;        # laod next b
+         &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;        # laod next b
+         ###
+        &adc($c2,0);
+         # is pos > 1, it means it is the last loop 
+         &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;           # save r[];
+        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # laod next a
+        }
+
+sub sqr_add_c
+        {
+        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+        # words, and 1 if load return value
+
+        &comment("sqr a[$ai]*a[$bi]");
+
+        # "eax" and "edx" will always be pre-loaded.
+        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+        # &mov("edx",&DWP($bi*4,$b,"",0));
+
+        if ($ai == $bi)
+                { &mul("eax");}
+        else
+                { &mul("edx");}
+        &add($c0,"eax");
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
+         ###
+        &adc($c1,"edx");
+         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
+         ###
+        &adc($c2,0);
+         # is pos > 1, it means it is the last loop 
+         &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;              # save r[];
+        &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;         # load next b
+        }
+
+sub sqr_add_c2
+        {
+        local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
+
+        # pos == -1 if eax and edx are pre-loaded, 0 to load from next
+        # words, and 1 if load return value
+
+        &comment("sqr a[$ai]*a[$bi]");
+
+        # "eax" and "edx" will always be pre-loaded.
+        # &mov("eax",&DWP($ai*4,$a,"",0)) ;
+        # &mov("edx",&DWP($bi*4,$a,"",0));
+
+        if ($ai == $bi)
+                { &mul("eax");}
+        else
+                { &mul("edx");}
+        &add("eax","eax");
+         ###
+        &adc("edx","edx");
+         ###
+        &adc($c2,0);
+         &add($c0,"eax");
+        &adc($c1,"edx");
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;        # load next a
+         &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;        # load next b
+        &adc($c2,0);
+        &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;               # save r[];
+         &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
+         ###
+        }
+
+sub bn_mul_comba
+        {
+        local($name,$num)=@_;
+        local($a,$b,$c0,$c1,$c2);
+        local($i,$as,$ae,$bs,$be,$ai,$bi);
+        local($tot,$end);
+
+        &function_begin_B($name,"");
+
+        $c0="ebx";
+        $c1="ecx";
+        $c2="ebp";
+        $a="esi";
+        $b="edi";
+        
+        $as=0;
+        $ae=0;
+        $bs=0;
+        $be=0;
+        $tot=$num+$num-1;
+
+        &push("esi");
+         &mov($a,&wparam(1));
+        &push("edi");
+         &mov($b,&wparam(2));
+        &push("ebp");
+         &push("ebx");
+
+        &xor($c0,$c0);
+         &mov("eax",&DWP(0,$a,"",0));   # load the first word 
+        &xor($c1,$c1);
+         &mov("edx",&DWP(0,$b,"",0));   # load the first second 
+
+        for ($i=0; $i<$tot; $i++)
+                {
+                $ai=$as;
+                $bi=$bs;
+                $end=$be+1;
+
+                &comment("################## Calculate word $i"); 
+
+                for ($j=$bs; $j<$end; $j++)
+                        {
+                        &xor($c2,$c2) if ($j == $bs);
+                        if (($j+1) == $end)
+                                {
+                                $v=1;
+                                $v=2 if (($i+1) == $tot);
+                                }
+                        else
+                                { $v=0; }
+                        if (($j+1) != $end)
+                                {
+                                $na=($ai-1);
+                                $nb=($bi+1);
+                                }
+                        else
+                                {
+                                $na=$as+($i < ($num-1));
+                                $nb=$bs+($i >= ($num-1));
+                                }
+#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
+                        &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
+                        if ($v)
+                                {
+                                &comment("saved r[$i]");
+                                # &mov("eax",&wparam(0));
+                                # &mov(&DWP($i*4,"eax","",0),$c0);
+                                ($c0,$c1,$c2)=($c1,$c2,$c0);
+                                }
+                        $ai--;
+                        $bi++;
+                        }
+                $as++ if ($i < ($num-1));
+                $ae++ if ($i >= ($num-1));
+
+                $bs++ if ($i >= ($num-1));
+                $be++ if ($i < ($num-1));
+                }
+        &comment("save r[$i]");
+        # &mov("eax",&wparam(0));
+        &mov(&DWP($i*4,"eax","",0),$c0);
+
+        &pop("ebx");
+        &pop("ebp");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+        &function_end_B($name);
+        }
+
+sub bn_sqr_comba
+        {
+        local($name,$num)=@_;
+        local($r,$a,$c0,$c1,$c2)=@_;
+        local($i,$as,$ae,$bs,$be,$ai,$bi);
+        local($b,$tot,$end,$half);
+
+        &function_begin_B($name,"");
+
+        $c0="ebx";
+        $c1="ecx";
+        $c2="ebp";
+        $a="esi";
+        $r="edi";
+
+        &push("esi");
+         &push("edi");
+        &push("ebp");
+         &push("ebx");
+        &mov($r,&wparam(0));
+         &mov($a,&wparam(1));
+        &xor($c0,$c0);
+         &xor($c1,$c1);
+        &mov("eax",&DWP(0,$a,"",0)); # load the first word
+
+        $as=0;
+        $ae=0;
+        $bs=0;
+        $be=0;
+        $tot=$num+$num-1;
+
+        for ($i=0; $i<$tot; $i++)
+                {
+                $ai=$as;
+                $bi=$bs;
+                $end=$be+1;
+
+                &comment("############### Calculate word $i");
+                for ($j=$bs; $j<$end; $j++)
+                        {
+                        &xor($c2,$c2) if ($j == $bs);
+                        if (($ai-1) < ($bi+1))
+                                {
+                                $v=1;
+                                $v=2 if ($i+1) == $tot;
+                                }
+                        else
+                                { $v=0; }
+                        if (!$v)
+                                {
+                                $na=$ai-1;
+                                $nb=$bi+1;
+                                }
+                        else
+                                {
+                                $na=$as+($i < ($num-1));
+                                $nb=$bs+($i >= ($num-1));
+                                }
+                        if ($ai == $bi)
+                                {
+                                &sqr_add_c($r,$a,$ai,$bi,
+                                        $c0,$c1,$c2,$v,$i,$na,$nb);
+                                }
+                        else
+                                {
+                                &sqr_add_c2($r,$a,$ai,$bi,
+                                        $c0,$c1,$c2,$v,$i,$na,$nb);
+                                }
+                        if ($v)
+                                {
+                                &comment("saved r[$i]");
+                                #&mov(&DWP($i*4,$r,"",0),$c0);
+                                ($c0,$c1,$c2)=($c1,$c2,$c0);
+                                last;
+                                }
+                        $ai--;
+                        $bi++;
+                        }
+                $as++ if ($i < ($num-1));
+                $ae++ if ($i >= ($num-1));
+
+                $bs++ if ($i >= ($num-1));
+                $be++ if ($i < ($num-1));
+                }
+        &mov(&DWP($i*4,$r,"",0),$c0);
+        &pop("ebx");
+        &pop("ebp");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+        &function_end_B($name);
+        }
+
+1;
diff --git a/src/lib/libcrypto/bn/asm/x86/div.pl b/src/lib/libcrypto/bn/asm/x86/div.pl
new file mode 100644
index 0000000000..0e90152caa
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/div.pl
@@ -0,0 +1,15 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_div_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+        &mov("edx",&wparam(0)); #
+        &mov("eax",&wparam(1)); #
+        &mov("ebx",&wparam(2)); #
+        &div("ebx");
+        &function_end($name);
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/x86/mul.pl b/src/lib/libcrypto/bn/asm/x86/mul.pl
new file mode 100644
index 0000000000..674cb9b055
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/mul.pl
@@ -0,0 +1,77 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_mul_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ecx";
+        $r="edi";
+        $c="esi";
+        $num="ebp";
+
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+        &mov($a,&wparam(1));    #
+        &mov($num,&wparam(2));  #
+        &mov($w,&wparam(3));    #
+
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("mw_finish"));
+
+        &set_label("mw_loop",0);
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+
+                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 # XXX
+
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+
+                &mov($c,"edx");                 # c=  H(t);
+                }
+
+        &comment("");
+        &add($a,32);
+        &add($r,32);
+        &sub($num,8);
+        &jz(&label("mw_finish"));
+        &jmp(&label("mw_loop"));
+
+        &set_label("mw_finish",0);
+        &mov($num,&wparam(2));  # get num
+        &and($num,7);
+        &jnz(&label("mw_finish2"));
+        &jmp(&label("mw_end"));
+
+        &set_label("mw_finish2",1);
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 # XXX
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
+                &mov($c,"edx");                 # c=  H(t);
+                 &dec($num) if ($i != 7-1);
+                &jz(&label("mw_end")) if ($i != 7-1);
+                }
+        &set_label("mw_end",0);
+        &mov("eax",$c);
+
+        &function_end($name);
+        }
+
+1;
diff --git a/src/lib/libcrypto/bn/asm/x86/mul_add.pl b/src/lib/libcrypto/bn/asm/x86/mul_add.pl
new file mode 100644
index 0000000000..61830d3a90
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/mul_add.pl
@@ -0,0 +1,87 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_mul_add_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $Low="eax";
+        $High="edx";
+        $a="ebx";
+        $w="ebp";
+        $r="edi";
+        $c="esi";
+
+        &xor($c,$c);            # clear carry
+        &mov($r,&wparam(0));    #
+
+        &mov("ecx",&wparam(2)); #
+        &mov($a,&wparam(1));    #
+
+        &and("ecx",0xfffffff8); # num / 8
+        &mov($w,&wparam(3));    #
+
+        &push("ecx");           # Up the stack for a tmp variable
+
+        &jz(&label("maw_finish"));
+
+        &set_label("maw_loop",0);
+
+        &mov(&swtmp(0),"ecx");  #
+
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+
+                 &mov("eax",&DWP($i,$a,"",0));  # *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);         # L(t)+= *r
+                 &mov($c,&DWP($i,$r,"",0));     # L(t)+= *r
+                &adc("edx",0);                  # H(t)+=carry
+                 &add("eax",$c);                # L(t)+=c
+                &adc("edx",0);                  # H(t)+=carry
+                 &mov(&DWP($i,$r,"",0),"eax");  # *r= L(t);
+                &mov($c,"edx");                 # c=  H(t);
+                }
+
+        &comment("");
+        &mov("ecx",&swtmp(0));  #
+        &add($a,32);
+        &add($r,32);
+        &sub("ecx",8);
+        &jnz(&label("maw_loop"));
+
+        &set_label("maw_finish",0);
+        &mov("ecx",&wparam(2)); # get num
+        &and("ecx",7);
+        &jnz(&label("maw_finish2"));    # helps branch prediction
+        &jmp(&label("maw_end"));
+
+        &set_label("maw_finish2",1);
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                 &mov("eax",&DWP($i*4,$a,"",0));# *a
+                &mul($w);                       # *a * w
+                &add("eax",$c);                 # L(t)+=c
+                 &mov($c,&DWP($i*4,$r,"",0));   # L(t)+= *r
+                &adc("edx",0);                  # H(t)+=carry
+                 &add("eax",$c);
+                &adc("edx",0);                  # H(t)+=carry
+                 &dec("ecx") if ($i != 7-1);
+                &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t);
+                 &mov($c,"edx");                        # c=  H(t);
+                &jz(&label("maw_end")) if ($i != 7-1);
+                }
+        &set_label("maw_end",0);
+        &mov("eax",$c);
+
+        &pop("ecx");    # clear variable from
+
+        &function_end($name);
+        }
+
+1;
diff --git a/src/lib/libcrypto/bn/asm/x86/sqr.pl b/src/lib/libcrypto/bn/asm/x86/sqr.pl
new file mode 100644
index 0000000000..1f90993cf6
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/sqr.pl
@@ -0,0 +1,60 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_sqr_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $r="esi";
+        $a="edi";
+        $num="ebx";
+
+        &mov($r,&wparam(0));    #
+        &mov($a,&wparam(1));    #
+        &mov($num,&wparam(2));  #
+
+        &and($num,0xfffffff8);  # num / 8
+        &jz(&label("sw_finish"));
+
+        &set_label("sw_loop",0);
+        for ($i=0; $i<32; $i+=4)
+                {
+                &comment("Round $i");
+                &mov("eax",&DWP($i,$a,"",0));   # *a
+                 # XXX
+                &mul("eax");                    # *a * *a
+                &mov(&DWP($i*2,$r,"",0),"eax"); #
+                 &mov(&DWP($i*2+4,$r,"",0),"edx");#
+                }
+
+        &comment("");
+        &add($a,32);
+        &add($r,64);
+        &sub($num,8);
+        &jnz(&label("sw_loop"));
+
+        &set_label("sw_finish",0);
+        &mov($num,&wparam(2));  # get num
+        &and($num,7);
+        &jz(&label("sw_end"));
+
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov("eax",&DWP($i*4,$a,"",0)); # *a
+                 # XXX
+                &mul("eax");                    # *a * *a
+                &mov(&DWP($i*8,$r,"",0),"eax"); #
+                 &dec($num) if ($i != 7-1);
+                &mov(&DWP($i*8+4,$r,"",0),"edx");
+                 &jz(&label("sw_end")) if ($i != 7-1);
+                }
+        &set_label("sw_end",0);
+
+        &function_end($name);
+        }
+
+1;
diff --git a/src/lib/libcrypto/bn/asm/x86/sub.pl b/src/lib/libcrypto/bn/asm/x86/sub.pl
new file mode 100644
index 0000000000..837b0e1b07
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/sub.pl
@@ -0,0 +1,76 @@
+#!/usr/local/bin/perl
+# x86 assember
+
+sub bn_sub_words
+        {
+        local($name)=@_;
+
+        &function_begin($name,"");
+
+        &comment("");
+        $a="esi";
+        $b="edi";
+        $c="eax";
+        $r="ebx";
+        $tmp1="ecx";
+        $tmp2="edx";
+        $num="ebp";
+
+        &mov($r,&wparam(0));    # get r
+         &mov($a,&wparam(1));   # get a
+        &mov($b,&wparam(2));    # get b
+         &mov($num,&wparam(3)); # get num
+        &xor($c,$c);            # clear carry
+         &and($num,0xfffffff8); # num / 8
+
+        &jz(&label("aw_finish"));
+
+        &set_label("aw_loop",0);
+        for ($i=0; $i<8; $i++)
+                {
+                &comment("Round $i");
+
+                &mov($tmp1,&DWP($i*4,$a,"",0));         # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));        # *b
+                &sub($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &sub($tmp1,$tmp2);
+                &adc($c,0);
+                 &mov(&DWP($i*4,$r,"",0),$tmp1);        # *r
+                }
+
+        &comment("");
+        &add($a,32);
+         &add($b,32);
+        &add($r,32);
+         &sub($num,8);
+        &jnz(&label("aw_loop"));
+
+        &set_label("aw_finish",0);
+        &mov($num,&wparam(3));  # get num
+        &and($num,7);
+         &jz(&label("aw_end"));
+
+        for ($i=0; $i<7; $i++)
+                {
+                &comment("Tail Round $i");
+                &mov($tmp1,&DWP($i*4,$a,"",0)); # *a
+                 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+                &sub($tmp1,$c);
+                 &mov($c,0);
+                &adc($c,$c);
+                 &sub($tmp1,$tmp2);
+                &adc($c,0);
+                 &dec($num) if ($i != 6);
+                &mov(&DWP($i*4,$r,"",0),$tmp1); # *a
+                 &jz(&label("aw_end")) if ($i != 6);
+                }
+        &set_label("aw_end",0);
+
+#       &mov("eax",$c);         # $c is "eax"
+
+        &function_end($name);
+        }
+
+1;
diff --git a/src/lib/libcrypto/bn/asm/x86_64-gcc.c b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
new file mode 100644
index 0000000000..7378344251
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86_64-gcc.c
@@ -0,0 +1,593 @@
+/*
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ *    versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ *    proof-of-concept hack. As you can see it's implemented with
+ *    inline assembler, which means that you're bound to GCC and that
+ *    there might be enough room for further improvement.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ *    why I decided to let the compiler take care of subroutine
+ *    prologue/epilogue as well as register allocation. For reference.
+ *    Win64 implements different ABI for AMD64, different from Linux.
+ *
+ * Q. How much faster does it get?
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
+ *      rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
+ *      rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
+ *      rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
+ *      dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
+ *      dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
+ *
+ *    'apps/openssl speed rsa dsa' output with this module:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
+ *      rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
+ *      rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
+ *      rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
+ *      dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
+ *      dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
+ *
+ *    For the reference. IA-32 assembler implementation performs
+ *    very much like 64-bit code compiled with no-asm on the same
+ *    machine.
+ */
+
+#define BN_ULONG unsigned long
+
+/*
+ * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
+ * "g"(0)               let the compiler to decide where does it
+ *                      want to keep the value of zero;
+ */
+#define mul_add(r,a,word,carry) do {    \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"m"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+m"(r),"+d"(high)    \
+                : "r"(carry),"g"(0)     \
+                : "cc");                \
+        carry=high;                     \
+        } while (0)
+
+#define mul(r,a,word,carry) do {        \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"g"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        (r)=carry, carry=high;          \
+        } while (0)
+
+#define sqr(r0,r1,a)                    \
+        asm ("mulq %2"                  \
+                : "=a"(r0),"=d"(r1)     \
+                : "a"(a)                \
+                : "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+        {
+        BN_ULONG c1=0;
+
+        if (num <= 0) return(c1);
+
+        while (num&~3)
+                {
+                mul_add(rp[0],ap[0],w,c1);
+                mul_add(rp[1],ap[1],w,c1);
+                mul_add(rp[2],ap[2],w,c1);
+                mul_add(rp[3],ap[3],w,c1);
+                ap+=4; rp+=4; num-=4;
+                }
+        if (num)
+                {
+                mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+                mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+                mul_add(rp[2],ap[2],w,c1); return c1;
+                }
+        
+        return(c1);
+        } 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+        {
+        BN_ULONG c1=0;
+
+        if (num <= 0) return(c1);
+
+        while (num&~3)
+                {
+                mul(rp[0],ap[0],w,c1);
+                mul(rp[1],ap[1],w,c1);
+                mul(rp[2],ap[2],w,c1);
+                mul(rp[3],ap[3],w,c1);
+                ap+=4; rp+=4; num-=4;
+                }
+        if (num)
+                {
+                mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+                mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+                mul(rp[2],ap[2],w,c1);
+                }
+        return(c1);
+        } 
+
+void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
+        {
+        if (n <= 0) return;
+
+        while (n&~3)
+                {
+                sqr(r[0],r[1],a[0]);
+                sqr(r[2],r[3],a[1]);
+                sqr(r[4],r[5],a[2]);
+                sqr(r[6],r[7],a[3]);
+                a+=4; r+=8; n-=4;
+                }
+        if (n)
+                {
+                sqr(r[0],r[1],a[0]); if (--n == 0) return;
+                sqr(r[2],r[3],a[1]); if (--n == 0) return;
+                sqr(r[4],r[5],a[2]);
+                }
+        }
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{       BN_ULONG ret,waste;
+
+        asm ("divq      %4"
+                : "=a"(ret),"=d"(waste)
+                : "a"(l),"d"(h),"g"(d)
+                : "cc");
+
+        return ret;
+}
+
+BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+{ BN_ULONG ret=0,i=0;
+
+        if (n <= 0) return 0;
+
+        asm (
+        "       subq    %2,%2           \n"
+        ".align 16                      \n"
+        "1:     movq    (%4,%2,8),%0    \n"
+        "       adcq    (%5,%2,8),%0    \n"
+        "       movq    %0,(%3,%2,8)    \n"
+        "       leaq    1(%2),%2        \n"
+        "       loop    1b              \n"
+        "       sbbq    %0,%0           \n"
+                : "=&a"(ret),"+c"(n),"=&r"(i)
+                : "r"(rp),"r"(ap),"r"(bp)
+                : "cc"
+        );
+
+  return ret&1;
+}
+
+#ifndef SIMICS
+BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
+{ BN_ULONG ret=0,i=0;
+
+        if (n <= 0) return 0;
+
+        asm (
+        "       subq    %2,%2           \n"
+        ".align 16                      \n"
+        "1:     movq    (%4,%2,8),%0    \n"
+        "       sbbq    (%5,%2,8),%0    \n"
+        "       movq    %0,(%3,%2,8)    \n"
+        "       leaq    1(%2),%2        \n"
+        "       loop    1b              \n"
+        "       sbbq    %0,%0           \n"
+                : "=&a"(ret),"+c"(n),"=&r"(i)
+                : "r"(rp),"r"(ap),"r"(bp)
+                : "cc"
+        );
+
+  return ret&1;
+}
+#else
+/* Simics 1.4<7 has buggy sbbq:-( */
+#define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+        BN_ULONG t1,t2;
+        int c=0;
+
+        if (n <= 0) return((BN_ULONG)0);
+
+        for (;;)
+                {
+                t1=a[0]; t2=b[0];
+                r[0]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                t1=a[1]; t2=b[1];
+                r[1]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                t1=a[2]; t2=b[2];
+                r[2]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                t1=a[3]; t2=b[3];
+                r[3]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                a+=4;
+                b+=4;
+                r+=4;
+                }
+        return(c);
+        }
+#endif
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+
+#if 0
+/* original macros are kept for reference purposes */
+#define mul_add_c(a,b,c0,c1,c2) {       \
+        BN_ULONG ta=(a),tb=(b);         \
+        t1 = ta * tb;                   \
+        t2 = BN_UMULT_HIGH(ta,tb);      \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#define mul_add_c2(a,b,c0,c1,c2) {      \
+        BN_ULONG ta=(a),tb=(b),t0;      \
+        t1 = BN_UMULT_HIGH(ta,tb);      \
+        t0 = ta * tb;                   \
+        t2 = t1+t1; c2 += (t2<t1)?1:0;  \
+        t1 = t0+t0; t2 += (t1<t0)?1:0;  \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+#else
+#define mul_add_c(a,b,c0,c1,c2) do {    \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(c0),"+d"(t2)     \
+                : "a"(t1),"g"(0)        \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(c1),"+r"(c2)     \
+                : "d"(t2),"g"(0)        \
+                : "cc");                \
+        } while (0)
+
+#define sqr_add_c(a,i,c0,c1,c2) do {    \
+        asm ("mulq %2"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a[i])             \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(c0),"+d"(t2)     \
+                : "a"(t1),"g"(0)        \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(c1),"+r"(c2)     \
+                : "d"(t2),"g"(0)        \
+                : "cc");                \
+        } while (0)
+
+#define mul_add_c2(a,b,c0,c1,c2) do {   \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %0,%0; adcq %2,%1"   \
+                : "+d"(t2),"+r"(c2)     \
+                : "g"(0)                \
+                : "cc");                \
+        asm ("addq %0,%0; adcq %2,%1"   \
+                : "+a"(t1),"+d"(t2)     \
+                : "g"(0)                \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(c0),"+d"(t2)     \
+                : "a"(t1),"g"(0)        \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(c1),"+r"(c2)     \
+                : "d"(t2),"g"(0)        \
+                : "cc");                \
+        } while (0)
+#endif
+
+#define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+        {
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        mul_add_c(a[0],b[0],c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        mul_add_c(a[0],b[1],c2,c3,c1);
+        mul_add_c(a[1],b[0],c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        mul_add_c(a[2],b[0],c3,c1,c2);
+        mul_add_c(a[1],b[1],c3,c1,c2);
+        mul_add_c(a[0],b[2],c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        mul_add_c(a[0],b[3],c1,c2,c3);
+        mul_add_c(a[1],b[2],c1,c2,c3);
+        mul_add_c(a[2],b[1],c1,c2,c3);
+        mul_add_c(a[3],b[0],c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        mul_add_c(a[4],b[0],c2,c3,c1);
+        mul_add_c(a[3],b[1],c2,c3,c1);
+        mul_add_c(a[2],b[2],c2,c3,c1);
+        mul_add_c(a[1],b[3],c2,c3,c1);
+        mul_add_c(a[0],b[4],c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        mul_add_c(a[0],b[5],c3,c1,c2);
+        mul_add_c(a[1],b[4],c3,c1,c2);
+        mul_add_c(a[2],b[3],c3,c1,c2);
+        mul_add_c(a[3],b[2],c3,c1,c2);
+        mul_add_c(a[4],b[1],c3,c1,c2);
+        mul_add_c(a[5],b[0],c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        mul_add_c(a[6],b[0],c1,c2,c3);
+        mul_add_c(a[5],b[1],c1,c2,c3);
+        mul_add_c(a[4],b[2],c1,c2,c3);
+        mul_add_c(a[3],b[3],c1,c2,c3);
+        mul_add_c(a[2],b[4],c1,c2,c3);
+        mul_add_c(a[1],b[5],c1,c2,c3);
+        mul_add_c(a[0],b[6],c1,c2,c3);
+        r[6]=c1;
+        c1=0;
+        mul_add_c(a[0],b[7],c2,c3,c1);
+        mul_add_c(a[1],b[6],c2,c3,c1);
+        mul_add_c(a[2],b[5],c2,c3,c1);
+        mul_add_c(a[3],b[4],c2,c3,c1);
+        mul_add_c(a[4],b[3],c2,c3,c1);
+        mul_add_c(a[5],b[2],c2,c3,c1);
+        mul_add_c(a[6],b[1],c2,c3,c1);
+        mul_add_c(a[7],b[0],c2,c3,c1);
+        r[7]=c2;
+        c2=0;
+        mul_add_c(a[7],b[1],c3,c1,c2);
+        mul_add_c(a[6],b[2],c3,c1,c2);
+        mul_add_c(a[5],b[3],c3,c1,c2);
+        mul_add_c(a[4],b[4],c3,c1,c2);
+        mul_add_c(a[3],b[5],c3,c1,c2);
+        mul_add_c(a[2],b[6],c3,c1,c2);
+        mul_add_c(a[1],b[7],c3,c1,c2);
+        r[8]=c3;
+        c3=0;
+        mul_add_c(a[2],b[7],c1,c2,c3);
+        mul_add_c(a[3],b[6],c1,c2,c3);
+        mul_add_c(a[4],b[5],c1,c2,c3);
+        mul_add_c(a[5],b[4],c1,c2,c3);
+        mul_add_c(a[6],b[3],c1,c2,c3);
+        mul_add_c(a[7],b[2],c1,c2,c3);
+        r[9]=c1;
+        c1=0;
+        mul_add_c(a[7],b[3],c2,c3,c1);
+        mul_add_c(a[6],b[4],c2,c3,c1);
+        mul_add_c(a[5],b[5],c2,c3,c1);
+        mul_add_c(a[4],b[6],c2,c3,c1);
+        mul_add_c(a[3],b[7],c2,c3,c1);
+        r[10]=c2;
+        c2=0;
+        mul_add_c(a[4],b[7],c3,c1,c2);
+        mul_add_c(a[5],b[6],c3,c1,c2);
+        mul_add_c(a[6],b[5],c3,c1,c2);
+        mul_add_c(a[7],b[4],c3,c1,c2);
+        r[11]=c3;
+        c3=0;
+        mul_add_c(a[7],b[5],c1,c2,c3);
+        mul_add_c(a[6],b[6],c1,c2,c3);
+        mul_add_c(a[5],b[7],c1,c2,c3);
+        r[12]=c1;
+        c1=0;
+        mul_add_c(a[6],b[7],c2,c3,c1);
+        mul_add_c(a[7],b[6],c2,c3,c1);
+        r[13]=c2;
+        c2=0;
+        mul_add_c(a[7],b[7],c3,c1,c2);
+        r[14]=c3;
+        r[15]=c1;
+        }
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+        {
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        mul_add_c(a[0],b[0],c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        mul_add_c(a[0],b[1],c2,c3,c1);
+        mul_add_c(a[1],b[0],c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        mul_add_c(a[2],b[0],c3,c1,c2);
+        mul_add_c(a[1],b[1],c3,c1,c2);
+        mul_add_c(a[0],b[2],c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        mul_add_c(a[0],b[3],c1,c2,c3);
+        mul_add_c(a[1],b[2],c1,c2,c3);
+        mul_add_c(a[2],b[1],c1,c2,c3);
+        mul_add_c(a[3],b[0],c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        mul_add_c(a[3],b[1],c2,c3,c1);
+        mul_add_c(a[2],b[2],c2,c3,c1);
+        mul_add_c(a[1],b[3],c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        mul_add_c(a[2],b[3],c3,c1,c2);
+        mul_add_c(a[3],b[2],c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        mul_add_c(a[3],b[3],c1,c2,c3);
+        r[6]=c1;
+        r[7]=c2;
+        }
+
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+        {
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        sqr_add_c(a,0,c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        sqr_add_c2(a,1,0,c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        sqr_add_c(a,1,c3,c1,c2);
+        sqr_add_c2(a,2,0,c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        sqr_add_c2(a,3,0,c1,c2,c3);
+        sqr_add_c2(a,2,1,c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        sqr_add_c(a,2,c2,c3,c1);
+        sqr_add_c2(a,3,1,c2,c3,c1);
+        sqr_add_c2(a,4,0,c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        sqr_add_c2(a,5,0,c3,c1,c2);
+        sqr_add_c2(a,4,1,c3,c1,c2);
+        sqr_add_c2(a,3,2,c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        sqr_add_c(a,3,c1,c2,c3);
+        sqr_add_c2(a,4,2,c1,c2,c3);
+        sqr_add_c2(a,5,1,c1,c2,c3);
+        sqr_add_c2(a,6,0,c1,c2,c3);
+        r[6]=c1;
+        c1=0;
+        sqr_add_c2(a,7,0,c2,c3,c1);
+        sqr_add_c2(a,6,1,c2,c3,c1);
+        sqr_add_c2(a,5,2,c2,c3,c1);
+        sqr_add_c2(a,4,3,c2,c3,c1);
+        r[7]=c2;
+        c2=0;
+        sqr_add_c(a,4,c3,c1,c2);
+        sqr_add_c2(a,5,3,c3,c1,c2);
+        sqr_add_c2(a,6,2,c3,c1,c2);
+        sqr_add_c2(a,7,1,c3,c1,c2);
+        r[8]=c3;
+        c3=0;
+        sqr_add_c2(a,7,2,c1,c2,c3);
+        sqr_add_c2(a,6,3,c1,c2,c3);
+        sqr_add_c2(a,5,4,c1,c2,c3);
+        r[9]=c1;
+        c1=0;
+        sqr_add_c(a,5,c2,c3,c1);
+        sqr_add_c2(a,6,4,c2,c3,c1);
+        sqr_add_c2(a,7,3,c2,c3,c1);
+        r[10]=c2;
+        c2=0;
+        sqr_add_c2(a,7,4,c3,c1,c2);
+        sqr_add_c2(a,6,5,c3,c1,c2);
+        r[11]=c3;
+        c3=0;
+        sqr_add_c(a,6,c1,c2,c3);
+        sqr_add_c2(a,7,5,c1,c2,c3);
+        r[12]=c1;
+        c1=0;
+        sqr_add_c2(a,7,6,c2,c3,c1);
+        r[13]=c2;
+        c2=0;
+        sqr_add_c(a,7,c3,c1,c2);
+        r[14]=c3;
+        r[15]=c1;
+        }
+
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+        {
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        sqr_add_c(a,0,c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        sqr_add_c2(a,1,0,c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        sqr_add_c(a,1,c3,c1,c2);
+        sqr_add_c2(a,2,0,c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        sqr_add_c2(a,3,0,c1,c2,c3);
+        sqr_add_c2(a,2,1,c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        sqr_add_c(a,2,c2,c3,c1);
+        sqr_add_c2(a,3,1,c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        sqr_add_c2(a,3,2,c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        sqr_add_c(a,3,c1,c2,c3);
+        r[6]=c1;
+        r[7]=c2;
+        }
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
new file mode 100644
index 0000000000..3da6d8ced9
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn.h
@@ -0,0 +1,549 @@
+/* crypto/bn/bn.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BN_H
+#define HEADER_BN_H
+
+#include <openssl/e_os2.h>
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h> /* FILE */
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+#undef BN_LLONG /* experimental, so far... */
+#endif
+
+#define BN_MUL_COMBA
+#define BN_SQR_COMBA
+#define BN_RECURSION
+
+/* This next option uses the C libraries (2 word)/(1 word) function.
+ * If it is not defined, I use my C version (which is slower).
+ * The reason for this flag is that when the particular C compiler
+ * library routine is used, and the library is linked with a different
+ * compiler, the library is missing.  This mostly happens when the
+ * library is built with gcc and then linked using normal cc.  This would
+ * be a common occurrence because gcc normally produces code that is
+ * 2 times faster than system compilers for the big number stuff.
+ * For machines with only one compiler (or shared libraries), this should
+ * be on.  Again this in only really a problem on machines
+ * using "long long's", are 32bit, and are not using my assembler code. */
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
+# ifndef BN_DIV2W
+#  define BN_DIV2W
+# endif
+#endif
+
+/* assuming long is 64bit - this is the DEC Alpha
+ * unsigned long long is only 64 bits :-(, don't define
+ * BN_LLONG for the DEC Alpha */
+#ifdef SIXTY_FOUR_BIT_LONG
+#define BN_ULLONG       unsigned long long
+#define BN_ULONG        unsigned long
+#define BN_LONG         long
+#define BN_BITS         128
+#define BN_BYTES        8
+#define BN_BITS2        64
+#define BN_BITS4        32
+#define BN_MASK         (0xffffffffffffffffffffffffffffffffLL)
+#define BN_MASK2        (0xffffffffffffffffL)
+#define BN_MASK2l       (0xffffffffL)
+#define BN_MASK2h       (0xffffffff00000000L)
+#define BN_MASK2h1      (0xffffffff80000000L)
+#define BN_TBIT         (0x8000000000000000L)
+#define BN_DEC_CONV     (10000000000000000000UL)
+#define BN_DEC_FMT1     "%lu"
+#define BN_DEC_FMT2     "%019lu"
+#define BN_DEC_NUM      19
+#endif
+
+/* This is where the long long data type is 64 bits, but long is 32.
+ * For machines where there are 64bit registers, this is the mode to use.
+ * IRIX, on R4000 and above should use this mode, along with the relevant
+ * assembler code :-).  Do NOT define BN_LLONG.
+ */
+#ifdef SIXTY_FOUR_BIT
+#undef BN_LLONG
+#undef BN_ULLONG
+#define BN_ULONG        unsigned long long
+#define BN_LONG         long long
+#define BN_BITS         128
+#define BN_BYTES        8
+#define BN_BITS2        64
+#define BN_BITS4        32
+#define BN_MASK2        (0xffffffffffffffffLL)
+#define BN_MASK2l       (0xffffffffL)
+#define BN_MASK2h       (0xffffffff00000000LL)
+#define BN_MASK2h1      (0xffffffff80000000LL)
+#define BN_TBIT         (0x8000000000000000LL)
+#define BN_DEC_CONV     (10000000000000000000ULL)
+#define BN_DEC_FMT1     "%llu"
+#define BN_DEC_FMT2     "%019llu"
+#define BN_DEC_NUM      19
+#endif
+
+#ifdef THIRTY_TWO_BIT
+#if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+#define BN_ULLONG       unsigned _int64
+#else
+#define BN_ULLONG       unsigned long long
+#endif
+#define BN_ULONG        unsigned long
+#define BN_LONG         long
+#define BN_BITS         64
+#define BN_BYTES        4
+#define BN_BITS2        32
+#define BN_BITS4        16
+#ifdef OPENSSL_SYS_WIN32
+/* VC++ doesn't like the LL suffix */
+#define BN_MASK         (0xffffffffffffffffL)
+#else
+#define BN_MASK         (0xffffffffffffffffLL)
+#endif
+#define BN_MASK2        (0xffffffffL)
+#define BN_MASK2l       (0xffff)
+#define BN_MASK2h1      (0xffff8000L)
+#define BN_MASK2h       (0xffff0000L)
+#define BN_TBIT         (0x80000000L)
+#define BN_DEC_CONV     (1000000000L)
+#define BN_DEC_FMT1     "%lu"
+#define BN_DEC_FMT2     "%09lu"
+#define BN_DEC_NUM      9
+#endif
+
+#ifdef SIXTEEN_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG       unsigned long
+#define BN_ULONG        unsigned short
+#define BN_LONG         short
+#define BN_BITS         32
+#define BN_BYTES        2
+#define BN_BITS2        16
+#define BN_BITS4        8
+#define BN_MASK         (0xffffffff)
+#define BN_MASK2        (0xffff)
+#define BN_MASK2l       (0xff)
+#define BN_MASK2h1      (0xff80)
+#define BN_MASK2h       (0xff00)
+#define BN_TBIT         (0x8000)
+#define BN_DEC_CONV     (100000)
+#define BN_DEC_FMT1     "%u"
+#define BN_DEC_FMT2     "%05u"
+#define BN_DEC_NUM      5
+#endif
+
+#ifdef EIGHT_BIT
+#ifndef BN_DIV2W
+#define BN_DIV2W
+#endif
+#define BN_ULLONG       unsigned short
+#define BN_ULONG        unsigned char
+#define BN_LONG         char
+#define BN_BITS         16
+#define BN_BYTES        1
+#define BN_BITS2        8
+#define BN_BITS4        4
+#define BN_MASK         (0xffff)
+#define BN_MASK2        (0xff)
+#define BN_MASK2l       (0xf)
+#define BN_MASK2h1      (0xf8)
+#define BN_MASK2h       (0xf0)
+#define BN_TBIT         (0x80)
+#define BN_DEC_CONV     (100)
+#define BN_DEC_FMT1     "%u"
+#define BN_DEC_FMT2     "%02u"
+#define BN_DEC_NUM      2
+#endif
+
+#define BN_DEFAULT_BITS 1280
+
+#ifdef BIGNUM
+#undef BIGNUM
+#endif
+
+#define BN_FLG_MALLOCED         0x01
+#define BN_FLG_STATIC_DATA      0x02
+#define BN_FLG_FREE             0x8000  /* used for debuging */
+#define BN_set_flags(b,n)       ((b)->flags|=(n))
+#define BN_get_flags(b,n)       ((b)->flags&(n))
+
+typedef struct bignum_st
+        {
+        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
+        int top;        /* Index of last used d +1. */
+        /* The next are internal book keeping for bn_expand. */
+        int dmax;       /* Size of the d array. */
+        int neg;        /* one if the number is negative */
+        int flags;
+        } BIGNUM;
+
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
+
+typedef struct bn_blinding_st
+        {
+        int init;
+        BIGNUM *A;
+        BIGNUM *Ai;
+        BIGNUM *mod; /* just a reference */
+        unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
+                                  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+        } BN_BLINDING;
+
+/* Used for montgomery multiplication */
+typedef struct bn_mont_ctx_st
+        {
+        int ri;        /* number of bits in R */
+        BIGNUM RR;     /* used to convert to montgomery form */
+        BIGNUM N;      /* The modulus */
+        BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
+                        * (Ni is only stored for bignum algorithm) */
+        BN_ULONG n0;   /* least significant word of Ni */
+        int flags;
+        } BN_MONT_CTX;
+
+/* Used for reciprocal division/mod functions
+ * It cannot be shared between threads
+ */
+typedef struct bn_recp_ctx_st
+        {
+        BIGNUM N;       /* the divisor */
+        BIGNUM Nr;      /* the reciprocal */
+        int num_bits;
+        int shift;
+        int flags;
+        } BN_RECP_CTX;
+
+#define BN_prime_checks 0 /* default: select number of iterations
+                             based on the size of the number */
+
+/* number of Miller-Rabin iterations for an error rate  of less than 2^-80
+ * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
+ * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
+ * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
+#define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
+                                (b) >=  850 ?  3 : \
+                                (b) >=  650 ?  4 : \
+                                (b) >=  550 ?  5 : \
+                                (b) >=  450 ?  6 : \
+                                (b) >=  400 ?  7 : \
+                                (b) >=  350 ?  8 : \
+                                (b) >=  300 ?  9 : \
+                                (b) >=  250 ? 12 : \
+                                (b) >=  200 ? 15 : \
+                                (b) >=  150 ? 18 : \
+                                /* b >= 100 */ 27)
+
+#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+/* Note that BN_abs_is_word does not work reliably for w == 0 */
+#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
+#define BN_is_zero(a)       (((a)->top == 0) || BN_abs_is_word(a,0))
+#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
+#define BN_is_word(a,w)     ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \
+                                   BN_is_zero((a)))
+#define BN_is_odd(a)        (((a)->top > 0) && ((a)->d[0] & 1))
+
+#define BN_one(a)       (BN_set_word((a),1))
+#define BN_zero(a)      (BN_set_word((a),0))
+
+/*#define BN_ascii2bn(a)        BN_hex2bn(a) */
+/*#define BN_bn2ascii(a)        BN_bn2hex(a) */
+
+const BIGNUM *BN_value_one(void);
+char *  BN_options(void);
+BN_CTX *BN_CTX_new(void);
+void    BN_CTX_init(BN_CTX *c);
+void    BN_CTX_free(BN_CTX *c);
+void    BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void    BN_CTX_end(BN_CTX *ctx);
+int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int     BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+int     BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+int     BN_num_bits(const BIGNUM *a);
+int     BN_num_bits_word(BN_ULONG);
+BIGNUM *BN_new(void);
+void    BN_init(BIGNUM *);
+void    BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void    BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
+int     BN_bn2bin(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
+int     BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int     BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int     BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int     BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int     BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int     BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int     BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+
+int     BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+        BN_CTX *ctx);
+#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int     BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int     BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int     BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int     BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int     BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int     BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+        const BIGNUM *m, BN_CTX *ctx);
+int     BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int     BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int     BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int     BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
+int     BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int     BN_mul_word(BIGNUM *a, BN_ULONG w);
+int     BN_add_word(BIGNUM *a, BN_ULONG w);
+int     BN_sub_word(BIGNUM *a, BN_ULONG w);
+int     BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int     BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void    BN_free(BIGNUM *a);
+int     BN_is_bit_set(const BIGNUM *a, int n);
+int     BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int     BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int     BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
+
+int     BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m,BN_CTX *ctx);
+int     BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int     BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int     BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+        const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
+        BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+int     BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m,BN_CTX *ctx);
+
+int     BN_mask_bits(BIGNUM *a,int n);
+#ifndef OPENSSL_NO_FP_API
+int     BN_print_fp(FILE *fp, const BIGNUM *a);
+#endif
+#ifdef HEADER_BIO_H
+int     BN_print(BIO *fp, const BIGNUM *a);
+#else
+int     BN_print(void *fp, const BIGNUM *a);
+#endif
+int     BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int     BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int     BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void    BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int     BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int     BN_set_bit(BIGNUM *a, int n);
+int     BN_clear_bit(BIGNUM *a, int n);
+char *  BN_bn2hex(const BIGNUM *a);
+char *  BN_bn2dec(const BIGNUM *a);
+int     BN_hex2bn(BIGNUM **a, const char *str);
+int     BN_dec2bn(BIGNUM **a, const char *str);
+int     BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
+int     BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+        const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+        const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+        const BIGNUM *add, const BIGNUM *rem,
+        void (*callback)(int,int,void *),void *cb_arg);
+int     BN_is_prime(const BIGNUM *p,int nchecks,
+        void (*callback)(int,int,void *),
+        BN_CTX *ctx,void *cb_arg);
+int     BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
+        void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
+        int do_trial_division);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void );
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
+        BN_MONT_CTX *mont, BN_CTX *ctx);
+#define BN_to_montgomery(r,a,mont,ctx)  BN_mod_mul_montgomery(\
+        (r),(a),&((mont)->RR),(mont),(ctx))
+int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
+        BN_MONT_CTX *mont, BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+
+void BN_set_params(int mul,int high,int low,int mont);
+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
+
+void    BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void    BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int     BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
+int     BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+        BN_RECP_CTX *recp,BN_CTX *ctx);
+int     BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx);
+int     BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+        BN_RECP_CTX *recp, BN_CTX *ctx);
+
+/* library internal functions */
+
+#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+        (a):bn_expand2((a),(bits)/BN_BITS2+1))
+#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+BIGNUM *bn_dup_expand(const BIGNUM *a, int words);
+
+#define bn_fix_top(a) \
+        { \
+        BN_ULONG *ftl; \
+        if ((a)->top > 0) \
+                { \
+                for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+                if (*(ftl--)) break; \
+                } \
+        }
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+
+#ifdef BN_DEBUG
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n);
+# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
+   fprintf(stderr,"\n");}
+# define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
+#else
+# define bn_print(a)
+# define bn_dump(a,b)
+#endif
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BN_strings(void);
+
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+#define BN_F_BN_BLINDING_CONVERT                         100
+#define BN_F_BN_BLINDING_INVERT                          101
+#define BN_F_BN_BLINDING_NEW                             102
+#define BN_F_BN_BLINDING_UPDATE                          103
+#define BN_F_BN_BN2DEC                                   104
+#define BN_F_BN_BN2HEX                                   105
+#define BN_F_BN_CTX_GET                                  116
+#define BN_F_BN_CTX_NEW                                  106
+#define BN_F_BN_DIV                                      107
+#define BN_F_BN_EXPAND2                                  108
+#define BN_F_BN_EXPAND_INTERNAL                          120
+#define BN_F_BN_MOD_EXP2_MONT                            118
+#define BN_F_BN_MOD_EXP_MONT                             109
+#define BN_F_BN_MOD_EXP_MONT_WORD                        117
+#define BN_F_BN_MOD_INVERSE                              110
+#define BN_F_BN_MOD_LSHIFT_QUICK                         119
+#define BN_F_BN_MOD_MUL_RECIPROCAL                       111
+#define BN_F_BN_MOD_SQRT                                 121
+#define BN_F_BN_MPI2BN                                   112
+#define BN_F_BN_NEW                                      113
+#define BN_F_BN_RAND                                     114
+#define BN_F_BN_RAND_RANGE                               122
+#define BN_F_BN_USUB                                     115
+
+/* Reason codes. */
+#define BN_R_ARG2_LT_ARG3                                100
+#define BN_R_BAD_RECIPROCAL                              101
+#define BN_R_BIGNUM_TOO_LONG                             114
+#define BN_R_CALLED_WITH_EVEN_MODULUS                    102
+#define BN_R_DIV_BY_ZERO                                 103
+#define BN_R_ENCODING_ERROR                              104
+#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
+#define BN_R_INPUT_NOT_REDUCED                           110
+#define BN_R_INVALID_LENGTH                              106
+#define BN_R_INVALID_RANGE                               115
+#define BN_R_NOT_A_SQUARE                                111
+#define BN_R_NOT_INITIALIZED                             107
+#define BN_R_NO_INVERSE                                  108
+#define BN_R_P_IS_NOT_PRIME                              112
+#define BN_R_TOO_MANY_ITERATIONS                         113
+#define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
new file mode 100644
index 0000000000..6cba07e9f6
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_add.c
@@ -0,0 +1,309 @@
+/* crypto/bn/bn_add.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r can == a or b */
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+        {
+        const BIGNUM *tmp;
+        int a_neg = a->neg;
+
+        bn_check_top(a);
+        bn_check_top(b);
+
+        /*  a +  b      a+b
+         *  a + -b      a-b
+         * -a +  b      b-a
+         * -a + -b      -(a+b)
+         */
+        if (a_neg ^ b->neg)
+                {
+                /* only one is negative */
+                if (a_neg)
+                        { tmp=a; a=b; b=tmp; }
+
+                /* we are now a - b */
+
+                if (BN_ucmp(a,b) < 0)
+                        {
+                        if (!BN_usub(r,b,a)) return(0);
+                        r->neg=1;
+                        }
+                else
+                        {
+                        if (!BN_usub(r,a,b)) return(0);
+                        r->neg=0;
+                        }
+                return(1);
+                }
+
+        if (!BN_uadd(r,a,b)) return(0);
+        if (a_neg) /* both are neg */
+                r->neg=1;
+        else
+                r->neg=0;
+        return(1);
+        }
+
+/* unsigned add of b to a, r must be large enough */
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+        {
+        register int i;
+        int max,min;
+        BN_ULONG *ap,*bp,*rp,carry,t1;
+        const BIGNUM *tmp;
+
+        bn_check_top(a);
+        bn_check_top(b);
+
+        if (a->top < b->top)
+                { tmp=a; a=b; b=tmp; }
+        max=a->top;
+        min=b->top;
+
+        if (bn_wexpand(r,max+1) == NULL)
+                return(0);
+
+        r->top=max;
+
+
+        ap=a->d;
+        bp=b->d;
+        rp=r->d;
+        carry=0;
+
+        carry=bn_add_words(rp,ap,bp,min);
+        rp+=min;
+        ap+=min;
+        bp+=min;
+        i=min;
+
+        if (carry)
+                {
+                while (i < max)
+                        {
+                        i++;
+                        t1= *(ap++);
+                        if ((*(rp++)=(t1+1)&BN_MASK2) >= t1)
+                                {
+                                carry=0;
+                                break;
+                                }
+                        }
+                if ((i >= max) && carry)
+                        {
+                        *(rp++)=1;
+                        r->top++;
+                        }
+                }
+        if (rp != ap)
+                {
+                for (; i<max; i++)
+                        *(rp++)= *(ap++);
+                }
+        /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
+        r->neg = 0;
+        return(1);
+        }
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+        {
+        int max,min;
+        register BN_ULONG t1,t2,*ap,*bp,*rp;
+        int i,carry;
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+        int dummy;
+#endif
+
+        bn_check_top(a);
+        bn_check_top(b);
+
+        if (a->top < b->top) /* hmm... should not be happening */
+                {
+                BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
+                return(0);
+                }
+
+        max=a->top;
+        min=b->top;
+        if (bn_wexpand(r,max) == NULL) return(0);
+
+        ap=a->d;
+        bp=b->d;
+        rp=r->d;
+
+#if 1
+        carry=0;
+        for (i=0; i<min; i++)
+                {
+                t1= *(ap++);
+                t2= *(bp++);
+                if (carry)
+                        {
+                        carry=(t1 <= t2);
+                        t1=(t1-t2-1)&BN_MASK2;
+                        }
+                else
+                        {
+                        carry=(t1 < t2);
+                        t1=(t1-t2)&BN_MASK2;
+                        }
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+                dummy=t1;
+#endif
+                *(rp++)=t1&BN_MASK2;
+                }
+#else
+        carry=bn_sub_words(rp,ap,bp,min);
+        ap+=min;
+        bp+=min;
+        rp+=min;
+        i=min;
+#endif
+        if (carry) /* subtracted */
+                {
+                while (i < max)
+                        {
+                        i++;
+                        t1= *(ap++);
+                        t2=(t1-1)&BN_MASK2;
+                        *(rp++)=t2;
+                        if (t1 > t2) break;
+                        }
+                }
+#if 0
+        memcpy(rp,ap,sizeof(*rp)*(max-i));
+#else
+        if (rp != ap)
+                {
+                for (;;)
+                        {
+                        if (i++ >= max) break;
+                        rp[0]=ap[0];
+                        if (i++ >= max) break;
+                        rp[1]=ap[1];
+                        if (i++ >= max) break;
+                        rp[2]=ap[2];
+                        if (i++ >= max) break;
+                        rp[3]=ap[3];
+                        rp+=4;
+                        ap+=4;
+                        }
+                }
+#endif
+
+        r->top=max;
+        r->neg=0;
+        bn_fix_top(r);
+        return(1);
+        }
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+        {
+        int max;
+        int add=0,neg=0;
+        const BIGNUM *tmp;
+
+        bn_check_top(a);
+        bn_check_top(b);
+
+        /*  a -  b      a-b
+         *  a - -b      a+b
+         * -a -  b      -(a+b)
+         * -a - -b      b-a
+         */
+        if (a->neg)
+                {
+                if (b->neg)
+                        { tmp=a; a=b; b=tmp; }
+                else
+                        { add=1; neg=1; }
+                }
+        else
+                {
+                if (b->neg) { add=1; neg=0; }
+                }
+
+        if (add)
+                {
+                if (!BN_uadd(r,a,b)) return(0);
+                r->neg=neg;
+                return(1);
+                }
+
+        /* We are actually doing a - b :-) */
+
+        max=(a->top > b->top)?a->top:b->top;
+        if (bn_wexpand(r,max) == NULL) return(0);
+        if (BN_ucmp(a,b) < 0)
+                {
+                if (!BN_usub(r,b,a)) return(0);
+                r->neg=1;
+                }
+        else
+                {
+                if (!BN_usub(r,a,b)) return(0);
+                r->neg=0;
+                }
+        return(1);
+        }
+
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
new file mode 100644
index 0000000000..be8aa3ffc5
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -0,0 +1,832 @@
+/* crypto/bn/bn_asm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+        {
+        BN_ULONG c1=0;
+
+        assert(num >= 0);
+        if (num <= 0) return(c1);
+
+        while (num&~3)
+                {
+                mul_add(rp[0],ap[0],w,c1);
+                mul_add(rp[1],ap[1],w,c1);
+                mul_add(rp[2],ap[2],w,c1);
+                mul_add(rp[3],ap[3],w,c1);
+                ap+=4; rp+=4; num-=4;
+                }
+        if (num)
+                {
+                mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+                mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+                mul_add(rp[2],ap[2],w,c1); return c1;
+                }
+        
+        return(c1);
+        } 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+        {
+        BN_ULONG c1=0;
+
+        assert(num >= 0);
+        if (num <= 0) return(c1);
+
+        while (num&~3)
+                {
+                mul(rp[0],ap[0],w,c1);
+                mul(rp[1],ap[1],w,c1);
+                mul(rp[2],ap[2],w,c1);
+                mul(rp[3],ap[3],w,c1);
+                ap+=4; rp+=4; num-=4;
+                }
+        if (num)
+                {
+                mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+                mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+                mul(rp[2],ap[2],w,c1);
+                }
+        return(c1);
+        } 
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+        {
+        assert(n >= 0);
+        if (n <= 0) return;
+        while (n&~3)
+                {
+                sqr(r[0],r[1],a[0]);
+                sqr(r[2],r[3],a[1]);
+                sqr(r[4],r[5],a[2]);
+                sqr(r[6],r[7],a[3]);
+                a+=4; r+=8; n-=4;
+                }
+        if (n)
+                {
+                sqr(r[0],r[1],a[0]); if (--n == 0) return;
+                sqr(r[2],r[3],a[1]); if (--n == 0) return;
+                sqr(r[4],r[5],a[2]);
+                }
+        }
+
+#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+        {
+        BN_ULONG c=0;
+        BN_ULONG bl,bh;
+
+        assert(num >= 0);
+        if (num <= 0) return((BN_ULONG)0);
+
+        bl=LBITS(w);
+        bh=HBITS(w);
+
+        for (;;)
+                {
+                mul_add(rp[0],ap[0],bl,bh,c);
+                if (--num == 0) break;
+                mul_add(rp[1],ap[1],bl,bh,c);
+                if (--num == 0) break;
+                mul_add(rp[2],ap[2],bl,bh,c);
+                if (--num == 0) break;
+                mul_add(rp[3],ap[3],bl,bh,c);
+                if (--num == 0) break;
+                ap+=4;
+                rp+=4;
+                }
+        return(c);
+        } 
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+        {
+        BN_ULONG carry=0;
+        BN_ULONG bl,bh;
+
+        assert(num >= 0);
+        if (num <= 0) return((BN_ULONG)0);
+
+        bl=LBITS(w);
+        bh=HBITS(w);
+
+        for (;;)
+                {
+                mul(rp[0],ap[0],bl,bh,carry);
+                if (--num == 0) break;
+                mul(rp[1],ap[1],bl,bh,carry);
+                if (--num == 0) break;
+                mul(rp[2],ap[2],bl,bh,carry);
+                if (--num == 0) break;
+                mul(rp[3],ap[3],bl,bh,carry);
+                if (--num == 0) break;
+                ap+=4;
+                rp+=4;
+                }
+        return(carry);
+        } 
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+        {
+        assert(n >= 0);
+        if (n <= 0) return;
+        for (;;)
+                {
+                sqr64(r[0],r[1],a[0]);
+                if (--n == 0) break;
+
+                sqr64(r[2],r[3],a[1]);
+                if (--n == 0) break;
+
+                sqr64(r[4],r[5],a[2]);
+                if (--n == 0) break;
+
+                sqr64(r[6],r[7],a[3]);
+                if (--n == 0) break;
+
+                a+=4;
+                r+=8;
+                }
+        }
+
+#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+        {
+        return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
+        }
+
+#else
+
+/* Divide h,l by d and return the result. */
+/* I need to test this some more :-( */
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+        {
+        BN_ULONG dh,dl,q,ret=0,th,tl,t;
+        int i,count=2;
+
+        if (d == 0) return(BN_MASK2);
+
+        i=BN_num_bits_word(d);
+        assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+
+        i=BN_BITS2-i;
+        if (h >= d) h-=d;
+
+        if (i)
+                {
+                d<<=i;
+                h=(h<<i)|(l>>(BN_BITS2-i));
+                l<<=i;
+                }
+        dh=(d&BN_MASK2h)>>BN_BITS4;
+        dl=(d&BN_MASK2l);
+        for (;;)
+                {
+                if ((h>>BN_BITS4) == dh)
+                        q=BN_MASK2l;
+                else
+                        q=h/dh;
+
+                th=q*dh;
+                tl=dl*q;
+                for (;;)
+                        {
+                        t=h-th;
+                        if ((t&BN_MASK2h) ||
+                                ((tl) <= (
+                                        (t<<BN_BITS4)|
+                                        ((l&BN_MASK2h)>>BN_BITS4))))
+                                break;
+                        q--;
+                        th-=dh;
+                        tl-=dl;
+                        }
+                t=(tl>>BN_BITS4);
+                tl=(tl<<BN_BITS4)&BN_MASK2h;
+                th+=t;
+
+                if (l < tl) th++;
+                l-=tl;
+                if (h < th)
+                        {
+                        h+=d;
+                        q--;
+                        }
+                h-=th;
+
+                if (--count == 0) break;
+
+                ret=q<<BN_BITS4;
+                h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
+                l=(l&BN_MASK2l)<<BN_BITS4;
+                }
+        ret|=q;
+        return(ret);
+        }
+#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+
+#ifdef BN_LLONG
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+        {
+        BN_ULLONG ll=0;
+
+        assert(n >= 0);
+        if (n <= 0) return((BN_ULONG)0);
+
+        for (;;)
+                {
+                ll+=(BN_ULLONG)a[0]+b[0];
+                r[0]=(BN_ULONG)ll&BN_MASK2;
+                ll>>=BN_BITS2;
+                if (--n <= 0) break;
+
+                ll+=(BN_ULLONG)a[1]+b[1];
+                r[1]=(BN_ULONG)ll&BN_MASK2;
+                ll>>=BN_BITS2;
+                if (--n <= 0) break;
+
+                ll+=(BN_ULLONG)a[2]+b[2];
+                r[2]=(BN_ULONG)ll&BN_MASK2;
+                ll>>=BN_BITS2;
+                if (--n <= 0) break;
+
+                ll+=(BN_ULLONG)a[3]+b[3];
+                r[3]=(BN_ULONG)ll&BN_MASK2;
+                ll>>=BN_BITS2;
+                if (--n <= 0) break;
+
+                a+=4;
+                b+=4;
+                r+=4;
+                }
+        return((BN_ULONG)ll);
+        }
+#else /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+        {
+        BN_ULONG c,l,t;
+
+        assert(n >= 0);
+        if (n <= 0) return((BN_ULONG)0);
+
+        c=0;
+        for (;;)
+                {
+                t=a[0];
+                t=(t+c)&BN_MASK2;
+                c=(t < c);
+                l=(t+b[0])&BN_MASK2;
+                c+=(l < t);
+                r[0]=l;
+                if (--n <= 0) break;
+
+                t=a[1];
+                t=(t+c)&BN_MASK2;
+                c=(t < c);
+                l=(t+b[1])&BN_MASK2;
+                c+=(l < t);
+                r[1]=l;
+                if (--n <= 0) break;
+
+                t=a[2];
+                t=(t+c)&BN_MASK2;
+                c=(t < c);
+                l=(t+b[2])&BN_MASK2;
+                c+=(l < t);
+                r[2]=l;
+                if (--n <= 0) break;
+
+                t=a[3];
+                t=(t+c)&BN_MASK2;
+                c=(t < c);
+                l=(t+b[3])&BN_MASK2;
+                c+=(l < t);
+                r[3]=l;
+                if (--n <= 0) break;
+
+                a+=4;
+                b+=4;
+                r+=4;
+                }
+        return((BN_ULONG)c);
+        }
+#endif /* !BN_LLONG */
+
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
+        {
+        BN_ULONG t1,t2;
+        int c=0;
+
+        assert(n >= 0);
+        if (n <= 0) return((BN_ULONG)0);
+
+        for (;;)
+                {
+                t1=a[0]; t2=b[0];
+                r[0]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                t1=a[1]; t2=b[1];
+                r[1]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                t1=a[2]; t2=b[2];
+                r[2]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                t1=a[3]; t2=b[3];
+                r[3]=(t1-t2-c)&BN_MASK2;
+                if (t1 != t2) c=(t1 < t2);
+                if (--n <= 0) break;
+
+                a+=4;
+                b+=4;
+                r+=4;
+                }
+        return(c);
+        }
+
+#ifdef BN_MUL_COMBA
+
+#undef bn_mul_comba8
+#undef bn_mul_comba4
+#undef bn_sqr_comba8
+#undef bn_sqr_comba4
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+
+#ifdef BN_LLONG
+#define mul_add_c(a,b,c0,c1,c2) \
+        t=(BN_ULLONG)a*b; \
+        t1=(BN_ULONG)Lw(t); \
+        t2=(BN_ULONG)Hw(t); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+        t=(BN_ULLONG)a*b; \
+        tt=(t+t)&BN_MASK; \
+        if (tt < t) c2++; \
+        t1=(BN_ULONG)Lw(tt); \
+        t2=(BN_ULONG)Hw(tt); \
+        c0=(c0+t1)&BN_MASK2;  \
+        if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+        t=(BN_ULLONG)a[i]*a[i]; \
+        t1=(BN_ULONG)Lw(t); \
+        t2=(BN_ULONG)Hw(t); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+#elif defined(BN_UMULT_HIGH)
+
+#define mul_add_c(a,b,c0,c1,c2) {       \
+        BN_ULONG ta=(a),tb=(b);         \
+        t1 = ta * tb;                   \
+        t2 = BN_UMULT_HIGH(ta,tb);      \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#define mul_add_c2(a,b,c0,c1,c2) {      \
+        BN_ULONG ta=(a),tb=(b),t0;      \
+        t1 = BN_UMULT_HIGH(ta,tb);      \
+        t0 = ta * tb;                   \
+        t2 = t1+t1; c2 += (t2<t1)?1:0;  \
+        t1 = t0+t0; t2 += (t1<t0)?1:0;  \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#define sqr_add_c(a,i,c0,c1,c2) {       \
+        BN_ULONG ta=(a)[i];             \
+        t1 = ta * ta;                   \
+        t2 = BN_UMULT_HIGH(ta,ta);      \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+#else /* !BN_LLONG */
+#define mul_add_c(a,b,c0,c1,c2) \
+        t1=LBITS(a); t2=HBITS(a); \
+        bl=LBITS(b); bh=HBITS(b); \
+        mul64(t1,t2,bl,bh); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define mul_add_c2(a,b,c0,c1,c2) \
+        t1=LBITS(a); t2=HBITS(a); \
+        bl=LBITS(b); bh=HBITS(b); \
+        mul64(t1,t2,bl,bh); \
+        if (t2 & BN_TBIT) c2++; \
+        t2=(t2+t2)&BN_MASK2; \
+        if (t1 & BN_TBIT) t2++; \
+        t1=(t1+t1)&BN_MASK2; \
+        c0=(c0+t1)&BN_MASK2;  \
+        if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c(a,i,c0,c1,c2) \
+        sqr64(t1,t2,(a)[i]); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+#endif /* !BN_LLONG */
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+        {
+#ifdef BN_LLONG
+        BN_ULLONG t;
+#else
+        BN_ULONG bl,bh;
+#endif
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        mul_add_c(a[0],b[0],c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        mul_add_c(a[0],b[1],c2,c3,c1);
+        mul_add_c(a[1],b[0],c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        mul_add_c(a[2],b[0],c3,c1,c2);
+        mul_add_c(a[1],b[1],c3,c1,c2);
+        mul_add_c(a[0],b[2],c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        mul_add_c(a[0],b[3],c1,c2,c3);
+        mul_add_c(a[1],b[2],c1,c2,c3);
+        mul_add_c(a[2],b[1],c1,c2,c3);
+        mul_add_c(a[3],b[0],c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        mul_add_c(a[4],b[0],c2,c3,c1);
+        mul_add_c(a[3],b[1],c2,c3,c1);
+        mul_add_c(a[2],b[2],c2,c3,c1);
+        mul_add_c(a[1],b[3],c2,c3,c1);
+        mul_add_c(a[0],b[4],c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        mul_add_c(a[0],b[5],c3,c1,c2);
+        mul_add_c(a[1],b[4],c3,c1,c2);
+        mul_add_c(a[2],b[3],c3,c1,c2);
+        mul_add_c(a[3],b[2],c3,c1,c2);
+        mul_add_c(a[4],b[1],c3,c1,c2);
+        mul_add_c(a[5],b[0],c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        mul_add_c(a[6],b[0],c1,c2,c3);
+        mul_add_c(a[5],b[1],c1,c2,c3);
+        mul_add_c(a[4],b[2],c1,c2,c3);
+        mul_add_c(a[3],b[3],c1,c2,c3);
+        mul_add_c(a[2],b[4],c1,c2,c3);
+        mul_add_c(a[1],b[5],c1,c2,c3);
+        mul_add_c(a[0],b[6],c1,c2,c3);
+        r[6]=c1;
+        c1=0;
+        mul_add_c(a[0],b[7],c2,c3,c1);
+        mul_add_c(a[1],b[6],c2,c3,c1);
+        mul_add_c(a[2],b[5],c2,c3,c1);
+        mul_add_c(a[3],b[4],c2,c3,c1);
+        mul_add_c(a[4],b[3],c2,c3,c1);
+        mul_add_c(a[5],b[2],c2,c3,c1);
+        mul_add_c(a[6],b[1],c2,c3,c1);
+        mul_add_c(a[7],b[0],c2,c3,c1);
+        r[7]=c2;
+        c2=0;
+        mul_add_c(a[7],b[1],c3,c1,c2);
+        mul_add_c(a[6],b[2],c3,c1,c2);
+        mul_add_c(a[5],b[3],c3,c1,c2);
+        mul_add_c(a[4],b[4],c3,c1,c2);
+        mul_add_c(a[3],b[5],c3,c1,c2);
+        mul_add_c(a[2],b[6],c3,c1,c2);
+        mul_add_c(a[1],b[7],c3,c1,c2);
+        r[8]=c3;
+        c3=0;
+        mul_add_c(a[2],b[7],c1,c2,c3);
+        mul_add_c(a[3],b[6],c1,c2,c3);
+        mul_add_c(a[4],b[5],c1,c2,c3);
+        mul_add_c(a[5],b[4],c1,c2,c3);
+        mul_add_c(a[6],b[3],c1,c2,c3);
+        mul_add_c(a[7],b[2],c1,c2,c3);
+        r[9]=c1;
+        c1=0;
+        mul_add_c(a[7],b[3],c2,c3,c1);
+        mul_add_c(a[6],b[4],c2,c3,c1);
+        mul_add_c(a[5],b[5],c2,c3,c1);
+        mul_add_c(a[4],b[6],c2,c3,c1);
+        mul_add_c(a[3],b[7],c2,c3,c1);
+        r[10]=c2;
+        c2=0;
+        mul_add_c(a[4],b[7],c3,c1,c2);
+        mul_add_c(a[5],b[6],c3,c1,c2);
+        mul_add_c(a[6],b[5],c3,c1,c2);
+        mul_add_c(a[7],b[4],c3,c1,c2);
+        r[11]=c3;
+        c3=0;
+        mul_add_c(a[7],b[5],c1,c2,c3);
+        mul_add_c(a[6],b[6],c1,c2,c3);
+        mul_add_c(a[5],b[7],c1,c2,c3);
+        r[12]=c1;
+        c1=0;
+        mul_add_c(a[6],b[7],c2,c3,c1);
+        mul_add_c(a[7],b[6],c2,c3,c1);
+        r[13]=c2;
+        c2=0;
+        mul_add_c(a[7],b[7],c3,c1,c2);
+        r[14]=c3;
+        r[15]=c1;
+        }
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+        {
+#ifdef BN_LLONG
+        BN_ULLONG t;
+#else
+        BN_ULONG bl,bh;
+#endif
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        mul_add_c(a[0],b[0],c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        mul_add_c(a[0],b[1],c2,c3,c1);
+        mul_add_c(a[1],b[0],c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        mul_add_c(a[2],b[0],c3,c1,c2);
+        mul_add_c(a[1],b[1],c3,c1,c2);
+        mul_add_c(a[0],b[2],c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        mul_add_c(a[0],b[3],c1,c2,c3);
+        mul_add_c(a[1],b[2],c1,c2,c3);
+        mul_add_c(a[2],b[1],c1,c2,c3);
+        mul_add_c(a[3],b[0],c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        mul_add_c(a[3],b[1],c2,c3,c1);
+        mul_add_c(a[2],b[2],c2,c3,c1);
+        mul_add_c(a[1],b[3],c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        mul_add_c(a[2],b[3],c3,c1,c2);
+        mul_add_c(a[3],b[2],c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        mul_add_c(a[3],b[3],c1,c2,c3);
+        r[6]=c1;
+        r[7]=c2;
+        }
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+        {
+#ifdef BN_LLONG
+        BN_ULLONG t,tt;
+#else
+        BN_ULONG bl,bh;
+#endif
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        sqr_add_c(a,0,c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        sqr_add_c2(a,1,0,c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        sqr_add_c(a,1,c3,c1,c2);
+        sqr_add_c2(a,2,0,c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        sqr_add_c2(a,3,0,c1,c2,c3);
+        sqr_add_c2(a,2,1,c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        sqr_add_c(a,2,c2,c3,c1);
+        sqr_add_c2(a,3,1,c2,c3,c1);
+        sqr_add_c2(a,4,0,c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        sqr_add_c2(a,5,0,c3,c1,c2);
+        sqr_add_c2(a,4,1,c3,c1,c2);
+        sqr_add_c2(a,3,2,c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        sqr_add_c(a,3,c1,c2,c3);
+        sqr_add_c2(a,4,2,c1,c2,c3);
+        sqr_add_c2(a,5,1,c1,c2,c3);
+        sqr_add_c2(a,6,0,c1,c2,c3);
+        r[6]=c1;
+        c1=0;
+        sqr_add_c2(a,7,0,c2,c3,c1);
+        sqr_add_c2(a,6,1,c2,c3,c1);
+        sqr_add_c2(a,5,2,c2,c3,c1);
+        sqr_add_c2(a,4,3,c2,c3,c1);
+        r[7]=c2;
+        c2=0;
+        sqr_add_c(a,4,c3,c1,c2);
+        sqr_add_c2(a,5,3,c3,c1,c2);
+        sqr_add_c2(a,6,2,c3,c1,c2);
+        sqr_add_c2(a,7,1,c3,c1,c2);
+        r[8]=c3;
+        c3=0;
+        sqr_add_c2(a,7,2,c1,c2,c3);
+        sqr_add_c2(a,6,3,c1,c2,c3);
+        sqr_add_c2(a,5,4,c1,c2,c3);
+        r[9]=c1;
+        c1=0;
+        sqr_add_c(a,5,c2,c3,c1);
+        sqr_add_c2(a,6,4,c2,c3,c1);
+        sqr_add_c2(a,7,3,c2,c3,c1);
+        r[10]=c2;
+        c2=0;
+        sqr_add_c2(a,7,4,c3,c1,c2);
+        sqr_add_c2(a,6,5,c3,c1,c2);
+        r[11]=c3;
+        c3=0;
+        sqr_add_c(a,6,c1,c2,c3);
+        sqr_add_c2(a,7,5,c1,c2,c3);
+        r[12]=c1;
+        c1=0;
+        sqr_add_c2(a,7,6,c2,c3,c1);
+        r[13]=c2;
+        c2=0;
+        sqr_add_c(a,7,c3,c1,c2);
+        r[14]=c3;
+        r[15]=c1;
+        }
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+        {
+#ifdef BN_LLONG
+        BN_ULLONG t,tt;
+#else
+        BN_ULONG bl,bh;
+#endif
+        BN_ULONG t1,t2;
+        BN_ULONG c1,c2,c3;
+
+        c1=0;
+        c2=0;
+        c3=0;
+        sqr_add_c(a,0,c1,c2,c3);
+        r[0]=c1;
+        c1=0;
+        sqr_add_c2(a,1,0,c2,c3,c1);
+        r[1]=c2;
+        c2=0;
+        sqr_add_c(a,1,c3,c1,c2);
+        sqr_add_c2(a,2,0,c3,c1,c2);
+        r[2]=c3;
+        c3=0;
+        sqr_add_c2(a,3,0,c1,c2,c3);
+        sqr_add_c2(a,2,1,c1,c2,c3);
+        r[3]=c1;
+        c1=0;
+        sqr_add_c(a,2,c2,c3,c1);
+        sqr_add_c2(a,3,1,c2,c3,c1);
+        r[4]=c2;
+        c2=0;
+        sqr_add_c2(a,3,2,c3,c1,c2);
+        r[5]=c3;
+        c3=0;
+        sqr_add_c(a,3,c1,c2,c3);
+        r[6]=c1;
+        r[7]=c2;
+        }
+#else /* !BN_MUL_COMBA */
+
+/* hmm... is it faster just to do a multiply? */
+#undef bn_sqr_comba4
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+        {
+        BN_ULONG t[8];
+        bn_sqr_normal(r,a,4,t);
+        }
+
+#undef bn_sqr_comba8
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+        {
+        BN_ULONG t[16];
+        bn_sqr_normal(r,a,8,t);
+        }
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+        {
+        r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);
+        r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
+        r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
+        r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
+        }
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+        {
+        r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
+        r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+        r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+        r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+        r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+        r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+        r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+        r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+        }
+
+#endif /* !BN_MUL_COMBA */
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
new file mode 100644
index 0000000000..2d287e6d1b
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -0,0 +1,144 @@
+/* crypto/bn/bn_blind.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
+        {
+        BN_BLINDING *ret=NULL;
+
+        bn_check_top(Ai);
+        bn_check_top(mod);
+
+        if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
+                {
+                BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memset(ret,0,sizeof(BN_BLINDING));
+        if ((ret->A=BN_new()) == NULL) goto err;
+        if ((ret->Ai=BN_new()) == NULL) goto err;
+        if (!BN_copy(ret->A,A)) goto err;
+        if (!BN_copy(ret->Ai,Ai)) goto err;
+        ret->mod=mod;
+        return(ret);
+err:
+        if (ret != NULL) BN_BLINDING_free(ret);
+        return(NULL);
+        }
+
+void BN_BLINDING_free(BN_BLINDING *r)
+        {
+        if(r == NULL)
+            return;
+
+        if (r->A  != NULL) BN_free(r->A );
+        if (r->Ai != NULL) BN_free(r->Ai);
+        OPENSSL_free(r);
+        }
+
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+        {
+        int ret=0;
+
+        if ((b->A == NULL) || (b->Ai == NULL))
+                {
+                BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
+                goto err;
+                }
+                
+        if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
+        if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
+
+        ret=1;
+err:
+        return(ret);
+        }
+
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+        {
+        bn_check_top(n);
+
+        if ((b->A == NULL) || (b->Ai == NULL))
+                {
+                BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED);
+                return(0);
+                }
+        return(BN_mod_mul(n,n,b->A,b->mod,ctx));
+        }
+
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+        {
+        int ret;
+
+        bn_check_top(n);
+        if ((b->A == NULL) || (b->Ai == NULL))
+                {
+                BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED);
+                return(0);
+                }
+        if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0)
+                {
+                if (!BN_BLINDING_update(b,ctx))
+                        return(0);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
new file mode 100644
index 0000000000..7daf19eb84
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -0,0 +1,155 @@
+/* crypto/bn/bn_ctx.c */
+/* Written by Ulf Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef BN_CTX_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+BN_CTX *BN_CTX_new(void)
+        {
+        BN_CTX *ret;
+
+        ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX));
+        if (ret == NULL)
+                {
+                BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+
+        BN_CTX_init(ret);
+        ret->flags=BN_FLG_MALLOCED;
+        return(ret);
+        }
+
+void BN_CTX_init(BN_CTX *ctx)
+        {
+#if 0 /* explicit version */
+        int i;
+        ctx->tos = 0;
+        ctx->flags = 0;
+        ctx->depth = 0;
+        ctx->too_many = 0;
+        for (i = 0; i < BN_CTX_NUM; i++)
+                BN_init(&(ctx->bn[i]));
+#else
+        memset(ctx, 0, sizeof *ctx);
+#endif
+        }
+
+void BN_CTX_free(BN_CTX *ctx)
+        {
+        int i;
+
+        if (ctx == NULL) return;
+        assert(ctx->depth == 0);
+
+        for (i=0; i < BN_CTX_NUM; i++)
+                BN_clear_free(&(ctx->bn[i]));
+        if (ctx->flags & BN_FLG_MALLOCED)
+                OPENSSL_free(ctx);
+        }
+
+void BN_CTX_start(BN_CTX *ctx)
+        {
+        if (ctx->depth < BN_CTX_NUM_POS)
+                ctx->pos[ctx->depth] = ctx->tos;
+        ctx->depth++;
+        }
+
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+        {
+        /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically,
+         * make sure that if BN_CTX_get fails once it will return NULL again
+         * until BN_CTX_end is called.  (This is so that callers have to check
+         * only the last return value.)
+         */
+        if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
+                {
+                if (!ctx->too_many)
+                        {
+                        BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+                        /* disable error code until BN_CTX_end is called: */
+                        ctx->too_many = 1;
+                        }
+                return NULL;
+                }
+        return (&(ctx->bn[ctx->tos++]));
+        }
+
+void BN_CTX_end(BN_CTX *ctx)
+        {
+        if (ctx == NULL) return;
+        assert(ctx->depth > 0);
+        if (ctx->depth == 0)
+                /* should never happen, but we can tolerate it if not in
+                 * debug mode (could be a 'goto err' in the calling function
+                 * before BN_CTX_start was reached) */
+                BN_CTX_start(ctx);
+
+        ctx->too_many = 0;
+        ctx->depth--;
+        if (ctx->depth < BN_CTX_NUM_POS)
+                ctx->tos = ctx->pos[ctx->depth];
+        }
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
new file mode 100644
index 0000000000..580d1201bc
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -0,0 +1,387 @@
+/* crypto/bn/bn_div.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+/* The old slow way */
+#if 0
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx)
+        {
+        int i,nm,nd;
+        int ret = 0;
+        BIGNUM *D;
+
+        bn_check_top(m);
+        bn_check_top(d);
+        if (BN_is_zero(d))
+                {
+                BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+                return(0);
+                }
+
+        if (BN_ucmp(m,d) < 0)
+                {
+                if (rem != NULL)
+                        { if (BN_copy(rem,m) == NULL) return(0); }
+                if (dv != NULL) BN_zero(dv);
+                return(1);
+                }
+
+        BN_CTX_start(ctx);
+        D = BN_CTX_get(ctx);
+        if (dv == NULL) dv = BN_CTX_get(ctx);
+        if (rem == NULL) rem = BN_CTX_get(ctx);
+        if (D == NULL || dv == NULL || rem == NULL)
+                goto end;
+
+        nd=BN_num_bits(d);
+        nm=BN_num_bits(m);
+        if (BN_copy(D,d) == NULL) goto end;
+        if (BN_copy(rem,m) == NULL) goto end;
+
+        /* The next 2 are needed so we can do a dv->d[0]|=1 later
+         * since BN_lshift1 will only work once there is a value :-) */
+        BN_zero(dv);
+        bn_wexpand(dv,1);
+        dv->top=1;
+
+        if (!BN_lshift(D,D,nm-nd)) goto end;
+        for (i=nm-nd; i>=0; i--)
+                {
+                if (!BN_lshift1(dv,dv)) goto end;
+                if (BN_ucmp(rem,D) >= 0)
+                        {
+                        dv->d[0]|=1;
+                        if (!BN_usub(rem,rem,D)) goto end;
+                        }
+/* CAN IMPROVE (and have now :=) */
+                if (!BN_rshift1(D,D)) goto end;
+                }
+        rem->neg=BN_is_zero(rem)?0:m->neg;
+        dv->neg=m->neg^d->neg;
+        ret = 1;
+ end:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+#else
+
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+    && !defined(PEDANTIC) && !defined(BN_DIV3W)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386) || defined (__i386__)
+   /*
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+    *   understand why...);
+    * - divl doesn't only calculate quotient, but also leaves
+    *   remainder in %edx which we can definitely use here:-)
+    *
+    *                                   <appro@fy.chalmers.se>
+    */
+#  define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divl   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "g"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#  define REMAINDER_IS_ALREADY_CALCULATED
+#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+   /*
+    * Same story here, but it's 128-bit by 64-bit division. Wow!
+    *                                   <appro@fy.chalmers.se>
+    */
+#  define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divq   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "g"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#  define REMAINDER_IS_ALREADY_CALCULATED
+#  endif /* __<cpu> */
+# endif /* __GNUC__ */
+#endif /* OPENSSL_NO_ASM */
+
+
+/* BN_div computes  dv := num / divisor,  rounding towards zero, and sets up
+ * rm  such that  dv*divisor + rm = num  holds.
+ * Thus:
+ *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
+ *     rm->neg == num->neg                 (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+           BN_CTX *ctx)
+        {
+        int norm_shift,i,j,loop;
+        BIGNUM *tmp,wnum,*snum,*sdiv,*res;
+        BN_ULONG *resp,*wnump;
+        BN_ULONG d0,d1;
+        int num_n,div_n;
+
+        bn_check_top(num);
+        bn_check_top(divisor);
+
+        if (BN_is_zero(divisor))
+                {
+                BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
+                return(0);
+                }
+
+        if (BN_ucmp(num,divisor) < 0)
+                {
+                if (rm != NULL)
+                        { if (BN_copy(rm,num) == NULL) return(0); }
+                if (dv != NULL) BN_zero(dv);
+                return(1);
+                }
+
+        BN_CTX_start(ctx);
+        tmp=BN_CTX_get(ctx);
+        snum=BN_CTX_get(ctx);
+        sdiv=BN_CTX_get(ctx);
+        if (dv == NULL)
+                res=BN_CTX_get(ctx);
+        else    res=dv;
+        if (sdiv == NULL || res == NULL) goto err;
+        tmp->neg=0;
+
+        /* First we normalise the numbers */
+        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+        if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+        sdiv->neg=0;
+        norm_shift+=BN_BITS2;
+        if (!(BN_lshift(snum,num,norm_shift))) goto err;
+        snum->neg=0;
+        div_n=sdiv->top;
+        num_n=snum->top;
+        loop=num_n-div_n;
+
+        /* Lets setup a 'window' into snum
+         * This is the part that corresponds to the current
+         * 'area' being divided */
+        BN_init(&wnum);
+        wnum.d=  &(snum->d[loop]);
+        wnum.top= div_n;
+        wnum.dmax= snum->dmax+1; /* a bit of a lie */
+
+        /* Get the top 2 words of sdiv */
+        /* i=sdiv->top; */
+        d0=sdiv->d[div_n-1];
+        d1=(div_n == 1)?0:sdiv->d[div_n-2];
+
+        /* pointer to the 'top' of snum */
+        wnump= &(snum->d[num_n-1]);
+
+        /* Setup to 'res' */
+        res->neg= (num->neg^divisor->neg);
+        if (!bn_wexpand(res,(loop+1))) goto err;
+        res->top=loop;
+        resp= &(res->d[loop-1]);
+
+        /* space for temp */
+        if (!bn_wexpand(tmp,(div_n+1))) goto err;
+
+        if (BN_ucmp(&wnum,sdiv) >= 0)
+                {
+                if (!BN_usub(&wnum,&wnum,sdiv)) goto err;
+                *resp=1;
+                res->d[res->top-1]=1;
+                }
+        else
+                res->top--;
+        if (res->top == 0)
+                res->neg = 0;
+        resp--;
+
+        for (i=0; i<loop-1; i++)
+                {
+                BN_ULONG q,l0;
+#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+                BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
+                q=bn_div_3_words(wnump,d1,d0);
+#else
+                BN_ULONG n0,n1,rem=0;
+
+                n0=wnump[0];
+                n1=wnump[-1];
+                if (n0 == d0)
+                        q=BN_MASK2;
+                else                    /* n0 < d0 */
+                        {
+#ifdef BN_LLONG
+                        BN_ULLONG t2;
+
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+                        q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
+#else
+                        q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+                        fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+                                n0, n1, d0, q);
+#endif
+#endif
+
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+                        /*
+                         * rem doesn't have to be BN_ULLONG. The least we
+                         * know it's less that d0, isn't it?
+                         */
+                        rem=(n1-q*d0)&BN_MASK2;
+#endif
+                        t2=(BN_ULLONG)d1*q;
+
+                        for (;;)
+                                {
+                                if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
+                                        break;
+                                q--;
+                                rem += d0;
+                                if (rem < d0) break; /* don't let rem overflow */
+                                t2 -= d1;
+                                }
+#else /* !BN_LLONG */
+                        BN_ULONG t2l,t2h,ql,qh;
+
+                        q=bn_div_words(n0,n1,d0);
+#ifdef BN_DEBUG_LEVITTE
+                        fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n",
+                                n0, n1, d0, q);
+#endif
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+                        rem=(n1-q*d0)&BN_MASK2;
+#endif
+
+#if defined(BN_UMULT_LOHI)
+                        BN_UMULT_LOHI(t2l,t2h,d1,q);
+#elif defined(BN_UMULT_HIGH)
+                        t2l = d1 * q;
+                        t2h = BN_UMULT_HIGH(d1,q);
+#else
+                        t2l=LBITS(d1); t2h=HBITS(d1);
+                        ql =LBITS(q);  qh =HBITS(q);
+                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+#endif
+
+                        for (;;)
+                                {
+                                if ((t2h < rem) ||
+                                        ((t2h == rem) && (t2l <= wnump[-2])))
+                                        break;
+                                q--;
+                                rem += d0;
+                                if (rem < d0) break; /* don't let rem overflow */
+                                if (t2l < d1) t2h--; t2l -= d1;
+                                }
+#endif /* !BN_LLONG */
+                        }
+#endif /* !BN_DIV3W */
+
+                l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+                wnum.d--; wnum.top++;
+                tmp->d[div_n]=l0;
+                for (j=div_n+1; j>0; j--)
+                        if (tmp->d[j-1]) break;
+                tmp->top=j;
+
+                j=wnum.top;
+                if (!BN_sub(&wnum,&wnum,tmp)) goto err;
+
+                snum->top=snum->top+wnum.top-j;
+
+                if (wnum.neg)
+                        {
+                        q--;
+                        j=wnum.top;
+                        if (!BN_add(&wnum,&wnum,sdiv)) goto err;
+                        snum->top+=wnum.top-j;
+                        }
+                *(resp--)=q;
+                wnump--;
+                }
+        if (rm != NULL)
+                {
+                /* Keep a copy of the neg flag in num because if rm==num
+                 * BN_rshift() will overwrite it.
+                 */
+                int neg = num->neg;
+                BN_rshift(rm,snum,norm_shift);
+                if (!BN_is_zero(rm))
+                        rm->neg = neg;
+                }
+        BN_CTX_end(ctx);
+        return(1);
+err:
+        BN_CTX_end(ctx);
+        return(0);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
new file mode 100644
index 0000000000..fb84ee96d8
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_err.c
@@ -0,0 +1,131 @@
+/* crypto/bn/bn_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA BN_str_functs[]=
+        {
+{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0),        "BN_BLINDING_convert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"},
+{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0),    "BN_BLINDING_new"},
+{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"},
+{ERR_PACK(0,BN_F_BN_BN2DEC,0),  "BN_bn2dec"},
+{ERR_PACK(0,BN_F_BN_BN2HEX,0),  "BN_bn2hex"},
+{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"},
+{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"},
+{ERR_PACK(0,BN_F_BN_DIV,0),     "BN_div"},
+{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"},
+{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0),   "BN_mod_exp2_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),    "BN_mod_exp_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0),       "BN_mod_exp_mont_word"},
+{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),     "BN_mod_inverse"},
+{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0),        "BN_mod_lshift_quick"},
+{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),      "BN_mod_mul_reciprocal"},
+{ERR_PACK(0,BN_F_BN_MOD_SQRT,0),        "BN_mod_sqrt"},
+{ERR_PACK(0,BN_F_BN_MPI2BN,0),  "BN_mpi2bn"},
+{ERR_PACK(0,BN_F_BN_NEW,0),     "BN_new"},
+{ERR_PACK(0,BN_F_BN_RAND,0),    "BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0),      "BN_rand_range"},
+{ERR_PACK(0,BN_F_BN_USUB,0),    "BN_usub"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA BN_str_reasons[]=
+        {
+{BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
+{BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_BIGNUM_TOO_LONG                    ,"bignum too long"},
+{BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
+{BN_R_DIV_BY_ZERO                        ,"div by zero"},
+{BN_R_ENCODING_ERROR                     ,"encoding error"},
+{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
+{BN_R_INPUT_NOT_REDUCED                  ,"input not reduced"},
+{BN_R_INVALID_LENGTH                     ,"invalid length"},
+{BN_R_INVALID_RANGE                      ,"invalid range"},
+{BN_R_NOT_A_SQUARE                       ,"not a square"},
+{BN_R_NOT_INITIALIZED                    ,"not initialized"},
+{BN_R_NO_INVERSE                         ,"no inverse"},
+{BN_R_P_IS_NOT_PRIME                     ,"p is not prime"},
+{BN_R_TOO_MANY_ITERATIONS                ,"too many iterations"},
+{BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_BN_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_BN,BN_str_functs);
+                ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
new file mode 100644
index 0000000000..afdfd580fb
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -0,0 +1,747 @@
+/* crypto/bn/bn_exp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define TABLE_SIZE      32
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+        {
+        int i,bits,ret=0;
+        BIGNUM *v,*rr;
+
+        BN_CTX_start(ctx);
+        if ((r == a) || (r == p))
+                rr = BN_CTX_get(ctx);
+        else
+                rr = r;
+        if ((v = BN_CTX_get(ctx)) == NULL) goto err;
+
+        if (BN_copy(v,a) == NULL) goto err;
+        bits=BN_num_bits(p);
+
+        if (BN_is_odd(p))
+                { if (BN_copy(rr,a) == NULL) goto err; }
+        else    { if (!BN_one(rr)) goto err; }
+
+        for (i=1; i<bits; i++)
+                {
+                if (!BN_sqr(v,v,ctx)) goto err;
+                if (BN_is_bit_set(p,i))
+                        {
+                        if (!BN_mul(rr,rr,v,ctx)) goto err;
+                        }
+                }
+        ret=1;
+err:
+        if (r != rr) BN_copy(r,rr);
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+               BN_CTX *ctx)
+        {
+        int ret;
+
+        bn_check_top(a);
+        bn_check_top(p);
+        bn_check_top(m);
+
+        /* For even modulus  m = 2^k*m_odd,  it might make sense to compute
+         * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+         * exponentiation for the odd part), using appropriate exponent
+         * reductions, and combine the results using the CRT.
+         *
+         * For now, we use Montgomery only if the modulus is odd; otherwise,
+         * exponentiation using the reciprocal-based quick remaindering
+         * algorithm is used.
+         *
+         * (Timing obtained with expspeed.c [computations  a^p mod m
+         * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+         * 4096, 8192 bits], compared to the running time of the
+         * standard algorithm:
+         *
+         *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+         *                     55 .. 77 %  [UltraSparc processor, but
+         *                                  debug-solaris-sparcv8-gcc conf.]
+         * 
+         *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+         *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+         *
+         * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+         * at 2048 and more bits, but at 512 and 1024 bits, it was
+         * slower even than the standard algorithm!
+         *
+         * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+         * should be obtained when the new Montgomery reduction code
+         * has been integrated into OpenSSL.)
+         */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
+#ifdef MONT_MUL_MOD
+        /* I have finally been able to take out this pre-condition of
+         * the top bit being set.  It was caused by an error in BN_div
+         * with negatives.  There was also another problem when for a^b%m
+         * a >= m.  eay 07-May-97 */
+/*      if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+        if (BN_is_odd(m))
+                {
+#  ifdef MONT_EXP_WORD
+                if (a->top == 1 && !a->neg)
+                        {
+                        BN_ULONG A = a->d[0];
+                        ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
+                        }
+                else
+#  endif
+                        ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
+                }
+        else
+#endif
+#ifdef RECP_MUL_MOD
+                { ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+#else
+                { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+#endif
+
+        return(ret);
+        }
+
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx)
+        {
+        int i,j,bits,ret=0,wstart,wend,window,wvalue;
+        int start=1,ts=0;
+        BIGNUM *aa;
+        BIGNUM val[TABLE_SIZE];
+        BN_RECP_CTX recp;
+
+        bits=BN_num_bits(p);
+
+        if (bits == 0)
+                {
+                ret = BN_one(r);
+                return ret;
+                }
+
+        BN_CTX_start(ctx);
+        if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
+
+        BN_RECP_CTX_init(&recp);
+        if (m->neg)
+                {
+                /* ignore sign of 'm' */
+                if (!BN_copy(aa, m)) goto err;
+                aa->neg = 0;
+                if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
+                }
+        else
+                {
+                if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
+                }
+
+        BN_init(&(val[0]));
+        ts=1;
+
+        if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;             /* 1 */
+        if (BN_is_zero(&(val[0])))
+                {
+                ret = BN_zero(r);
+                goto err;
+                }
+
+        window = BN_window_bits_for_exponent_size(bits);
+        if (window > 1)
+                {
+                if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
+                        goto err;                               /* 2 */
+                j=1<<(window-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&val[i]);
+                        if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
+                                goto err;
+                        }
+                ts=i;
+                }
+                
+        start=1;        /* This is used to avoid multiplication etc
+                         * when there is only the value '1' in the
+                         * buffer. */
+        wvalue=0;       /* The 'value' of the window */
+        wstart=bits-1;  /* The top bit of the window */
+        wend=0;         /* The bottom bit of the window */
+
+        if (!BN_one(r)) goto err;
+
+        for (;;)
+                {
+                if (BN_is_bit_set(p,wstart) == 0)
+                        {
+                        if (!start)
+                                if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
+                                goto err;
+                        if (wstart == 0) break;
+                        wstart--;
+                        continue;
+                        }
+                /* We now have wstart on a 'set' bit, we now need to work out
+                 * how bit a window to do.  To do this we need to scan
+                 * forward until the last set bit before the end of the
+                 * window */
+                j=wstart;
+                wvalue=1;
+                wend=0;
+                for (i=1; i<window; i++)
+                        {
+                        if (wstart-i < 0) break;
+                        if (BN_is_bit_set(p,wstart-i))
+                                {
+                                wvalue<<=(i-wend);
+                                wvalue|=1;
+                                wend=i;
+                                }
+                        }
+
+                /* wend is the size of the current window */
+                j=wend+1;
+                /* add the 'bytes above' */
+                if (!start)
+                        for (i=0; i<j; i++)
+                                {
+                                if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
+                                        goto err;
+                                }
+                
+                /* wvalue will be an odd number < 2^window */
+                if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx))
+                        goto err;
+
+                /* move the 'window' down further */
+                wstart-=wend+1;
+                wvalue=0;
+                start=0;
+                if (wstart < 0) break;
+                }
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        for (i=0; i<ts; i++)
+                BN_clear_free(&(val[i]));
+        BN_RECP_CTX_free(&recp);
+        return(ret);
+        }
+
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        int i,j,bits,ret=0,wstart,wend,window,wvalue;
+        int start=1,ts=0;
+        BIGNUM *d,*r;
+        const BIGNUM *aa;
+        BIGNUM val[TABLE_SIZE];
+        BN_MONT_CTX *mont=NULL;
+
+        bn_check_top(a);
+        bn_check_top(p);
+        bn_check_top(m);
+
+        if (!(m->d[0] & 1))
+                {
+                BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+                return(0);
+                }
+        bits=BN_num_bits(p);
+        if (bits == 0)
+                {
+                ret = BN_one(rr);
+                return ret;
+                }
+
+        BN_CTX_start(ctx);
+        d = BN_CTX_get(ctx);
+        r = BN_CTX_get(ctx);
+        if (d == NULL || r == NULL) goto err;
+
+        /* If this is not done, things will break in the montgomery
+         * part */
+
+        if (in_mont != NULL)
+                mont=in_mont;
+        else
+                {
+                if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+                }
+
+        BN_init(&val[0]);
+        ts=1;
+        if (a->neg || BN_ucmp(a,m) >= 0)
+                {
+                if (!BN_nnmod(&(val[0]),a,m,ctx))
+                        goto err;
+                aa= &(val[0]);
+                }
+        else
+                aa=a;
+        if (BN_is_zero(aa))
+                {
+                ret = BN_zero(rr);
+                goto err;
+                }
+        if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
+
+        window = BN_window_bits_for_exponent_size(bits);
+        if (window > 1)
+                {
+                if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
+                j=1<<(window-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&(val[i]));
+                        if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
+                                goto err;
+                        }
+                ts=i;
+                }
+
+        start=1;        /* This is used to avoid multiplication etc
+                         * when there is only the value '1' in the
+                         * buffer. */
+        wvalue=0;       /* The 'value' of the window */
+        wstart=bits-1;  /* The top bit of the window */
+        wend=0;         /* The bottom bit of the window */
+
+        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+        for (;;)
+                {
+                if (BN_is_bit_set(p,wstart) == 0)
+                        {
+                        if (!start)
+                                {
+                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+                                goto err;
+                                }
+                        if (wstart == 0) break;
+                        wstart--;
+                        continue;
+                        }
+                /* We now have wstart on a 'set' bit, we now need to work out
+                 * how bit a window to do.  To do this we need to scan
+                 * forward until the last set bit before the end of the
+                 * window */
+                j=wstart;
+                wvalue=1;
+                wend=0;
+                for (i=1; i<window; i++)
+                        {
+                        if (wstart-i < 0) break;
+                        if (BN_is_bit_set(p,wstart-i))
+                                {
+                                wvalue<<=(i-wend);
+                                wvalue|=1;
+                                wend=i;
+                                }
+                        }
+
+                /* wend is the size of the current window */
+                j=wend+1;
+                /* add the 'bytes above' */
+                if (!start)
+                        for (i=0; i<j; i++)
+                                {
+                                if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+                                        goto err;
+                                }
+                
+                /* wvalue will be an odd number < 2^window */
+                if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx))
+                        goto err;
+
+                /* move the 'window' down further */
+                wstart-=wend+1;
+                wvalue=0;
+                start=0;
+                if (wstart < 0) break;
+                }
+        if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
+        ret=1;
+err:
+        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+        BN_CTX_end(ctx);
+        for (i=0; i<ts; i++)
+                BN_clear_free(&(val[i]));
+        return(ret);
+        }
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BN_MONT_CTX *mont = NULL;
+        int b, bits, ret=0;
+        int r_is_one;
+        BN_ULONG w, next_w;
+        BIGNUM *d, *r, *t;
+        BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+                (BN_mul_word(r, (w)) && \
+                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+                /* BN_MOD_MUL_WORD is only used with 'w' large,
+                 * so the BN_ucmp test is probably more overhead
+                 * than always using BN_mod (which uses BN_copy if
+                 * a similar test returns true). */
+                /* We can use BN_mod and do not need BN_nnmod because our
+                 * accumulator is never negative (the result of BN_mod does
+                 * not depend on the sign of the modulus).
+                 */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+        bn_check_top(p);
+        bn_check_top(m);
+
+        if (m->top == 0 || !(m->d[0] & 1))
+                {
+                BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
+                return(0);
+                }
+        if (m->top == 1)
+                a %= m->d[0]; /* make sure that 'a' is reduced */
+
+        bits = BN_num_bits(p);
+        if (bits == 0)
+                {
+                ret = BN_one(rr);
+                return ret;
+                }
+        if (a == 0)
+                {
+                ret = BN_zero(rr);
+                return ret;
+                }
+
+        BN_CTX_start(ctx);
+        d = BN_CTX_get(ctx);
+        r = BN_CTX_get(ctx);
+        t = BN_CTX_get(ctx);
+        if (d == NULL || r == NULL || t == NULL) goto err;
+
+        if (in_mont != NULL)
+                mont=in_mont;
+        else
+                {
+                if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
+                if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
+                }
+
+        r_is_one = 1; /* except for Montgomery factor */
+
+        /* bits-1 >= 0 */
+
+        /* The result is accumulated in the product r*w. */
+        w = a; /* bit 'bits-1' of 'p' is always set */
+        for (b = bits-2; b >= 0; b--)
+                {
+                /* First, square r*w. */
+                next_w = w*w;
+                if ((next_w/w) != w) /* overflow */
+                        {
+                        if (r_is_one)
+                                {
+                                if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+                                r_is_one = 0;
+                                }
+                        else
+                                {
+                                if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+                                }
+                        next_w = 1;
+                        }
+                w = next_w;
+                if (!r_is_one)
+                        {
+                        if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
+                        }
+
+                /* Second, multiply r*w by 'a' if exponent bit is set. */
+                if (BN_is_bit_set(p, b))
+                        {
+                        next_w = w*a;
+                        if ((next_w/a) != w) /* overflow */
+                                {
+                                if (r_is_one)
+                                        {
+                                        if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+                                        r_is_one = 0;
+                                        }
+                                else
+                                        {
+                                        if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+                                        }
+                                next_w = a;
+                                }
+                        w = next_w;
+                        }
+                }
+
+        /* Finally, set r:=r*w. */
+        if (w != 1)
+                {
+                if (r_is_one)
+                        {
+                        if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+                        r_is_one = 0;
+                        }
+                else
+                        {
+                        if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+                        }
+                }
+
+        if (r_is_one) /* can happen only if a == 1*/
+                {
+                if (!BN_one(rr)) goto err;
+                }
+        else
+                {
+                if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
+                }
+        ret = 1;
+err:
+        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(BIGNUM *r,
+        const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+        BN_CTX *ctx)
+        {
+        int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
+        int start=1;
+        BIGNUM *d;
+        BIGNUM val[TABLE_SIZE];
+
+        bits=BN_num_bits(p);
+
+        if (bits == 0)
+                {
+                ret = BN_one(r);
+                return ret;
+                }
+
+        BN_CTX_start(ctx);
+        if ((d = BN_CTX_get(ctx)) == NULL) goto err;
+
+        BN_init(&(val[0]));
+        ts=1;
+        if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;             /* 1 */
+        if (BN_is_zero(&(val[0])))
+                {
+                ret = BN_zero(r);
+                goto err;
+                }
+
+        window = BN_window_bits_for_exponent_size(bits);
+        if (window > 1)
+                {
+                if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
+                        goto err;                               /* 2 */
+                j=1<<(window-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&(val[i]));
+                        if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
+                                goto err;
+                        }
+                ts=i;
+                }
+
+        start=1;        /* This is used to avoid multiplication etc
+                         * when there is only the value '1' in the
+                         * buffer. */
+        wvalue=0;       /* The 'value' of the window */
+        wstart=bits-1;  /* The top bit of the window */
+        wend=0;         /* The bottom bit of the window */
+
+        if (!BN_one(r)) goto err;
+
+        for (;;)
+                {
+                if (BN_is_bit_set(p,wstart) == 0)
+                        {
+                        if (!start)
+                                if (!BN_mod_mul(r,r,r,m,ctx))
+                                goto err;
+                        if (wstart == 0) break;
+                        wstart--;
+                        continue;
+                        }
+                /* We now have wstart on a 'set' bit, we now need to work out
+                 * how bit a window to do.  To do this we need to scan
+                 * forward until the last set bit before the end of the
+                 * window */
+                j=wstart;
+                wvalue=1;
+                wend=0;
+                for (i=1; i<window; i++)
+                        {
+                        if (wstart-i < 0) break;
+                        if (BN_is_bit_set(p,wstart-i))
+                                {
+                                wvalue<<=(i-wend);
+                                wvalue|=1;
+                                wend=i;
+                                }
+                        }
+
+                /* wend is the size of the current window */
+                j=wend+1;
+                /* add the 'bytes above' */
+                if (!start)
+                        for (i=0; i<j; i++)
+                                {
+                                if (!BN_mod_mul(r,r,r,m,ctx))
+                                        goto err;
+                                }
+                
+                /* wvalue will be an odd number < 2^window */
+                if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx))
+                        goto err;
+
+                /* move the 'window' down further */
+                wstart-=wend+1;
+                wvalue=0;
+                start=0;
+                if (wstart < 0) break;
+                }
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        for (i=0; i<ts; i++)
+                BN_clear_free(&(val[i]));
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
new file mode 100644
index 0000000000..73ccd58a83
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -0,0 +1,313 @@
+/* crypto/bn/bn_exp2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define TABLE_SIZE      32
+
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+        const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+        BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
+        int r_is_one=1,ts1=0,ts2=0;
+        BIGNUM *d,*r;
+        const BIGNUM *a_mod_m;
+        BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
+        BN_MONT_CTX *mont=NULL;
+
+        bn_check_top(a1);
+        bn_check_top(p1);
+        bn_check_top(a2);
+        bn_check_top(p2);
+        bn_check_top(m);
+
+        if (!(m->d[0] & 1))
+                {
+                BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+                return(0);
+                }
+        bits1=BN_num_bits(p1);
+        bits2=BN_num_bits(p2);
+        if ((bits1 == 0) && (bits2 == 0))
+                {
+                ret = BN_one(rr);
+                return ret;
+                }
+        
+        bits=(bits1 > bits2)?bits1:bits2;
+
+        BN_CTX_start(ctx);
+        d = BN_CTX_get(ctx);
+        r = BN_CTX_get(ctx);
+        if (d == NULL || r == NULL) goto err;
+
+        if (in_mont != NULL)
+                mont=in_mont;
+        else
+                {
+                if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+                }
+
+        window1 = BN_window_bits_for_exponent_size(bits1);
+        window2 = BN_window_bits_for_exponent_size(bits2);
+
+        /*
+         * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
+         */
+        BN_init(&val1[0]);
+        ts1=1;
+        if (a1->neg || BN_ucmp(a1,m) >= 0)
+                {
+                if (!BN_mod(&(val1[0]),a1,m,ctx))
+                        goto err;
+                a_mod_m = &(val1[0]);
+                }
+        else
+                a_mod_m = a1;
+        if (BN_is_zero(a_mod_m))
+                {
+                ret = BN_zero(rr);
+                goto err;
+                }
+
+        if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err;
+        if (window1 > 1)
+                {
+                if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err;
+
+                j=1<<(window1-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&(val1[i]));
+                        if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx))
+                                goto err;
+                        }
+                ts1=i;
+                }
+
+
+        /*
+         * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
+         */
+        BN_init(&val2[0]);
+        ts2=1;
+        if (a2->neg || BN_ucmp(a2,m) >= 0)
+                {
+                if (!BN_mod(&(val2[0]),a2,m,ctx))
+                        goto err;
+                a_mod_m = &(val2[0]);
+                }
+        else
+                a_mod_m = a2;
+        if (BN_is_zero(a_mod_m))
+                {
+                ret = BN_zero(rr);
+                goto err;
+                }
+        if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;
+        if (window2 > 1)
+                {
+                if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err;
+
+                j=1<<(window2-1);
+                for (i=1; i<j; i++)
+                        {
+                        BN_init(&(val2[i]));
+                        if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx))
+                                goto err;
+                        }
+                ts2=i;
+                }
+
+
+        /* Now compute the power product, using independent windows. */
+        r_is_one=1;
+        wvalue1=0;  /* The 'value' of the first window */
+        wvalue2=0;  /* The 'value' of the second window */
+        wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */
+        wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */
+
+        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+        for (b=bits-1; b>=0; b--)
+                {
+                if (!r_is_one)
+                        {
+                        if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+                                goto err;
+                        }
+                
+                if (!wvalue1)
+                        if (BN_is_bit_set(p1, b))
+                                {
+                                /* consider bits b-window1+1 .. b for this window */
+                                i = b-window1+1;
+                                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+                                        i++;
+                                wpos1 = i;
+                                wvalue1 = 1;
+                                for (i = b-1; i >= wpos1; i--)
+                                        {
+                                        wvalue1 <<= 1;
+                                        if (BN_is_bit_set(p1, i))
+                                                wvalue1++;
+                                        }
+                                }
+                
+                if (!wvalue2)
+                        if (BN_is_bit_set(p2, b))
+                                {
+                                /* consider bits b-window2+1 .. b for this window */
+                                i = b-window2+1;
+                                while (!BN_is_bit_set(p2, i))
+                                        i++;
+                                wpos2 = i;
+                                wvalue2 = 1;
+                                for (i = b-1; i >= wpos2; i--)
+                                        {
+                                        wvalue2 <<= 1;
+                                        if (BN_is_bit_set(p2, i))
+                                                wvalue2++;
+                                        }
+                                }
+
+                if (wvalue1 && b == wpos1)
+                        {
+                        /* wvalue1 is odd and < 2^window1 */
+                        if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx))
+                                goto err;
+                        wvalue1 = 0;
+                        r_is_one = 0;
+                        }
+                
+                if (wvalue2 && b == wpos2)
+                        {
+                        /* wvalue2 is odd and < 2^window2 */
+                        if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx))
+                                goto err;
+                        wvalue2 = 0;
+                        r_is_one = 0;
+                        }
+                }
+        BN_from_montgomery(rr,r,mont,ctx);
+        ret=1;
+err:
+        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+        BN_CTX_end(ctx);
+        for (i=0; i<ts1; i++)
+                BN_clear_free(&(val1[i]));
+        for (i=0; i<ts2; i++)
+                BN_clear_free(&(val2[i]));
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
new file mode 100644
index 0000000000..7649f63fd2
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -0,0 +1,490 @@
+/* crypto/bn/bn_gcd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*t;
+        int ret=0;
+
+        bn_check_top(in_a);
+        bn_check_top(in_b);
+
+        BN_CTX_start(ctx);
+        a = BN_CTX_get(ctx);
+        b = BN_CTX_get(ctx);
+        if (a == NULL || b == NULL) goto err;
+
+        if (BN_copy(a,in_a) == NULL) goto err;
+        if (BN_copy(b,in_b) == NULL) goto err;
+        a->neg = 0;
+        b->neg = 0;
+
+        if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
+        t=euclid(a,b);
+        if (t == NULL) goto err;
+
+        if (BN_copy(r,t) == NULL) goto err;
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
+        {
+        BIGNUM *t;
+        int shifts=0;
+
+        bn_check_top(a);
+        bn_check_top(b);
+
+        /* 0 <= b <= a */
+        while (!BN_is_zero(b))
+                {
+                /* 0 < b <= a */
+
+                if (BN_is_odd(a))
+                        {
+                        if (BN_is_odd(b))
+                                {
+                                if (!BN_sub(a,a,b)) goto err;
+                                if (!BN_rshift1(a,a)) goto err;
+                                if (BN_cmp(a,b) < 0)
+                                        { t=a; a=b; b=t; }
+                                }
+                        else            /* a odd - b even */
+                                {
+                                if (!BN_rshift1(b,b)) goto err;
+                                if (BN_cmp(a,b) < 0)
+                                        { t=a; a=b; b=t; }
+                                }
+                        }
+                else                    /* a is even */
+                        {
+                        if (BN_is_odd(b))
+                                {
+                                if (!BN_rshift1(a,a)) goto err;
+                                if (BN_cmp(a,b) < 0)
+                                        { t=a; a=b; b=t; }
+                                }
+                        else            /* a even - b even */
+                                {
+                                if (!BN_rshift1(a,a)) goto err;
+                                if (!BN_rshift1(b,b)) goto err;
+                                shifts++;
+                                }
+                        }
+                /* 0 <= b <= a */
+                }
+
+        if (shifts)
+                {
+                if (!BN_lshift(a,a,shifts)) goto err;
+                }
+        return(a);
+err:
+        return(NULL);
+        }
+
+
+/* solves ax == 1 (mod n) */
+BIGNUM *BN_mod_inverse(BIGNUM *in,
+        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+        {
+        BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+        BIGNUM *ret=NULL;
+        int sign;
+
+        bn_check_top(a);
+        bn_check_top(n);
+
+        BN_CTX_start(ctx);
+        A = BN_CTX_get(ctx);
+        B = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        D = BN_CTX_get(ctx);
+        M = BN_CTX_get(ctx);
+        Y = BN_CTX_get(ctx);
+        T = BN_CTX_get(ctx);
+        if (T == NULL) goto err;
+
+        if (in == NULL)
+                R=BN_new();
+        else
+                R=in;
+        if (R == NULL) goto err;
+
+        BN_one(X);
+        BN_zero(Y);
+        if (BN_copy(B,a) == NULL) goto err;
+        if (BN_copy(A,n) == NULL) goto err;
+        A->neg = 0;
+        if (B->neg || (BN_ucmp(B, A) >= 0))
+                {
+                if (!BN_nnmod(B, B, A, ctx)) goto err;
+                }
+        sign = -1;
+        /* From  B = a mod |n|,  A = |n|  it follows that
+         *
+         *      0 <= B < A,
+         *     -sign*X*a  ==  B   (mod |n|),
+         *      sign*Y*a  ==  A   (mod |n|).
+         */
+
+        if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
+                {
+                /* Binary inversion algorithm; requires odd modulus.
+                 * This is faster than the general algorithm if the modulus
+                 * is sufficiently small (about 400 .. 500 bits on 32-bit
+                 * sytems, but much more on 64-bit systems) */
+                int shift;
+                
+                while (!BN_is_zero(B))
+                        {
+                        /*
+                         *      0 < B < |n|,
+                         *      0 < A <= |n|,
+                         * (1) -sign*X*a  ==  B   (mod |n|),
+                         * (2)  sign*Y*a  ==  A   (mod |n|)
+                         */
+
+                        /* Now divide  B  by the maximum possible power of two in the integers,
+                         * and divide  X  by the same value mod |n|.
+                         * When we're done, (1) still holds. */
+                        shift = 0;
+                        while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
+                                {
+                                shift++;
+                                
+                                if (BN_is_odd(X))
+                                        {
+                                        if (!BN_uadd(X, X, n)) goto err;
+                                        }
+                                /* now X is even, so we can easily divide it by two */
+                                if (!BN_rshift1(X, X)) goto err;
+                                }
+                        if (shift > 0)
+                                {
+                                if (!BN_rshift(B, B, shift)) goto err;
+                                }
+
+
+                        /* Same for  A  and  Y.  Afterwards, (2) still holds. */
+                        shift = 0;
+                        while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
+                                {
+                                shift++;
+                                
+                                if (BN_is_odd(Y))
+                                        {
+                                        if (!BN_uadd(Y, Y, n)) goto err;
+                                        }
+                                /* now Y is even */
+                                if (!BN_rshift1(Y, Y)) goto err;
+                                }
+                        if (shift > 0)
+                                {
+                                if (!BN_rshift(A, A, shift)) goto err;
+                                }
+
+                        
+                        /* We still have (1) and (2).
+                         * Both  A  and  B  are odd.
+                         * The following computations ensure that
+                         *
+                         *     0 <= B < |n|,
+                         *      0 < A < |n|,
+                         * (1) -sign*X*a  ==  B   (mod |n|),
+                         * (2)  sign*Y*a  ==  A   (mod |n|),
+                         *
+                         * and that either  A  or  B  is even in the next iteration.
+                         */
+                        if (BN_ucmp(B, A) >= 0)
+                                {
+                                /* -sign*(X + Y)*a == B - A  (mod |n|) */
+                                if (!BN_uadd(X, X, Y)) goto err;
+                                /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+                                 * actually makes the algorithm slower */
+                                if (!BN_usub(B, B, A)) goto err;
+                                }
+                        else
+                                {
+                                /*  sign*(X + Y)*a == A - B  (mod |n|) */
+                                if (!BN_uadd(Y, Y, X)) goto err;
+                                /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
+                                if (!BN_usub(A, A, B)) goto err;
+                                }
+                        }
+                }
+        else
+                {
+                /* general inversion algorithm */
+
+                while (!BN_is_zero(B))
+                        {
+                        BIGNUM *tmp;
+                        
+                        /*
+                         *      0 < B < A,
+                         * (*) -sign*X*a  ==  B   (mod |n|),
+                         *      sign*Y*a  ==  A   (mod |n|)
+                         */
+                        
+                        /* (D, M) := (A/B, A%B) ... */
+                        if (BN_num_bits(A) == BN_num_bits(B))
+                                {
+                                if (!BN_one(D)) goto err;
+                                if (!BN_sub(M,A,B)) goto err;
+                                }
+                        else if (BN_num_bits(A) == BN_num_bits(B) + 1)
+                                {
+                                /* A/B is 1, 2, or 3 */
+                                if (!BN_lshift1(T,B)) goto err;
+                                if (BN_ucmp(A,T) < 0)
+                                        {
+                                        /* A < 2*B, so D=1 */
+                                        if (!BN_one(D)) goto err;
+                                        if (!BN_sub(M,A,B)) goto err;
+                                        }
+                                else
+                                        {
+                                        /* A >= 2*B, so D=2 or D=3 */
+                                        if (!BN_sub(M,A,T)) goto err;
+                                        if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
+                                        if (BN_ucmp(A,D) < 0)
+                                                {
+                                                /* A < 3*B, so D=2 */
+                                                if (!BN_set_word(D,2)) goto err;
+                                                /* M (= A - 2*B) already has the correct value */
+                                                }
+                                        else
+                                                {
+                                                /* only D=3 remains */
+                                                if (!BN_set_word(D,3)) goto err;
+                                                /* currently  M = A - 2*B,  but we need  M = A - 3*B */
+                                                if (!BN_sub(M,M,B)) goto err;
+                                                }
+                                        }
+                                }
+                        else
+                                {
+                                if (!BN_div(D,M,A,B,ctx)) goto err;
+                                }
+                        
+                        /* Now
+                         *      A = D*B + M;
+                         * thus we have
+                         * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+                         */
+                        
+                        tmp=A; /* keep the BIGNUM object, the value does not matter */
+                        
+                        /* (A, B) := (B, A mod B) ... */
+                        A=B;
+                        B=M;
+                        /* ... so we have  0 <= B < A  again */
+                        
+                        /* Since the former  M  is now  B  and the former  B  is now  A,
+                         * (**) translates into
+                         *       sign*Y*a  ==  D*A + B    (mod |n|),
+                         * i.e.
+                         *       sign*Y*a - D*A  ==  B    (mod |n|).
+                         * Similarly, (*) translates into
+                         *      -sign*X*a  ==  A          (mod |n|).
+                         *
+                         * Thus,
+                         *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+                         * i.e.
+                         *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+                         *
+                         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
+                         *      -sign*X*a  ==  B   (mod |n|),
+                         *       sign*Y*a  ==  A   (mod |n|).
+                         * Note that  X  and  Y  stay non-negative all the time.
+                         */
+                        
+                        /* most of the time D is very small, so we can optimize tmp := D*X+Y */
+                        if (BN_is_one(D))
+                                {
+                                if (!BN_add(tmp,X,Y)) goto err;
+                                }
+                        else
+                                {
+                                if (BN_is_word(D,2))
+                                        {
+                                        if (!BN_lshift1(tmp,X)) goto err;
+                                        }
+                                else if (BN_is_word(D,4))
+                                        {
+                                        if (!BN_lshift(tmp,X,2)) goto err;
+                                        }
+                                else if (D->top == 1)
+                                        {
+                                        if (!BN_copy(tmp,X)) goto err;
+                                        if (!BN_mul_word(tmp,D->d[0])) goto err;
+                                        }
+                                else
+                                        {
+                                        if (!BN_mul(tmp,D,X,ctx)) goto err;
+                                        }
+                                if (!BN_add(tmp,tmp,Y)) goto err;
+                                }
+                        
+                        M=Y; /* keep the BIGNUM object, the value does not matter */
+                        Y=X;
+                        X=tmp;
+                        sign = -sign;
+                        }
+                }
+                
+        /*
+         * The while loop (Euclid's algorithm) ends when
+         *      A == gcd(a,n);
+         * we have
+         *       sign*Y*a  ==  A  (mod |n|),
+         * where  Y  is non-negative.
+         */
+
+        if (sign < 0)
+                {
+                if (!BN_sub(Y,n,Y)) goto err;
+                }
+        /* Now  Y*a  ==  A  (mod |n|).  */
+        
+
+        if (BN_is_one(A))
+                {
+                /* Y*a == 1  (mod |n|) */
+                if (!Y->neg && BN_ucmp(Y,n) < 0)
+                        {
+                        if (!BN_copy(R,Y)) goto err;
+                        }
+                else
+                        {
+                        if (!BN_nnmod(R,Y,n,ctx)) goto err;
+                        }
+                }
+        else
+                {
+                BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+                goto err;
+                }
+        ret=R;
+err:
+        if ((ret == NULL) && (in == NULL)) BN_free(R);
+        BN_CTX_end(ctx);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/bn/bn_kron.c b/src/lib/libcrypto/bn/bn_kron.c
new file mode 100644
index 0000000000..49f75594ae
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_kron.c
@@ -0,0 +1,182 @@
+/* crypto/bn/bn_kron.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "bn_lcl.h"
+
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        int i;
+        int ret = -2; /* avoid 'uninitialized' warning */
+        int err = 0;
+        BIGNUM *A, *B, *tmp;
+        /* In 'tab', only odd-indexed entries are relevant:
+         * For any odd BIGNUM n,
+         *     tab[BN_lsw(n) & 7]
+         * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+         * Note that the sign of n does not matter.
+         */
+        static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
+
+        BN_CTX_start(ctx);
+        A = BN_CTX_get(ctx);
+        B = BN_CTX_get(ctx);
+        if (B == NULL) goto end;
+        
+        err = !BN_copy(A, a);
+        if (err) goto end;
+        err = !BN_copy(B, b);
+        if (err) goto end;
+
+        /*
+         * Kronecker symbol, imlemented according to Henri Cohen,
+         * "A Course in Computational Algebraic Number Theory"
+         * (algorithm 1.4.10).
+         */
+
+        /* Cohen's step 1: */
+
+        if (BN_is_zero(B))
+                {
+                ret = BN_abs_is_word(A, 1);
+                goto end;
+                }
+        
+        /* Cohen's step 2: */
+
+        if (!BN_is_odd(A) && !BN_is_odd(B))
+                {
+                ret = 0;
+                goto end;
+                }
+
+        /* now  B  is non-zero */
+        i = 0;
+        while (!BN_is_bit_set(B, i))
+                i++;
+        err = !BN_rshift(B, B, i);
+        if (err) goto end;
+        if (i & 1)
+                {
+                /* i is odd */
+                /* (thus  B  was even, thus  A  must be odd!)  */
+
+                /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+                ret = tab[BN_lsw(A) & 7];
+                }
+        else
+                {
+                /* i is even */
+                ret = 1;
+                }
+        
+        if (B->neg)
+                {
+                B->neg = 0;
+                if (A->neg)
+                        ret = -ret;
+                }
+
+        /* now  B  is positive and odd, so what remains to be done is
+         * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */
+
+        while (1)
+                {
+                /* Cohen's step 3: */
+
+                /*  B  is positive and odd */
+
+                if (BN_is_zero(A))
+                        {
+                        ret = BN_is_one(B) ? ret : 0;
+                        goto end;
+                        }
+
+                /* now  A  is non-zero */
+                i = 0;
+                while (!BN_is_bit_set(A, i))
+                        i++;
+                err = !BN_rshift(A, A, i);
+                if (err) goto end;
+                if (i & 1)
+                        {
+                        /* i is odd */
+                        /* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
+                        ret = ret * tab[BN_lsw(B) & 7];
+                        }
+        
+                /* Cohen's step 4: */
+                /* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
+                if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+                        ret = -ret;
+                
+                /* (A, B) := (B mod |A|, |A|) */
+                err = !BN_nnmod(B, B, A, ctx);
+                if (err) goto end;
+                tmp = A; A = B; B = tmp;
+                tmp->neg = 0;
+                }
+        
+ end:
+        BN_CTX_end(ctx);
+        if (err)
+                return -2;
+        else
+                return ret;
+        }
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
new file mode 100644
index 0000000000..253e195e23
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -0,0 +1,453 @@
+/* crypto/bn/bn_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_BN_LCL_H
+#define HEADER_BN_LCL_H
+
+#include <openssl/bn.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/* Used for temp variables */
+#define BN_CTX_NUM      32
+#define BN_CTX_NUM_POS  12
+struct bignum_ctx
+        {
+        int tos;
+        BIGNUM bn[BN_CTX_NUM];
+        int flags;
+        int depth;
+        int pos[BN_CTX_NUM_POS];
+        int too_many;
+        } /* BN_CTX */;
+
+
+/*
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ *    2^(w-1) + (b-w)/(w+1);
+ *
+ * here  2^(w-1)  is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1)  is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ *    w >= 6  if        b > 671
+ *     w = 5  if  671 > b > 239
+ *     w = 4  if  239 > b >  79
+ *     w = 3  if   79 > b >  23
+ *    w <= 2  if   23 > b
+ *
+ * (with draws in between).  Very small exponents are often selected
+ * with low Hamming weight, so we use  w = 1  for b <= 23.
+ */
+#if 1
+#define BN_window_bits_for_exponent_size(b) \
+                ((b) > 671 ? 6 : \
+                 (b) > 239 ? 5 : \
+                 (b) >  79 ? 4 : \
+                 (b) >  23 ? 3 : 1)
+#else
+/* Old SSLeay/OpenSSL table.
+ * Maximum window size was 5, so this table differs for b==1024;
+ * but it coincides for other interesting values (b==160, b==512).
+ */
+#define BN_window_bits_for_exponent_size(b) \
+                ((b) > 255 ? 5 : \
+                 (b) > 127 ? 4 : \
+                 (b) >  17 ? 3 : 1)
+#endif   
+
+
+
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha       16,16,16,16.64 */
+#define BN_MULL_SIZE_NORMAL                     (16) /* 32 */
+#define BN_MUL_RECURSIVE_SIZE_NORMAL            (16) /* 32 less than */
+#define BN_SQR_RECURSIVE_SIZE_NORMAL            (16) /* 32 */
+#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL        (32) /* 32 */
+#define BN_MONT_CTX_SET_SIZE_WORD               (64) /* 32 */
+
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+/*
+ * BN_UMULT_HIGH section.
+ *
+ * No, I'm not trying to overwhelm you when stating that the
+ * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
+ * you to be impressed when I say that if the compiler doesn't
+ * support 2*N integer type, then you have to replace every N*N
+ * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
+ * and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of
+ * producing 2*N result... That's when you normally start
+ * considering assembler implementation. However! It should be
+ * pointed out that some CPUs (most notably Alpha, PowerPC and
+ * upcoming IA-64 family:-) provide *separate* instruction
+ * calculating the upper half of the product placing the result
+ * into a general purpose register. Now *if* the compiler supports
+ * inline assembler, then it's not impossible to implement the
+ * "bignum" routines (and have the compiler optimize 'em)
+ * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
+ * macro is about:-)
+ *
+ *                                      <appro@fy.chalmers.se>
+ */
+# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#  if defined(__DECC)
+#   include <c_asm.h>
+#   define BN_UMULT_HIGH(a,b)   (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
+#  elif defined(__GNUC__)
+#   define BN_UMULT_HIGH(a,b)   ({      \
+        register BN_ULONG ret;          \
+        asm ("umulh     %1,%2,%0"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                    })
+#  endif        /* compiler */
+# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
+#  if defined(__GNUC__)
+#   define BN_UMULT_HIGH(a,b)   ({      \
+        register BN_ULONG ret;          \
+        asm ("mulhdu    %0,%1,%2"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                    })
+#  endif        /* compiler */
+# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+#  if defined(__GNUC__)
+#   define BN_UMULT_HIGH(a,b)   ({      \
+        register BN_ULONG ret,discard;  \
+        asm ("mulq      %3"             \
+             : "=a"(discard),"=d"(ret)  \
+             : "a"(a), "g"(b)           \
+             : "cc");                   \
+        ret;                    })
+#   define BN_UMULT_LOHI(low,high,a,b)  \
+        asm ("mulq      %3"             \
+                : "=a"(low),"=d"(high)  \
+                : "a"(a),"g"(b)         \
+                : "cc");
+#  endif
+# endif         /* cpu */
+#endif          /* OPENSSL_NO_ASM */
+
+/*************************************************************
+ * Using the long long type
+ */
+#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+/* This is used for internal error checking and is not normally used */
+#ifdef BN_DEBUG
+# include <assert.h>
+# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax);
+#else
+# define bn_check_top(a)
+#endif
+
+/* This macro is to add extra stuff for development checking */
+#ifdef BN_DEBUG
+#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA))
+#else
+#define bn_set_max(r)
+#endif
+
+/* These macros are used to 'take' a section of a bignum for read only use */
+#define bn_set_low(r,a,n) \
+        { \
+        (r)->top=((a)->top > (n))?(n):(a)->top; \
+        (r)->d=(a)->d; \
+        (r)->neg=(a)->neg; \
+        (r)->flags|=BN_FLG_STATIC_DATA; \
+        bn_set_max(r); \
+        }
+
+#define bn_set_high(r,a,n) \
+        { \
+        if ((a)->top > (n)) \
+                { \
+                (r)->top=(a)->top-n; \
+                (r)->d= &((a)->d[n]); \
+                } \
+        else \
+                (r)->top=0; \
+        (r)->neg=(a)->neg; \
+        (r)->flags|=BN_FLG_STATIC_DATA; \
+        bn_set_max(r); \
+        }
+
+#ifdef BN_LLONG
+#define mul_add(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (r) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#define mul(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#define sqr(r0,r1,a) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)(a)*(a); \
+        (r0)=Lw(t); \
+        (r1)=Hw(t); \
+        }
+
+#elif defined(BN_UMULT_HIGH)
+#define mul_add(r,a,w,c) {              \
+        BN_ULONG high,low,ret,tmp=(a);  \
+        ret =  (r);                     \
+        high=  BN_UMULT_HIGH(w,tmp);    \
+        ret += (c);                     \
+        low =  (w) * tmp;               \
+        (c) =  (ret<(c))?1:0;           \
+        (c) += high;                    \
+        ret += low;                     \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#define mul(r,a,w,c)    {               \
+        BN_ULONG high,low,ret,ta=(a);   \
+        low =  (w) * ta;                \
+        high=  BN_UMULT_HIGH(w,ta);     \
+        ret =  low + (c);               \
+        (c) =  high;                    \
+        (c) += (ret<low)?1:0;           \
+        (r) =  ret;                     \
+        }
+
+#define sqr(r0,r1,a)    {               \
+        BN_ULONG tmp=(a);               \
+        (r0) = tmp * tmp;               \
+        (r1) = BN_UMULT_HIGH(tmp,tmp);  \
+        }
+
+#else
+/*************************************************************
+ * No long long type
+ */
+
+#define LBITS(a)        ((a)&BN_MASK2l)
+#define HBITS(a)        (((a)>>BN_BITS4)&BN_MASK2l)
+#define L2HBITS(a)      (((a)<<BN_BITS4)&BN_MASK2)
+
+#define LLBITS(a)       ((a)&BN_MASKl)
+#define LHBITS(a)       (((a)>>BN_BITS2)&BN_MASKl)
+#define LL2HBITS(a)     ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+
+#define mul64(l,h,bl,bh) \
+        { \
+        BN_ULONG m,m1,lt,ht; \
+ \
+        lt=l; \
+        ht=h; \
+        m =(bh)*(lt); \
+        lt=(bl)*(lt); \
+        m1=(bl)*(ht); \
+        ht =(bh)*(ht); \
+        m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
+        ht+=HBITS(m); \
+        m1=L2HBITS(m); \
+        lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
+        (l)=lt; \
+        (h)=ht; \
+        }
+
+#define sqr64(lo,ho,in) \
+        { \
+        BN_ULONG l,h,m; \
+ \
+        h=(in); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        m =(l)*(h); \
+        l*=l; \
+        h*=h; \
+        h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+        m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+        l=(l+m)&BN_MASK2; if (l < m) h++; \
+        (lo)=l; \
+        (ho)=h; \
+        }
+
+#define mul_add(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=(r); \
+        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l; \
+        }
+
+#define mul(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+        (c)=h&BN_MASK2; \
+        (r)=l&BN_MASK2; \
+        }
+#endif /* !BN_LLONG */
+
+void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
+void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+        int cl, int dl);
+#ifdef BN_RECURSION
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+        BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+        int n, BN_ULONG *t);
+void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+        BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
+        BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
+#endif
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
new file mode 100644
index 0000000000..e1660450bc
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -0,0 +1,824 @@
+/* crypto/bn/bn_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
+
+/* For a 32 bit machine
+ * 2 -   4 ==  128
+ * 3 -   8 ==  256
+ * 4 -  16 ==  512
+ * 5 -  32 == 1024
+ * 6 -  64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits=0;
+static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low=0;
+static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high=0;
+static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont=0;
+static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+        {
+        if (mult >= 0)
+                {
+                if (mult > (sizeof(int)*8)-1)
+                        mult=sizeof(int)*8-1;
+                bn_limit_bits=mult;
+                bn_limit_num=1<<mult;
+                }
+        if (high >= 0)
+                {
+                if (high > (sizeof(int)*8)-1)
+                        high=sizeof(int)*8-1;
+                bn_limit_bits_high=high;
+                bn_limit_num_high=1<<high;
+                }
+        if (low >= 0)
+                {
+                if (low > (sizeof(int)*8)-1)
+                        low=sizeof(int)*8-1;
+                bn_limit_bits_low=low;
+                bn_limit_num_low=1<<low;
+                }
+        if (mont >= 0)
+                {
+                if (mont > (sizeof(int)*8)-1)
+                        mont=sizeof(int)*8-1;
+                bn_limit_bits_mont=mont;
+                bn_limit_num_mont=1<<mont;
+                }
+        }
+
+int BN_get_params(int which)
+        {
+        if      (which == 0) return(bn_limit_bits);
+        else if (which == 1) return(bn_limit_bits_high);
+        else if (which == 2) return(bn_limit_bits_low);
+        else if (which == 3) return(bn_limit_bits_mont);
+        else return(0);
+        }
+
+const BIGNUM *BN_value_one(void)
+        {
+        static BN_ULONG data_one=1L;
+        static BIGNUM const_one={&data_one,1,1,0};
+
+        return(&const_one);
+        }
+
+char *BN_options(void)
+        {
+        static int init=0;
+        static char data[16];
+
+        if (!init)
+                {
+                init++;
+#ifdef BN_LLONG
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+#else
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+#endif
+                }
+        return(data);
+        }
+
+int BN_num_bits_word(BN_ULONG l)
+        {
+        static const char bits[256]={
+                0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
+                5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
+                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+                6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
+                };
+
+#if defined(SIXTY_FOUR_BIT_LONG)
+        if (l & 0xffffffff00000000L)
+                {
+                if (l & 0xffff000000000000L)
+                        {
+                        if (l & 0xff00000000000000L)
+                                {
+                                return(bits[(int)(l>>56)]+56);
+                                }
+                        else    return(bits[(int)(l>>48)]+48);
+                        }
+                else
+                        {
+                        if (l & 0x0000ff0000000000L)
+                                {
+                                return(bits[(int)(l>>40)]+40);
+                                }
+                        else    return(bits[(int)(l>>32)]+32);
+                        }
+                }
+        else
+#else
+#ifdef SIXTY_FOUR_BIT
+        if (l & 0xffffffff00000000LL)
+                {
+                if (l & 0xffff000000000000LL)
+                        {
+                        if (l & 0xff00000000000000LL)
+                                {
+                                return(bits[(int)(l>>56)]+56);
+                                }
+                        else    return(bits[(int)(l>>48)]+48);
+                        }
+                else
+                        {
+                        if (l & 0x0000ff0000000000LL)
+                                {
+                                return(bits[(int)(l>>40)]+40);
+                                }
+                        else    return(bits[(int)(l>>32)]+32);
+                        }
+                }
+        else
+#endif
+#endif
+                {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+                if (l & 0xffff0000L)
+                        {
+                        if (l & 0xff000000L)
+                                return(bits[(int)(l>>24L)]+24);
+                        else    return(bits[(int)(l>>16L)]+16);
+                        }
+                else
+#endif
+                        {
+#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+                        if (l & 0xff00L)
+                                return(bits[(int)(l>>8)]+8);
+                        else    
+#endif
+                                return(bits[(int)(l   )]  );
+                        }
+                }
+        }
+
+int BN_num_bits(const BIGNUM *a)
+        {
+        BN_ULONG l;
+        int i;
+
+        bn_check_top(a);
+
+        if (a->top == 0) return(0);
+        l=a->d[a->top-1];
+        assert(l != 0);
+        i=(a->top-1)*BN_BITS2;
+        return(i+BN_num_bits_word(l));
+        }
+
+void BN_clear_free(BIGNUM *a)
+        {
+        int i;
+
+        if (a == NULL) return;
+        if (a->d != NULL)
+                {
+                OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+                if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+                        OPENSSL_free(a->d);
+                }
+        i=BN_get_flags(a,BN_FLG_MALLOCED);
+        OPENSSL_cleanse(a,sizeof(BIGNUM));
+        if (i)
+                OPENSSL_free(a);
+        }
+
+void BN_free(BIGNUM *a)
+        {
+        if (a == NULL) return;
+        if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+                OPENSSL_free(a->d);
+        a->flags|=BN_FLG_FREE; /* REMOVE? */
+        if (a->flags & BN_FLG_MALLOCED)
+                OPENSSL_free(a);
+        }
+
+void BN_init(BIGNUM *a)
+        {
+        memset(a,0,sizeof(BIGNUM));
+        }
+
+BIGNUM *BN_new(void)
+        {
+        BIGNUM *ret;
+
+        if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
+                {
+                BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->flags=BN_FLG_MALLOCED;
+        ret->top=0;
+        ret->neg=0;
+        ret->dmax=0;
+        ret->d=NULL;
+        return(ret);
+        }
+
+/* This is used both by bn_expand2() and bn_dup_expand() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+        {
+        BN_ULONG *A,*a = NULL;
+        const BN_ULONG *B;
+        int i;
+
+        if (words > (INT_MAX/(4*BN_BITS2)))
+                {
+                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
+                return NULL;
+                }
+
+        bn_check_top(b);        
+        if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+                {
+                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+                return(NULL);
+                }
+        a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
+        if (A == NULL)
+                {
+                BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+#if 1
+        B=b->d;
+        /* Check if the previous number needs to be copied */
+        if (B != NULL)
+                {
+                for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+                        {
+                        /*
+                         * The fact that the loop is unrolled
+                         * 4-wise is a tribute to Intel. It's
+                         * the one that doesn't have enough
+                         * registers to accomodate more data.
+                         * I'd unroll it 8-wise otherwise:-)
+                         *
+                         *              <appro@fy.chalmers.se>
+                         */
+                        BN_ULONG a0,a1,a2,a3;
+                        a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+                        A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+                        }
+                switch (b->top&3)
+                        {
+                case 3: A[2]=B[2];
+                case 2: A[1]=B[1];
+                case 1: A[0]=B[0];
+                case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
+                         * the switch table by doing a=top&3; a--; goto jump_table[a];
+                         * which fails for top== 0 */
+                        ;
+                        }
+                }
+
+        /* Now need to zero any data between b->top and b->max */
+        /* XXX Why? */
+
+        A= &(a[b->top]);
+        for (i=(words - b->top)>>3; i>0; i--,A+=8)
+                {
+                A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+                A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+                }
+        for (i=(words - b->top)&7; i>0; i--,A++)
+                A[0]=0;
+#else
+        memset(A,0,sizeof(BN_ULONG)*(words+1));
+        memcpy(A,b->d,sizeof(b->d[0])*b->top);
+#endif
+                
+        return(a);
+        }
+
+/* This is an internal function that can be used instead of bn_expand2()
+ * when there is a need to copy BIGNUMs instead of only expanding the
+ * data part, while still expanding them.
+ * Especially useful when needing to expand BIGNUMs that are declared
+ * 'const' and should therefore not be changed.
+ * The reason to use this instead of a BN_dup() followed by a bn_expand2()
+ * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
+ * will allocate new memory for the BIGNUM data twice, and free it once,
+ * while bn_dup_expand() makes sure allocation is made only once.
+ */
+
+BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
+        {
+        BIGNUM *r = NULL;
+
+        /* This function does not work if
+         *      words <= b->dmax && top < words
+         * because BN_dup() does not preserve 'dmax'!
+         * (But bn_dup_expand() is not used anywhere yet.)
+         */
+        
+        if (words > b->dmax)
+                {
+                BN_ULONG *a = bn_expand_internal(b, words);
+
+                if (a)
+                        {
+                        r = BN_new();
+                        if (r)
+                                {
+                                r->top = b->top;
+                                r->dmax = words;
+                                r->neg = b->neg;
+                                r->d = a;
+                                }
+                        else
+                                {
+                                /* r == NULL, BN_new failure */
+                                OPENSSL_free(a);
+                                }
+                        }
+                /* If a == NULL, there was an error in allocation in
+                   bn_expand_internal(), and NULL should be returned */
+                }
+        else
+                {
+                r = BN_dup(b);
+                }
+
+        return r;
+        }
+
+/* This is an internal function that should not be used in applications.
+ * It ensures that 'b' has enough room for a 'words' word number number.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+        {
+        if (words > b->dmax)
+                {
+                BN_ULONG *a = bn_expand_internal(b, words);
+
+                if (a)
+                        {
+                        if (b->d)
+                                OPENSSL_free(b->d);
+                        b->d=a;
+                        b->dmax=words;
+                        }
+                else
+                        b = NULL;
+                }
+        return b;
+        }
+
+BIGNUM *BN_dup(const BIGNUM *a)
+        {
+        BIGNUM *r, *t;
+
+        if (a == NULL) return NULL;
+
+        bn_check_top(a);
+
+        t = BN_new();
+        if (t == NULL) return(NULL);
+        r = BN_copy(t, a);
+        /* now  r == t || r == NULL */
+        if (r == NULL)
+                BN_free(t);
+        return r;
+        }
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+        {
+        int i;
+        BN_ULONG *A;
+        const BN_ULONG *B;
+
+        bn_check_top(b);
+
+        if (a == b) return(a);
+        if (bn_wexpand(a,b->top) == NULL) return(NULL);
+
+#if 1
+        A=a->d;
+        B=b->d;
+        for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+                {
+                BN_ULONG a0,a1,a2,a3;
+                a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+                A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+                }
+        switch (b->top&3)
+                {
+                case 3: A[2]=B[2];
+                case 2: A[1]=B[1];
+                case 1: A[0]=B[0];
+                case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
+                }
+#else
+        memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+#endif
+
+/*      memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
+        a->top=b->top;
+        if ((a->top == 0) && (a->d != NULL))
+                a->d[0]=0;
+        a->neg=b->neg;
+        return(a);
+        }
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+        {
+        int flags_old_a, flags_old_b;
+        BN_ULONG *tmp_d;
+        int tmp_top, tmp_dmax, tmp_neg;
+        
+        flags_old_a = a->flags;
+        flags_old_b = b->flags;
+
+        tmp_d = a->d;
+        tmp_top = a->top;
+        tmp_dmax = a->dmax;
+        tmp_neg = a->neg;
+        
+        a->d = b->d;
+        a->top = b->top;
+        a->dmax = b->dmax;
+        a->neg = b->neg;
+        
+        b->d = tmp_d;
+        b->top = tmp_top;
+        b->dmax = tmp_dmax;
+        b->neg = tmp_neg;
+        
+        a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+        b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+        }
+
+
+void BN_clear(BIGNUM *a)
+        {
+        if (a->d != NULL)
+                memset(a->d,0,a->dmax*sizeof(a->d[0]));
+        a->top=0;
+        a->neg=0;
+        }
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+        {
+        int i,n;
+        BN_ULONG ret=0;
+
+        n=BN_num_bytes(a);
+        if (n > sizeof(BN_ULONG))
+                return(BN_MASK2);
+        for (i=a->top-1; i>=0; i--)
+                {
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+                ret<<=BN_BITS4; /* stops the compiler complaining */
+                ret<<=BN_BITS4;
+#else
+                ret=0;
+#endif
+                ret|=a->d[i];
+                }
+        return(ret);
+        }
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+        {
+        int i,n;
+        if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
+
+        n=sizeof(BN_ULONG)/BN_BYTES;
+        a->neg=0;
+        a->top=0;
+        a->d[0]=(BN_ULONG)w&BN_MASK2;
+        if (a->d[0] != 0) a->top=1;
+        for (i=1; i<n; i++)
+                {
+                /* the following is done instead of
+                 * w>>=BN_BITS2 so compilers don't complain
+                 * on builds where sizeof(long) == BN_TYPES */
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+                w>>=BN_BITS4;
+                w>>=BN_BITS4;
+#else
+                w=0;
+#endif
+                a->d[i]=(BN_ULONG)w&BN_MASK2;
+                if (a->d[i] != 0) a->top=i+1;
+                }
+        return(1);
+        }
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+        {
+        unsigned int i,m;
+        unsigned int n;
+        BN_ULONG l;
+
+        if (ret == NULL) ret=BN_new();
+        if (ret == NULL) return(NULL);
+        l=0;
+        n=len;
+        if (n == 0)
+                {
+                ret->top=0;
+                return(ret);
+                }
+        if (bn_expand(ret,(int)(n+2)*8) == NULL)
+                return(NULL);
+        i=((n-1)/BN_BYTES)+1;
+        m=((n-1)%(BN_BYTES));
+        ret->top=i;
+        ret->neg=0;
+        while (n-- > 0)
+                {
+                l=(l<<8L)| *(s++);
+                if (m-- == 0)
+                        {
+                        ret->d[--i]=l;
+                        l=0;
+                        m=BN_BYTES-1;
+                        }
+                }
+        /* need to call this due to clear byte at top if avoiding
+         * having the top bit set (-ve number) */
+        bn_fix_top(ret);
+        return(ret);
+        }
+
+/* ignore negative */
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+        {
+        int n,i;
+        BN_ULONG l;
+
+        n=i=BN_num_bytes(a);
+        while (i-- > 0)
+                {
+                l=a->d[i/BN_BYTES];
+                *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
+                }
+        return(n);
+        }
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+        {
+        int i;
+        BN_ULONG t1,t2,*ap,*bp;
+
+        bn_check_top(a);
+        bn_check_top(b);
+
+        i=a->top-b->top;
+        if (i != 0) return(i);
+        ap=a->d;
+        bp=b->d;
+        for (i=a->top-1; i>=0; i--)
+                {
+                t1= ap[i];
+                t2= bp[i];
+                if (t1 != t2)
+                        return(t1 > t2?1:-1);
+                }
+        return(0);
+        }
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+        {
+        int i;
+        int gt,lt;
+        BN_ULONG t1,t2;
+
+        if ((a == NULL) || (b == NULL))
+                {
+                if (a != NULL)
+                        return(-1);
+                else if (b != NULL)
+                        return(1);
+                else
+                        return(0);
+                }
+
+        bn_check_top(a);
+        bn_check_top(b);
+
+        if (a->neg != b->neg)
+                {
+                if (a->neg)
+                        return(-1);
+                else    return(1);
+                }
+        if (a->neg == 0)
+                { gt=1; lt= -1; }
+        else    { gt= -1; lt=1; }
+
+        if (a->top > b->top) return(gt);
+        if (a->top < b->top) return(lt);
+        for (i=a->top-1; i>=0; i--)
+                {
+                t1=a->d[i];
+                t2=b->d[i];
+                if (t1 > t2) return(gt);
+                if (t1 < t2) return(lt);
+                }
+        return(0);
+        }
+
+int BN_set_bit(BIGNUM *a, int n)
+        {
+        int i,j,k;
+
+        i=n/BN_BITS2;
+        j=n%BN_BITS2;
+        if (a->top <= i)
+                {
+                if (bn_wexpand(a,i+1) == NULL) return(0);
+                for(k=a->top; k<i+1; k++)
+                        a->d[k]=0;
+                a->top=i+1;
+                }
+
+        a->d[i]|=(((BN_ULONG)1)<<j);
+        return(1);
+        }
+
+int BN_clear_bit(BIGNUM *a, int n)
+        {
+        int i,j;
+
+        i=n/BN_BITS2;
+        j=n%BN_BITS2;
+        if (a->top <= i) return(0);
+
+        a->d[i]&=(~(((BN_ULONG)1)<<j));
+        bn_fix_top(a);
+        return(1);
+        }
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+        {
+        int i,j;
+
+        if (n < 0) return(0);
+        i=n/BN_BITS2;
+        j=n%BN_BITS2;
+        if (a->top <= i) return(0);
+        return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
+        }
+
+int BN_mask_bits(BIGNUM *a, int n)
+        {
+        int b,w;
+
+        w=n/BN_BITS2;
+        b=n%BN_BITS2;
+        if (w >= a->top) return(0);
+        if (b == 0)
+                a->top=w;
+        else
+                {
+                a->top=w+1;
+                a->d[w]&= ~(BN_MASK2<<b);
+                }
+        bn_fix_top(a);
+        return(1);
+        }
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+        {
+        int i;
+        BN_ULONG aa,bb;
+
+        aa=a[n-1];
+        bb=b[n-1];
+        if (aa != bb) return((aa > bb)?1:-1);
+        for (i=n-2; i>=0; i--)
+                {
+                aa=a[i];
+                bb=b[i];
+                if (aa != bb) return((aa > bb)?1:-1);
+                }
+        return(0);
+        }
+
+/* Here follows a specialised variants of bn_cmp_words().  It has the
+   property of performing the operation on arrays of different sizes.
+   The sizes of those arrays is expressed through cl, which is the
+   common length ( basicall, min(len(a),len(b)) ), and dl, which is the
+   delta between the two lengths, calculated as len(a)-len(b).
+   All lengths are the number of BN_ULONGs...  */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+        int cl, int dl)
+        {
+        int n,i;
+        n = cl-1;
+
+        if (dl < 0)
+                {
+                for (i=dl; i<0; i++)
+                        {
+                        if (b[n-i] != 0)
+                                return -1; /* a < b */
+                        }
+                }
+        if (dl > 0)
+                {
+                for (i=dl; i>0; i--)
+                        {
+                        if (a[n+i] != 0)
+                                return 1; /* a > b */
+                        }
+                }
+        return bn_cmp_words(a,b,cl);
+        }
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
new file mode 100644
index 0000000000..5cf82480d7
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -0,0 +1,296 @@
+/* crypto/bn/bn_mod.c */
+/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+#if 0 /* now just a #define */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+        {
+        return(BN_div(NULL,rem,m,d,ctx));
+        /* note that  rem->neg == m->neg  (unless the remainder is zero) */
+        }
+#endif
+
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+        {
+        /* like BN_mod, but returns non-negative remainder
+         * (i.e.,  0 <= r < |d|  always holds) */
+
+        if (!(BN_mod(r,m,d,ctx)))
+                return 0;
+        if (!r->neg)
+                return 1;
+        /* now   -|d| < r < 0,  so we have to set  r := r + |d| */
+        return (d->neg ? BN_sub : BN_add)(r, r, d);
+}
+
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+        {
+        if (!BN_add(r, a, b)) return 0;
+        return BN_nnmod(r, r, m, ctx);
+        }
+
+
+/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
+ * and less than  m */
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+        {
+        if (!BN_add(r, a, b)) return 0;
+        if (BN_ucmp(r, m) >= 0)
+                return BN_usub(r, r, m);
+        return 1;
+        }
+
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+        {
+        if (!BN_sub(r, a, b)) return 0;
+        return BN_nnmod(r, r, m, ctx);
+        }
+
+
+/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
+ * and less than  m */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+        {
+        if (!BN_sub(r, a, b)) return 0;
+        if (r->neg)
+                return BN_add(r, r, m);
+        return 1;
+        }
+
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+        BN_CTX *ctx)
+        {
+        BIGNUM *t;
+        int ret=0;
+
+        bn_check_top(a);
+        bn_check_top(b);
+        bn_check_top(m);
+
+        BN_CTX_start(ctx);
+        if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+        if (a == b)
+                { if (!BN_sqr(t,a,ctx)) goto err; }
+        else
+                { if (!BN_mul(t,a,b,ctx)) goto err; }
+        if (!BN_nnmod(r,t,m,ctx)) goto err;
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+        {
+        if (!BN_sqr(r, a, ctx)) return 0;
+        /* r->neg == 0,  thus we don't need BN_nnmod */
+        return BN_mod(r, r, m, ctx);
+        }
+
+
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+        {
+        if (!BN_lshift1(r, a)) return 0;
+        return BN_nnmod(r, r, m, ctx);
+        }
+
+
+/* BN_mod_lshift1 variant that may be used if  a  is non-negative
+ * and less than  m */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+        {
+        if (!BN_lshift1(r, a)) return 0;
+        if (BN_cmp(r, m) >= 0)
+                return BN_sub(r, r, m);
+        return 1;
+        }
+
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
+        {
+        BIGNUM *abs_m = NULL;
+        int ret;
+
+        if (!BN_nnmod(r, a, m, ctx)) return 0;
+
+        if (m->neg)
+                {
+                abs_m = BN_dup(m);
+                if (abs_m == NULL) return 0;
+                abs_m->neg = 0;
+                }
+        
+        ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+
+        if (abs_m)
+                BN_free(abs_m);
+        return ret;
+        }
+
+
+/* BN_mod_lshift variant that may be used if  a  is non-negative
+ * and less than  m */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+        {
+        if (r != a)
+                {
+                if (BN_copy(r, a) == NULL) return 0;
+                }
+
+        while (n > 0)
+                {
+                int max_shift;
+                
+                /* 0 < r < m */
+                max_shift = BN_num_bits(m) - BN_num_bits(r);
+                /* max_shift >= 0 */
+
+                if (max_shift < 0)
+                        {
+                        BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+                        return 0;
+                        }
+
+                if (max_shift > n)
+                        max_shift = n;
+
+                if (max_shift)
+                        {
+                        if (!BN_lshift(r, r, max_shift)) return 0;
+                        n -= max_shift;
+                        }
+                else
+                        {
+                        if (!BN_lshift1(r, r)) return 0;
+                        --n;
+                        }
+
+                /* BN_num_bits(r) <= BN_num_bits(m) */
+
+                if (BN_cmp(r, m) >= 0) 
+                        {
+                        if (!BN_sub(r, r, m)) return 0;
+                        }
+                }
+        
+        return 1;
+        }
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
new file mode 100644
index 0000000000..b79b1b60da
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -0,0 +1,349 @@
+/* crypto/bn/bn_mont.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Details about Montgomery multiplication algorithms can be found at
+ * http://security.ece.orst.edu/publications.html, e.g.
+ * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
+ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define MONT_WORD /* use the faster word-based algorithm */
+
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx)
+        {
+        BIGNUM *tmp;
+        int ret=0;
+
+        BN_CTX_start(ctx);
+        tmp = BN_CTX_get(ctx);
+        if (tmp == NULL) goto err;
+
+        bn_check_top(tmp);
+        if (a == b)
+                {
+                if (!BN_sqr(tmp,a,ctx)) goto err;
+                }
+        else
+                {
+                if (!BN_mul(tmp,a,b,ctx)) goto err;
+                }
+        /* reduce from aRR to aR */
+        if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+             BN_CTX *ctx)
+        {
+        int retn=0;
+
+#ifdef MONT_WORD
+        BIGNUM *n,*r;
+        BN_ULONG *ap,*np,*rp,n0,v,*nrp;
+        int al,nl,max,i,x,ri;
+
+        BN_CTX_start(ctx);
+        if ((r = BN_CTX_get(ctx)) == NULL) goto err;
+
+        if (!BN_copy(r,a)) goto err;
+        n= &(mont->N);
+
+        ap=a->d;
+        /* mont->ri is the size of mont->N in bits (rounded up
+           to the word size) */
+        al=ri=mont->ri/BN_BITS2;
+        
+        nl=n->top;
+        if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
+
+        max=(nl+al+1); /* allow for overflow (no?) XXX */
+        if (bn_wexpand(r,max) == NULL) goto err;
+        if (bn_wexpand(ret,max) == NULL) goto err;
+
+        r->neg=a->neg^n->neg;
+        np=n->d;
+        rp=r->d;
+        nrp= &(r->d[nl]);
+
+        /* clear the top words of T */
+#if 1
+        for (i=r->top; i<max; i++) /* memset? XXX */
+                r->d[i]=0;
+#else
+        memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+#endif
+
+        r->top=max;
+        n0=mont->n0;
+
+#ifdef BN_COUNT
+        fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
+#endif
+        for (i=0; i<nl; i++)
+                {
+#ifdef __TANDEM
+                {
+                   long long t1;
+                   long long t2;
+                   long long t3;
+                   t1 = rp[0] * (n0 & 0177777);
+                   t2 = 037777600000l;
+                   t2 = n0 & t2;
+                   t3 = rp[0] & 0177777;
+                   t2 = (t3 * t2) & BN_MASK2;
+                   t1 = t1 + t2;
+                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
+                }
+#else
+                v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+#endif
+                nrp++;
+                rp++;
+                if (((nrp[-1]+=v)&BN_MASK2) >= v)
+                        continue;
+                else
+                        {
+                        if (((++nrp[0])&BN_MASK2) != 0) continue;
+                        if (((++nrp[1])&BN_MASK2) != 0) continue;
+                        for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
+                        }
+                }
+        bn_fix_top(r);
+        
+        /* mont->ri will be a multiple of the word size */
+#if 0
+        BN_rshift(ret,r,mont->ri);
+#else
+        ret->neg = r->neg;
+        x=ri;
+        rp=ret->d;
+        ap= &(r->d[x]);
+        if (r->top < x)
+                al=0;
+        else
+                al=r->top-x;
+        ret->top=al;
+        al-=4;
+        for (i=0; i<al; i+=4)
+                {
+                BN_ULONG t1,t2,t3,t4;
+                
+                t1=ap[i+0];
+                t2=ap[i+1];
+                t3=ap[i+2];
+                t4=ap[i+3];
+                rp[i+0]=t1;
+                rp[i+1]=t2;
+                rp[i+2]=t3;
+                rp[i+3]=t4;
+                }
+        al+=4;
+        for (; i<al; i++)
+                rp[i]=ap[i];
+#endif
+#else /* !MONT_WORD */ 
+        BIGNUM *t1,*t2;
+
+        BN_CTX_start(ctx);
+        t1 = BN_CTX_get(ctx);
+        t2 = BN_CTX_get(ctx);
+        if (t1 == NULL || t2 == NULL) goto err;
+        
+        if (!BN_copy(t1,a)) goto err;
+        BN_mask_bits(t1,mont->ri);
+
+        if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
+        BN_mask_bits(t2,mont->ri);
+
+        if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
+        if (!BN_add(t2,a,t1)) goto err;
+        if (!BN_rshift(ret,t2,mont->ri)) goto err;
+#endif /* MONT_WORD */
+
+        if (BN_ucmp(ret, &(mont->N)) >= 0)
+                {
+                if (!BN_usub(ret,ret,&(mont->N))) goto err;
+                }
+        retn=1;
+ err:
+        BN_CTX_end(ctx);
+        return(retn);
+        }
+
+BN_MONT_CTX *BN_MONT_CTX_new(void)
+        {
+        BN_MONT_CTX *ret;
+
+        if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
+                return(NULL);
+
+        BN_MONT_CTX_init(ret);
+        ret->flags=BN_FLG_MALLOCED;
+        return(ret);
+        }
+
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+        {
+        ctx->ri=0;
+        BN_init(&(ctx->RR));
+        BN_init(&(ctx->N));
+        BN_init(&(ctx->Ni));
+        ctx->flags=0;
+        }
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
+        {
+        if(mont == NULL)
+            return;
+
+        BN_free(&(mont->RR));
+        BN_free(&(mont->N));
+        BN_free(&(mont->Ni));
+        if (mont->flags & BN_FLG_MALLOCED)
+                OPENSSL_free(mont);
+        }
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+        {
+        BIGNUM Ri,*R;
+
+        BN_init(&Ri);
+        R= &(mont->RR);                                 /* grab RR as a temp */
+        if (!BN_copy(&(mont->N),mod)) goto err;         /* Set N */
+        mont->N.neg = 0;
+
+#ifdef MONT_WORD
+                {
+                BIGNUM tmod;
+                BN_ULONG buf[2];
+
+                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+                if (!(BN_zero(R))) goto err;
+                if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
+
+                buf[0]=mod->d[0]; /* tmod = N mod word size */
+                buf[1]=0;
+                tmod.d=buf;
+                tmod.top=1;
+                tmod.dmax=2;
+                tmod.neg=0;
+                                                        /* Ri = R^-1 mod N*/
+                if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
+                        goto err;
+                if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */
+                if (!BN_is_zero(&Ri))
+                        {
+                        if (!BN_sub_word(&Ri,1)) goto err;
+                        }
+                else /* if N mod word size == 1 */
+                        {
+                        if (!BN_set_word(&Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
+                        }
+                if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err;
+                /* Ni = (R*Ri-1)/N,
+                 * keep only least significant word: */
+                mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0;
+                BN_free(&Ri);
+                }
+#else /* !MONT_WORD */
+                { /* bignum version */
+                mont->ri=BN_num_bits(&mont->N);
+                if (!BN_zero(R)) goto err;
+                if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */
+                                                        /* Ri = R^-1 mod N*/
+                if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL)
+                        goto err;
+                if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */
+                if (!BN_sub_word(&Ri,1)) goto err;
+                                                        /* Ni = (R*Ri-1) / N */
+                if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err;
+                BN_free(&Ri);
+                }
+#endif
+
+        /* setup RR for conversions */
+        if (!BN_zero(&(mont->RR))) goto err;
+        if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
+        if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
+
+        return(1);
+err:
+        return(0);
+        }
+
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+        {
+        if (to == from) return(to);
+
+        if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
+        if (!BN_copy(&(to->N),&(from->N))) return NULL;
+        if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
+        to->ri=from->ri;
+        to->n0=from->n0;
+        return(to);
+        }
+
diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c
new file mode 100644
index 0000000000..05fa9d1e9a
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_mpi.c
@@ -0,0 +1,129 @@
+/* crypto/bn/bn_mpi.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+        {
+        int bits;
+        int num=0;
+        int ext=0;
+        long l;
+
+        bits=BN_num_bits(a);
+        num=(bits+7)/8;
+        if (bits > 0)
+                {
+                ext=((bits & 0x07) == 0);
+                }
+        if (d == NULL)
+                return(num+4+ext);
+
+        l=num+ext;
+        d[0]=(unsigned char)(l>>24)&0xff;
+        d[1]=(unsigned char)(l>>16)&0xff;
+        d[2]=(unsigned char)(l>> 8)&0xff;
+        d[3]=(unsigned char)(l    )&0xff;
+        if (ext) d[4]=0;
+        num=BN_bn2bin(a,&(d[4+ext]));
+        if (a->neg)
+                d[4]|=0x80;
+        return(num+4+ext);
+        }
+
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+        {
+        long len;
+        int neg=0;
+
+        if (n < 4)
+                {
+                BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
+                return(NULL);
+                }
+        len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
+        if ((len+4) != n)
+                {
+                BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
+                return(NULL);
+                }
+
+        if (a == NULL) a=BN_new();
+        if (a == NULL) return(NULL);
+
+        if (len == 0)
+                {
+                a->neg=0;
+                a->top=0;
+                return(a);
+                }
+        d+=4;
+        if ((*d) & 0x80)
+                neg=1;
+        if (BN_bin2bn(d,(int)len,a) == NULL)
+                return(NULL);
+        a->neg=neg;
+        if (neg)
+                {
+                BN_clear_bit(a,BN_num_bits(a)-1);
+                }
+        return(a);
+        }
+
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
new file mode 100644
index 0000000000..3ae3822bc2
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -0,0 +1,802 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#ifdef BN_RECURSION
+/* Karatsuba recursive multiplication algorithm
+ * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
+
+/* r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+             BN_ULONG *t)
+        {
+        int n=n2/2,c1,c2;
+        unsigned int neg,zero;
+        BN_ULONG ln,lo,*p;
+
+# ifdef BN_COUNT
+        printf(" bn_mul_recursive %d * %d\n",n2,n2);
+# endif
+# ifdef BN_MUL_COMBA
+#  if 0
+        if (n2 == 4)
+                {
+                bn_mul_comba4(r,a,b);
+                return;
+                }
+#  endif
+        if (n2 == 8)
+                {
+                bn_mul_comba8(r,a,b);
+                return; 
+                }
+# endif /* BN_MUL_COMBA */
+        if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
+                {
+                /* This should not happen */
+                bn_mul_normal(r,a,n2,b,n2);
+                return;
+                }
+        /* r=(a[0]-a[1])*(b[1]-b[0]) */
+        c1=bn_cmp_words(a,&(a[n]),n);
+        c2=bn_cmp_words(&(b[n]),b,n);
+        zero=neg=0;
+        switch (c1*3+c2)
+                {
+        case -4:
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+                break;
+        case -3:
+                zero=1;
+                break;
+        case -2:
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
+                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+                neg=1;
+                break;
+        case -1:
+        case 0:
+        case 1:
+                zero=1;
+                break;
+        case 2:
+                bn_sub_words(t,      a,      &(a[n]),n); /* + */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+                neg=1;
+                break;
+        case 3:
+                zero=1;
+                break;
+        case 4:
+                bn_sub_words(t,      a,      &(a[n]),n);
+                bn_sub_words(&(t[n]),&(b[n]),b,      n);
+                break;
+                }
+
+# ifdef BN_MUL_COMBA
+        if (n == 4)
+                {
+                if (!zero)
+                        bn_mul_comba4(&(t[n2]),t,&(t[n]));
+                else
+                        memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+                
+                bn_mul_comba4(r,a,b);
+                bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
+                }
+        else if (n == 8)
+                {
+                if (!zero)
+                        bn_mul_comba8(&(t[n2]),t,&(t[n]));
+                else
+                        memset(&(t[n2]),0,16*sizeof(BN_ULONG));
+                
+                bn_mul_comba8(r,a,b);
+                bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
+                }
+        else
+# endif /* BN_MUL_COMBA */
+                {
+                p= &(t[n2*2]);
+                if (!zero)
+                        bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+                else
+                        memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+                bn_mul_recursive(r,a,b,n,p);
+                bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
+                }
+
+        /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+         * r[10] holds (a[0]*b[0])
+         * r[32] holds (b[1]*b[1])
+         */
+
+        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+        if (neg) /* if t[32] is negative */
+                {
+                c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+                }
+        else
+                {
+                /* Might have a carry */
+                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
+                }
+
+        /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+         * r[10] holds (a[0]*b[0])
+         * r[32] holds (b[1]*b[1])
+         * c1 holds the carry bits
+         */
+        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+        if (c1)
+                {
+                p= &(r[n+n2]);
+                lo= *p;
+                ln=(lo+c1)&BN_MASK2;
+                *p=ln;
+
+                /* The overflow will stop before we over write
+                 * words we should not overwrite */
+                if (ln < (BN_ULONG)c1)
+                        {
+                        do      {
+                                p++;
+                                lo= *p;
+                                ln=(lo+1)&BN_MASK2;
+                                *p=ln;
+                                } while (ln == 0);
+                        }
+                }
+        }
+
+/* n+tn is the word length
+ * t needs to be n*4 is size, as does r */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+             int n, BN_ULONG *t)
+        {
+        int i,j,n2=n*2;
+        int c1,c2,neg,zero;
+        BN_ULONG ln,lo,*p;
+
+# ifdef BN_COUNT
+        printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
+# endif
+        if (n < 8)
+                {
+                i=tn+n;
+                bn_mul_normal(r,a,i,b,i);
+                return;
+                }
+
+        /* r=(a[0]-a[1])*(b[1]-b[0]) */
+        c1=bn_cmp_words(a,&(a[n]),n);
+        c2=bn_cmp_words(&(b[n]),b,n);
+        zero=neg=0;
+        switch (c1*3+c2)
+                {
+        case -4:
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+                break;
+        case -3:
+                zero=1;
+                /* break; */
+        case -2:
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
+                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+                neg=1;
+                break;
+        case -1:
+        case 0:
+        case 1:
+                zero=1;
+                /* break; */
+        case 2:
+                bn_sub_words(t,      a,      &(a[n]),n); /* + */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+                neg=1;
+                break;
+        case 3:
+                zero=1;
+                /* break; */
+        case 4:
+                bn_sub_words(t,      a,      &(a[n]),n);
+                bn_sub_words(&(t[n]),&(b[n]),b,      n);
+                break;
+                }
+                /* The zero case isn't yet implemented here. The speedup
+                   would probably be negligible. */
+# if 0
+        if (n == 4)
+                {
+                bn_mul_comba4(&(t[n2]),t,&(t[n]));
+                bn_mul_comba4(r,a,b);
+                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+                memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+                }
+        else
+# endif
+        if (n == 8)
+                {
+                bn_mul_comba8(&(t[n2]),t,&(t[n]));
+                bn_mul_comba8(r,a,b);
+                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+                memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+                }
+        else
+                {
+                p= &(t[n2*2]);
+                bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+                bn_mul_recursive(r,a,b,n,p);
+                i=n/2;
+                /* If there is only a bottom half to the number,
+                 * just do it */
+                j=tn-i;
+                if (j == 0)
+                        {
+                        bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
+                        memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
+                        }
+                else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
+                                {
+                                bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
+                                        j,i,p);
+                                memset(&(r[n2+tn*2]),0,
+                                        sizeof(BN_ULONG)*(n2-tn*2));
+                                }
+                else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+                        {
+                        memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
+                        if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
+                                {
+                                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+                                }
+                        else
+                                {
+                                for (;;)
+                                        {
+                                        i/=2;
+                                        if (i < tn)
+                                                {
+                                                bn_mul_part_recursive(&(r[n2]),
+                                                        &(a[n]),&(b[n]),
+                                                        tn-i,i,p);
+                                                break;
+                                                }
+                                        else if (i == tn)
+                                                {
+                                                bn_mul_recursive(&(r[n2]),
+                                                        &(a[n]),&(b[n]),
+                                                        i,p);
+                                                break;
+                                                }
+                                        }
+                                }
+                        }
+                }
+
+        /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+         * r[10] holds (a[0]*b[0])
+         * r[32] holds (b[1]*b[1])
+         */
+
+        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+        if (neg) /* if t[32] is negative */
+                {
+                c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+                }
+        else
+                {
+                /* Might have a carry */
+                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
+                }
+
+        /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+         * r[10] holds (a[0]*b[0])
+         * r[32] holds (b[1]*b[1])
+         * c1 holds the carry bits
+         */
+        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+        if (c1)
+                {
+                p= &(r[n+n2]);
+                lo= *p;
+                ln=(lo+c1)&BN_MASK2;
+                *p=ln;
+
+                /* The overflow will stop before we over write
+                 * words we should not overwrite */
+                if (ln < (BN_ULONG)c1)
+                        {
+                        do      {
+                                p++;
+                                lo= *p;
+                                ln=(lo+1)&BN_MASK2;
+                                *p=ln;
+                                } while (ln == 0);
+                        }
+                }
+        }
+
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+             BN_ULONG *t)
+        {
+        int n=n2/2;
+
+# ifdef BN_COUNT
+        printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
+# endif
+
+        bn_mul_recursive(r,a,b,n,&(t[0]));
+        if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
+                {
+                bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
+                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+                bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
+                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+                }
+        else
+                {
+                bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
+                bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
+                bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+                bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
+                }
+        }
+
+/* a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ * l is the low words of the output.
+ * t needs to be n2*3
+ */
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+             BN_ULONG *t)
+        {
+        int i,n;
+        int c1,c2;
+        int neg,oneg,zero;
+        BN_ULONG ll,lc,*lp,*mp;
+
+# ifdef BN_COUNT
+        printf(" bn_mul_high %d * %d\n",n2,n2);
+# endif
+        n=n2/2;
+
+        /* Calculate (al-ah)*(bh-bl) */
+        neg=zero=0;
+        c1=bn_cmp_words(&(a[0]),&(a[n]),n);
+        c2=bn_cmp_words(&(b[n]),&(b[0]),n);
+        switch (c1*3+c2)
+                {
+        case -4:
+                bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+                bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+                break;
+        case -3:
+                zero=1;
+                break;
+        case -2:
+                bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+                bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+                neg=1;
+                break;
+        case -1:
+        case 0:
+        case 1:
+                zero=1;
+                break;
+        case 2:
+                bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+                bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+                neg=1;
+                break;
+        case 3:
+                zero=1;
+                break;
+        case 4:
+                bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+                bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+                break;
+                }
+                
+        oneg=neg;
+        /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+        /* r[10] = (a[1]*b[1]) */
+# ifdef BN_MUL_COMBA
+        if (n == 8)
+                {
+                bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
+                bn_mul_comba8(r,&(a[n]),&(b[n]));
+                }
+        else
+# endif
+                {
+                bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
+                bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
+                }
+
+        /* s0 == low(al*bl)
+         * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+         * We know s0 and s1 so the only unknown is high(al*bl)
+         * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+         * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+         */
+        if (l != NULL)
+                {
+                lp= &(t[n2+n]);
+                c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
+                }
+        else
+                {
+                c1=0;
+                lp= &(r[0]);
+                }
+
+        if (neg)
+                neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
+        else
+                {
+                bn_add_words(&(t[n2]),lp,&(t[0]),n);
+                neg=0;
+                }
+
+        if (l != NULL)
+                {
+                bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
+                }
+        else
+                {
+                lp= &(t[n2+n]);
+                mp= &(t[n2]);
+                for (i=0; i<n; i++)
+                        lp[i]=((~mp[i])+1)&BN_MASK2;
+                }
+
+        /* s[0] = low(al*bl)
+         * t[3] = high(al*bl)
+         * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+         * r[10] = (a[1]*b[1])
+         */
+        /* R[10] = al*bl
+         * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+         * R[32] = ah*bh
+         */
+        /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+         * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+         * R[3]=r[1]+(carry/borrow)
+         */
+        if (l != NULL)
+                {
+                lp= &(t[n2]);
+                c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
+                }
+        else
+                {
+                lp= &(t[n2+n]);
+                c1=0;
+                }
+        c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));
+        if (oneg)
+                c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+        else
+                c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
+
+        c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
+        c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
+        if (oneg)
+                c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
+        else
+                c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
+        
+        if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
+                {
+                i=0;
+                if (c1 > 0)
+                        {
+                        lc=c1;
+                        do      {
+                                ll=(r[i]+lc)&BN_MASK2;
+                                r[i++]=ll;
+                                lc=(lc > ll);
+                                } while (lc);
+                        }
+                else
+                        {
+                        lc= -c1;
+                        do      {
+                                ll=r[i];
+                                r[i++]=(ll-lc)&BN_MASK2;
+                                lc=(lc > ll);
+                                } while (lc);
+                        }
+                }
+        if (c2 != 0) /* Add starting at r[1] */
+                {
+                i=n;
+                if (c2 > 0)
+                        {
+                        lc=c2;
+                        do      {
+                                ll=(r[i]+lc)&BN_MASK2;
+                                r[i++]=ll;
+                                lc=(lc > ll);
+                                } while (lc);
+                        }
+                else
+                        {
+                        lc= -c2;
+                        do      {
+                                ll=r[i];
+                                r[i++]=(ll-lc)&BN_MASK2;
+                                lc=(lc > ll);
+                                } while (lc);
+                        }
+                }
+        }
+#endif /* BN_RECURSION */
+
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        int top,al,bl;
+        BIGNUM *rr;
+        int ret = 0;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+        int i;
+#endif
+#ifdef BN_RECURSION
+        BIGNUM *t;
+        int j,k;
+#endif
+
+#ifdef BN_COUNT
+        printf("BN_mul %d * %d\n",a->top,b->top);
+#endif
+
+        bn_check_top(a);
+        bn_check_top(b);
+        bn_check_top(r);
+
+        al=a->top;
+        bl=b->top;
+
+        if ((al == 0) || (bl == 0))
+                {
+                if (!BN_zero(r)) goto err;
+                return(1);
+                }
+        top=al+bl;
+
+        BN_CTX_start(ctx);
+        if ((r == a) || (r == b))
+                {
+                if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
+                }
+        else
+                rr = r;
+        rr->neg=a->neg^b->neg;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+        i = al-bl;
+#endif
+#ifdef BN_MUL_COMBA
+        if (i == 0)
+                {
+# if 0
+                if (al == 4)
+                        {
+                        if (bn_wexpand(rr,8) == NULL) goto err;
+                        rr->top=8;
+                        bn_mul_comba4(rr->d,a->d,b->d);
+                        goto end;
+                        }
+# endif
+                if (al == 8)
+                        {
+                        if (bn_wexpand(rr,16) == NULL) goto err;
+                        rr->top=16;
+                        bn_mul_comba8(rr->d,a->d,b->d);
+                        goto end;
+                        }
+                }
+#endif /* BN_MUL_COMBA */
+#ifdef BN_RECURSION
+        if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
+                {
+                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax)
+                        {
+#if 0   /* tribute to const-ification, bl<b->dmax above covers for this */
+                        if (bn_wexpand(b,al) == NULL) goto err;
+#endif
+                        b->d[bl]=0;
+                        bl++;
+                        i--;
+                        }
+                else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax)
+                        {
+#if 0   /* tribute to const-ification, al<a->dmax above covers for this */
+                        if (bn_wexpand(a,bl) == NULL) goto err;
+#endif
+                        a->d[al]=0;
+                        al++;
+                        i++;
+                        }
+                if (i == 0)
+                        {
+                        /* symmetric and > 4 */
+                        /* 16 or larger */
+                        j=BN_num_bits_word((BN_ULONG)al);
+                        j=1<<(j-1);
+                        k=j+j;
+                        t = BN_CTX_get(ctx);
+                        if (al == j) /* exact multiple */
+                                {
+                                if (bn_wexpand(t,k*2) == NULL) goto err;
+                                if (bn_wexpand(rr,k*2) == NULL) goto err;
+                                bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+                                rr->top=top;
+                                goto end;
+                                }
+#if 0   /* tribute to const-ification, rsa/dsa performance is not affected */
+                        else
+                                {
+                                if (bn_wexpand(a,k) == NULL ) goto err;
+                                if (bn_wexpand(b,k) == NULL ) goto err;
+                                if (bn_wexpand(t,k*4) == NULL ) goto err;
+                                if (bn_wexpand(rr,k*4) == NULL ) goto err;
+                                for (i=a->top; i<k; i++)
+                                        a->d[i]=0;
+                                for (i=b->top; i<k; i++)
+                                        b->d[i]=0;
+                                bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
+                                }
+                        rr->top=top;
+                        goto end;
+#endif
+                        }
+                }
+#endif /* BN_RECURSION */
+        if (bn_wexpand(rr,top) == NULL) goto err;
+        rr->top=top;
+        bn_mul_normal(rr->d,a->d,al,b->d,bl);
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+end:
+#endif
+        bn_fix_top(rr);
+        if (r != rr) BN_copy(r,rr);
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+        {
+        BN_ULONG *rr;
+
+#ifdef BN_COUNT
+        printf(" bn_mul_normal %d * %d\n",na,nb);
+#endif
+
+        if (na < nb)
+                {
+                int itmp;
+                BN_ULONG *ltmp;
+
+                itmp=na; na=nb; nb=itmp;
+                ltmp=a;   a=b;   b=ltmp;
+
+                }
+        rr= &(r[na]);
+        rr[0]=bn_mul_words(r,a,na,b[0]);
+
+        for (;;)
+                {
+                if (--nb <= 0) return;
+                rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
+                if (--nb <= 0) return;
+                rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
+                if (--nb <= 0) return;
+                rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
+                if (--nb <= 0) return;
+                rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
+                rr+=4;
+                r+=4;
+                b+=4;
+                }
+        }
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+        {
+#ifdef BN_COUNT
+        printf(" bn_mul_low_normal %d * %d\n",n,n);
+#endif
+        bn_mul_words(r,a,n,b[0]);
+
+        for (;;)
+                {
+                if (--n <= 0) return;
+                bn_mul_add_words(&(r[1]),a,n,b[1]);
+                if (--n <= 0) return;
+                bn_mul_add_words(&(r[2]),a,n,b[2]);
+                if (--n <= 0) return;
+                bn_mul_add_words(&(r[3]),a,n,b[3]);
+                if (--n <= 0) return;
+                bn_mul_add_words(&(r[4]),a,n,b[4]);
+                r+=4;
+                b+=4;
+                }
+        }
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
new file mode 100644
index 0000000000..f422172f16
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -0,0 +1,468 @@
+/* crypto/bn/bn_prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+/* The quick sieve algorithm approach to weeding out primes is
+ * Philip Zimmermann's, as implemented in PGP.  I have had a read of
+ * his comments and implemented my own version.
+ */
+#include "bn_prime.h"
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+        const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+        const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
+        const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+        const BIGNUM *add, const BIGNUM *rem,
+        void (*callback)(int,int,void *), void *cb_arg)
+        {
+        BIGNUM *rnd=NULL;
+        BIGNUM t;
+        int found=0;
+        int i,j,c1=0;
+        BN_CTX *ctx;
+        int checks = BN_prime_checks_for_size(bits);
+
+        BN_init(&t);
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        if (ret == NULL)
+                {
+                if ((rnd=BN_new()) == NULL) goto err;
+                }
+        else
+                rnd=ret;
+loop: 
+        /* make a random number and set the top and bottom bits */
+        if (add == NULL)
+                {
+                if (!probable_prime(rnd,bits)) goto err;
+                }
+        else
+                {
+                if (safe)
+                        {
+                        if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
+                                 goto err;
+                        }
+                else
+                        {
+                        if (!probable_prime_dh(rnd,bits,add,rem,ctx))
+                                goto err;
+                        }
+                }
+        /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
+        if (callback != NULL) callback(0,c1++,cb_arg);
+
+        if (!safe)
+                {
+                i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
+                if (i == -1) goto err;
+                if (i == 0) goto loop;
+                }
+        else
+                {
+                /* for "safe prime" generation,
+                 * check that (p-1)/2 is prime.
+                 * Since a prime is odd, We just
+                 * need to divide by 2 */
+                if (!BN_rshift1(&t,rnd)) goto err;
+
+                for (i=0; i<checks; i++)
+                        {
+                        j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
+                        if (j == -1) goto err;
+                        if (j == 0) goto loop;
+
+                        j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
+                        if (j == -1) goto err;
+                        if (j == 0) goto loop;
+
+                        if (callback != NULL) callback(2,c1-1,cb_arg);
+                        /* We have a safe prime test pass */
+                        }
+                }
+        /* we have a prime :-) */
+        found = 1;
+err:
+        if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
+        BN_free(&t);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(found ? rnd : NULL);
+        }
+
+int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
+        BN_CTX *ctx_passed, void *cb_arg)
+        {
+        return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
+        }
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+                void (*callback)(int,int,void *),
+                BN_CTX *ctx_passed, void *cb_arg,
+                int do_trial_division)
+        {
+        int i, j, ret = -1;
+        int k;
+        BN_CTX *ctx = NULL;
+        BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+        BN_MONT_CTX *mont = NULL;
+        const BIGNUM *A = NULL;
+
+        if (BN_cmp(a, BN_value_one()) <= 0)
+                return 0;
+        
+        if (checks == BN_prime_checks)
+                checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+        /* first look for small factors */
+        if (!BN_is_odd(a))
+                /* a is even => a is prime if and only if a == 2 */
+                return BN_is_word(a, 2);
+
+        if (do_trial_division)
+                {
+                for (i = 1; i < NUMPRIMES; i++)
+                        if (BN_mod_word(a, primes[i]) == 0) 
+                                return 0;
+                if (callback != NULL) callback(1, -1, cb_arg);
+                }
+
+        if (ctx_passed != NULL)
+                ctx = ctx_passed;
+        else
+                if ((ctx=BN_CTX_new()) == NULL)
+                        goto err;
+        BN_CTX_start(ctx);
+
+        /* A := abs(a) */
+        if (a->neg)
+                {
+                BIGNUM *t;
+                if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+                BN_copy(t, a);
+                t->neg = 0;
+                A = t;
+                }
+        else
+                A = a;
+        A1 = BN_CTX_get(ctx);
+        A1_odd = BN_CTX_get(ctx);
+        check = BN_CTX_get(ctx);
+        if (check == NULL) goto err;
+
+        /* compute A1 := A - 1 */
+        if (!BN_copy(A1, A))
+                goto err;
+        if (!BN_sub_word(A1, 1))
+                goto err;
+        if (BN_is_zero(A1))
+                {
+                ret = 0;
+                goto err;
+                }
+
+        /* write  A1  as  A1_odd * 2^k */
+        k = 1;
+        while (!BN_is_bit_set(A1, k))
+                k++;
+        if (!BN_rshift(A1_odd, A1, k))
+                goto err;
+
+        /* Montgomery setup for computations mod A */
+        mont = BN_MONT_CTX_new();
+        if (mont == NULL)
+                goto err;
+        if (!BN_MONT_CTX_set(mont, A, ctx))
+                goto err;
+        
+        for (i = 0; i < checks; i++)
+                {
+                if (!BN_pseudo_rand_range(check, A1))
+                        goto err;
+                if (!BN_add_word(check, 1))
+                        goto err;
+                /* now 1 <= check < A */
+
+                j = witness(check, A, A1, A1_odd, k, ctx, mont);
+                if (j == -1) goto err;
+                if (j)
+                        {
+                        ret=0;
+                        goto err;
+                        }
+                if (callback != NULL) callback(1,i,cb_arg);
+                }
+        ret=1;
+err:
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                if (ctx_passed == NULL)
+                        BN_CTX_free(ctx);
+                }
+        if (mont != NULL)
+                BN_MONT_CTX_free(mont);
+
+        return(ret);
+        }
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+        const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
+        {
+        if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+                return -1;
+        if (BN_is_one(w))
+                return 0; /* probably prime */
+        if (BN_cmp(w, a1) == 0)
+                return 0; /* w == -1 (mod a),  'a' is probably prime */
+        while (--k)
+                {
+                if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+                        return -1;
+                if (BN_is_one(w))
+                        return 1; /* 'a' is composite, otherwise a previous 'w' would
+                                   * have been == -1 (mod 'a') */
+                if (BN_cmp(w, a1) == 0)
+                        return 0; /* w == -1 (mod a), 'a' is probably prime */
+                }
+        /* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
+         * and it is neither -1 nor +1 -- so 'a' cannot be prime */
+        return 1;
+        }
+
+static int probable_prime(BIGNUM *rnd, int bits)
+        {
+        int i;
+        BN_ULONG mods[NUMPRIMES];
+        BN_ULONG delta,d;
+
+again:
+        if (!BN_rand(rnd,bits,1,1)) return(0);
+        /* we now have a random number 'rand' to test. */
+        for (i=1; i<NUMPRIMES; i++)
+                mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
+        delta=0;
+        loop: for (i=1; i<NUMPRIMES; i++)
+                {
+                /* check that rnd is not a prime and also
+                 * that gcd(rnd-1,primes) == 1 (except for 2) */
+                if (((mods[i]+delta)%primes[i]) <= 1)
+                        {
+                        d=delta;
+                        delta+=2;
+                        /* perhaps need to check for overflow of
+                         * delta (but delta can be up to 2^32)
+                         * 21-May-98 eay - added overflow check */
+                        if (delta < d) goto again;
+                        goto loop;
+                        }
+                }
+        if (!BN_add_word(rnd,delta)) return(0);
+        return(1);
+        }
+
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+        const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
+        {
+        int i,ret=0;
+        BIGNUM *t1;
+
+        BN_CTX_start(ctx);
+        if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
+
+        if (!BN_rand(rnd,bits,0,1)) goto err;
+
+        /* we need ((rnd-rem) % add) == 0 */
+
+        if (!BN_mod(t1,rnd,add,ctx)) goto err;
+        if (!BN_sub(rnd,rnd,t1)) goto err;
+        if (rem == NULL)
+                { if (!BN_add_word(rnd,1)) goto err; }
+        else
+                { if (!BN_add(rnd,rnd,rem)) goto err; }
+
+        /* we now have a random number 'rand' to test. */
+
+        loop: for (i=1; i<NUMPRIMES; i++)
+                {
+                /* check that rnd is a prime */
+                if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
+                        {
+                        if (!BN_add(rnd,rnd,add)) goto err;
+                        goto loop;
+                        }
+                }
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+        const BIGNUM *rem, BN_CTX *ctx)
+        {
+        int i,ret=0;
+        BIGNUM *t1,*qadd,*q;
+
+        bits--;
+        BN_CTX_start(ctx);
+        t1 = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx);
+        qadd = BN_CTX_get(ctx);
+        if (qadd == NULL) goto err;
+
+        if (!BN_rshift1(qadd,padd)) goto err;
+                
+        if (!BN_rand(q,bits,0,1)) goto err;
+
+        /* we need ((rnd-rem) % add) == 0 */
+        if (!BN_mod(t1,q,qadd,ctx)) goto err;
+        if (!BN_sub(q,q,t1)) goto err;
+        if (rem == NULL)
+                { if (!BN_add_word(q,1)) goto err; }
+        else
+                {
+                if (!BN_rshift1(t1,rem)) goto err;
+                if (!BN_add(q,q,t1)) goto err;
+                }
+
+        /* we now have a random number 'rand' to test. */
+        if (!BN_lshift1(p,q)) goto err;
+        if (!BN_add_word(p,1)) goto err;
+
+        loop: for (i=1; i<NUMPRIMES; i++)
+                {
+                /* check that p and q are prime */
+                /* check that for p and q
+                 * gcd(p-1,primes) == 1 (except for 2) */
+                if (    (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
+                        (BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
+                        {
+                        if (!BN_add(p,p,padd)) goto err;
+                        if (!BN_add(q,q,qadd)) goto err;
+                        goto loop;
+                        }
+                }
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/bn/bn_prime.h b/src/lib/libcrypto/bn/bn_prime.h
new file mode 100644
index 0000000000..b7cf9a9bfe
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_prime.h
@@ -0,0 +1,325 @@
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef EIGHT_BIT
+#define NUMPRIMES 2048
+#else
+#define NUMPRIMES 54
+#endif
+static const unsigned int primes[NUMPRIMES]=
+        {
+           2,   3,   5,   7,  11,  13,  17,  19,
+          23,  29,  31,  37,  41,  43,  47,  53,
+          59,  61,  67,  71,  73,  79,  83,  89,
+          97, 101, 103, 107, 109, 113, 127, 131,
+         137, 139, 149, 151, 157, 163, 167, 173,
+         179, 181, 191, 193, 197, 199, 211, 223,
+         227, 229, 233, 239, 241, 251,
+#ifndef EIGHT_BIT
+         257, 263,
+         269, 271, 277, 281, 283, 293, 307, 311,
+         313, 317, 331, 337, 347, 349, 353, 359,
+         367, 373, 379, 383, 389, 397, 401, 409,
+         419, 421, 431, 433, 439, 443, 449, 457,
+         461, 463, 467, 479, 487, 491, 499, 503,
+         509, 521, 523, 541, 547, 557, 563, 569,
+         571, 577, 587, 593, 599, 601, 607, 613,
+         617, 619, 631, 641, 643, 647, 653, 659,
+         661, 673, 677, 683, 691, 701, 709, 719,
+         727, 733, 739, 743, 751, 757, 761, 769,
+         773, 787, 797, 809, 811, 821, 823, 827,
+         829, 839, 853, 857, 859, 863, 877, 881,
+         883, 887, 907, 911, 919, 929, 937, 941,
+         947, 953, 967, 971, 977, 983, 991, 997,
+        1009,1013,1019,1021,1031,1033,1039,1049,
+        1051,1061,1063,1069,1087,1091,1093,1097,
+        1103,1109,1117,1123,1129,1151,1153,1163,
+        1171,1181,1187,1193,1201,1213,1217,1223,
+        1229,1231,1237,1249,1259,1277,1279,1283,
+        1289,1291,1297,1301,1303,1307,1319,1321,
+        1327,1361,1367,1373,1381,1399,1409,1423,
+        1427,1429,1433,1439,1447,1451,1453,1459,
+        1471,1481,1483,1487,1489,1493,1499,1511,
+        1523,1531,1543,1549,1553,1559,1567,1571,
+        1579,1583,1597,1601,1607,1609,1613,1619,
+        1621,1627,1637,1657,1663,1667,1669,1693,
+        1697,1699,1709,1721,1723,1733,1741,1747,
+        1753,1759,1777,1783,1787,1789,1801,1811,
+        1823,1831,1847,1861,1867,1871,1873,1877,
+        1879,1889,1901,1907,1913,1931,1933,1949,
+        1951,1973,1979,1987,1993,1997,1999,2003,
+        2011,2017,2027,2029,2039,2053,2063,2069,
+        2081,2083,2087,2089,2099,2111,2113,2129,
+        2131,2137,2141,2143,2153,2161,2179,2203,
+        2207,2213,2221,2237,2239,2243,2251,2267,
+        2269,2273,2281,2287,2293,2297,2309,2311,
+        2333,2339,2341,2347,2351,2357,2371,2377,
+        2381,2383,2389,2393,2399,2411,2417,2423,
+        2437,2441,2447,2459,2467,2473,2477,2503,
+        2521,2531,2539,2543,2549,2551,2557,2579,
+        2591,2593,2609,2617,2621,2633,2647,2657,
+        2659,2663,2671,2677,2683,2687,2689,2693,
+        2699,2707,2711,2713,2719,2729,2731,2741,
+        2749,2753,2767,2777,2789,2791,2797,2801,
+        2803,2819,2833,2837,2843,2851,2857,2861,
+        2879,2887,2897,2903,2909,2917,2927,2939,
+        2953,2957,2963,2969,2971,2999,3001,3011,
+        3019,3023,3037,3041,3049,3061,3067,3079,
+        3083,3089,3109,3119,3121,3137,3163,3167,
+        3169,3181,3187,3191,3203,3209,3217,3221,
+        3229,3251,3253,3257,3259,3271,3299,3301,
+        3307,3313,3319,3323,3329,3331,3343,3347,
+        3359,3361,3371,3373,3389,3391,3407,3413,
+        3433,3449,3457,3461,3463,3467,3469,3491,
+        3499,3511,3517,3527,3529,3533,3539,3541,
+        3547,3557,3559,3571,3581,3583,3593,3607,
+        3613,3617,3623,3631,3637,3643,3659,3671,
+        3673,3677,3691,3697,3701,3709,3719,3727,
+        3733,3739,3761,3767,3769,3779,3793,3797,
+        3803,3821,3823,3833,3847,3851,3853,3863,
+        3877,3881,3889,3907,3911,3917,3919,3923,
+        3929,3931,3943,3947,3967,3989,4001,4003,
+        4007,4013,4019,4021,4027,4049,4051,4057,
+        4073,4079,4091,4093,4099,4111,4127,4129,
+        4133,4139,4153,4157,4159,4177,4201,4211,
+        4217,4219,4229,4231,4241,4243,4253,4259,
+        4261,4271,4273,4283,4289,4297,4327,4337,
+        4339,4349,4357,4363,4373,4391,4397,4409,
+        4421,4423,4441,4447,4451,4457,4463,4481,
+        4483,4493,4507,4513,4517,4519,4523,4547,
+        4549,4561,4567,4583,4591,4597,4603,4621,
+        4637,4639,4643,4649,4651,4657,4663,4673,
+        4679,4691,4703,4721,4723,4729,4733,4751,
+        4759,4783,4787,4789,4793,4799,4801,4813,
+        4817,4831,4861,4871,4877,4889,4903,4909,
+        4919,4931,4933,4937,4943,4951,4957,4967,
+        4969,4973,4987,4993,4999,5003,5009,5011,
+        5021,5023,5039,5051,5059,5077,5081,5087,
+        5099,5101,5107,5113,5119,5147,5153,5167,
+        5171,5179,5189,5197,5209,5227,5231,5233,
+        5237,5261,5273,5279,5281,5297,5303,5309,
+        5323,5333,5347,5351,5381,5387,5393,5399,
+        5407,5413,5417,5419,5431,5437,5441,5443,
+        5449,5471,5477,5479,5483,5501,5503,5507,
+        5519,5521,5527,5531,5557,5563,5569,5573,
+        5581,5591,5623,5639,5641,5647,5651,5653,
+        5657,5659,5669,5683,5689,5693,5701,5711,
+        5717,5737,5741,5743,5749,5779,5783,5791,
+        5801,5807,5813,5821,5827,5839,5843,5849,
+        5851,5857,5861,5867,5869,5879,5881,5897,
+        5903,5923,5927,5939,5953,5981,5987,6007,
+        6011,6029,6037,6043,6047,6053,6067,6073,
+        6079,6089,6091,6101,6113,6121,6131,6133,
+        6143,6151,6163,6173,6197,6199,6203,6211,
+        6217,6221,6229,6247,6257,6263,6269,6271,
+        6277,6287,6299,6301,6311,6317,6323,6329,
+        6337,6343,6353,6359,6361,6367,6373,6379,
+        6389,6397,6421,6427,6449,6451,6469,6473,
+        6481,6491,6521,6529,6547,6551,6553,6563,
+        6569,6571,6577,6581,6599,6607,6619,6637,
+        6653,6659,6661,6673,6679,6689,6691,6701,
+        6703,6709,6719,6733,6737,6761,6763,6779,
+        6781,6791,6793,6803,6823,6827,6829,6833,
+        6841,6857,6863,6869,6871,6883,6899,6907,
+        6911,6917,6947,6949,6959,6961,6967,6971,
+        6977,6983,6991,6997,7001,7013,7019,7027,
+        7039,7043,7057,7069,7079,7103,7109,7121,
+        7127,7129,7151,7159,7177,7187,7193,7207,
+        7211,7213,7219,7229,7237,7243,7247,7253,
+        7283,7297,7307,7309,7321,7331,7333,7349,
+        7351,7369,7393,7411,7417,7433,7451,7457,
+        7459,7477,7481,7487,7489,7499,7507,7517,
+        7523,7529,7537,7541,7547,7549,7559,7561,
+        7573,7577,7583,7589,7591,7603,7607,7621,
+        7639,7643,7649,7669,7673,7681,7687,7691,
+        7699,7703,7717,7723,7727,7741,7753,7757,
+        7759,7789,7793,7817,7823,7829,7841,7853,
+        7867,7873,7877,7879,7883,7901,7907,7919,
+        7927,7933,7937,7949,7951,7963,7993,8009,
+        8011,8017,8039,8053,8059,8069,8081,8087,
+        8089,8093,8101,8111,8117,8123,8147,8161,
+        8167,8171,8179,8191,8209,8219,8221,8231,
+        8233,8237,8243,8263,8269,8273,8287,8291,
+        8293,8297,8311,8317,8329,8353,8363,8369,
+        8377,8387,8389,8419,8423,8429,8431,8443,
+        8447,8461,8467,8501,8513,8521,8527,8537,
+        8539,8543,8563,8573,8581,8597,8599,8609,
+        8623,8627,8629,8641,8647,8663,8669,8677,
+        8681,8689,8693,8699,8707,8713,8719,8731,
+        8737,8741,8747,8753,8761,8779,8783,8803,
+        8807,8819,8821,8831,8837,8839,8849,8861,
+        8863,8867,8887,8893,8923,8929,8933,8941,
+        8951,8963,8969,8971,8999,9001,9007,9011,
+        9013,9029,9041,9043,9049,9059,9067,9091,
+        9103,9109,9127,9133,9137,9151,9157,9161,
+        9173,9181,9187,9199,9203,9209,9221,9227,
+        9239,9241,9257,9277,9281,9283,9293,9311,
+        9319,9323,9337,9341,9343,9349,9371,9377,
+        9391,9397,9403,9413,9419,9421,9431,9433,
+        9437,9439,9461,9463,9467,9473,9479,9491,
+        9497,9511,9521,9533,9539,9547,9551,9587,
+        9601,9613,9619,9623,9629,9631,9643,9649,
+        9661,9677,9679,9689,9697,9719,9721,9733,
+        9739,9743,9749,9767,9769,9781,9787,9791,
+        9803,9811,9817,9829,9833,9839,9851,9857,
+        9859,9871,9883,9887,9901,9907,9923,9929,
+        9931,9941,9949,9967,9973,10007,10009,10037,
+        10039,10061,10067,10069,10079,10091,10093,10099,
+        10103,10111,10133,10139,10141,10151,10159,10163,
+        10169,10177,10181,10193,10211,10223,10243,10247,
+        10253,10259,10267,10271,10273,10289,10301,10303,
+        10313,10321,10331,10333,10337,10343,10357,10369,
+        10391,10399,10427,10429,10433,10453,10457,10459,
+        10463,10477,10487,10499,10501,10513,10529,10531,
+        10559,10567,10589,10597,10601,10607,10613,10627,
+        10631,10639,10651,10657,10663,10667,10687,10691,
+        10709,10711,10723,10729,10733,10739,10753,10771,
+        10781,10789,10799,10831,10837,10847,10853,10859,
+        10861,10867,10883,10889,10891,10903,10909,10937,
+        10939,10949,10957,10973,10979,10987,10993,11003,
+        11027,11047,11057,11059,11069,11071,11083,11087,
+        11093,11113,11117,11119,11131,11149,11159,11161,
+        11171,11173,11177,11197,11213,11239,11243,11251,
+        11257,11261,11273,11279,11287,11299,11311,11317,
+        11321,11329,11351,11353,11369,11383,11393,11399,
+        11411,11423,11437,11443,11447,11467,11471,11483,
+        11489,11491,11497,11503,11519,11527,11549,11551,
+        11579,11587,11593,11597,11617,11621,11633,11657,
+        11677,11681,11689,11699,11701,11717,11719,11731,
+        11743,11777,11779,11783,11789,11801,11807,11813,
+        11821,11827,11831,11833,11839,11863,11867,11887,
+        11897,11903,11909,11923,11927,11933,11939,11941,
+        11953,11959,11969,11971,11981,11987,12007,12011,
+        12037,12041,12043,12049,12071,12073,12097,12101,
+        12107,12109,12113,12119,12143,12149,12157,12161,
+        12163,12197,12203,12211,12227,12239,12241,12251,
+        12253,12263,12269,12277,12281,12289,12301,12323,
+        12329,12343,12347,12373,12377,12379,12391,12401,
+        12409,12413,12421,12433,12437,12451,12457,12473,
+        12479,12487,12491,12497,12503,12511,12517,12527,
+        12539,12541,12547,12553,12569,12577,12583,12589,
+        12601,12611,12613,12619,12637,12641,12647,12653,
+        12659,12671,12689,12697,12703,12713,12721,12739,
+        12743,12757,12763,12781,12791,12799,12809,12821,
+        12823,12829,12841,12853,12889,12893,12899,12907,
+        12911,12917,12919,12923,12941,12953,12959,12967,
+        12973,12979,12983,13001,13003,13007,13009,13033,
+        13037,13043,13049,13063,13093,13099,13103,13109,
+        13121,13127,13147,13151,13159,13163,13171,13177,
+        13183,13187,13217,13219,13229,13241,13249,13259,
+        13267,13291,13297,13309,13313,13327,13331,13337,
+        13339,13367,13381,13397,13399,13411,13417,13421,
+        13441,13451,13457,13463,13469,13477,13487,13499,
+        13513,13523,13537,13553,13567,13577,13591,13597,
+        13613,13619,13627,13633,13649,13669,13679,13681,
+        13687,13691,13693,13697,13709,13711,13721,13723,
+        13729,13751,13757,13759,13763,13781,13789,13799,
+        13807,13829,13831,13841,13859,13873,13877,13879,
+        13883,13901,13903,13907,13913,13921,13931,13933,
+        13963,13967,13997,13999,14009,14011,14029,14033,
+        14051,14057,14071,14081,14083,14087,14107,14143,
+        14149,14153,14159,14173,14177,14197,14207,14221,
+        14243,14249,14251,14281,14293,14303,14321,14323,
+        14327,14341,14347,14369,14387,14389,14401,14407,
+        14411,14419,14423,14431,14437,14447,14449,14461,
+        14479,14489,14503,14519,14533,14537,14543,14549,
+        14551,14557,14561,14563,14591,14593,14621,14627,
+        14629,14633,14639,14653,14657,14669,14683,14699,
+        14713,14717,14723,14731,14737,14741,14747,14753,
+        14759,14767,14771,14779,14783,14797,14813,14821,
+        14827,14831,14843,14851,14867,14869,14879,14887,
+        14891,14897,14923,14929,14939,14947,14951,14957,
+        14969,14983,15013,15017,15031,15053,15061,15073,
+        15077,15083,15091,15101,15107,15121,15131,15137,
+        15139,15149,15161,15173,15187,15193,15199,15217,
+        15227,15233,15241,15259,15263,15269,15271,15277,
+        15287,15289,15299,15307,15313,15319,15329,15331,
+        15349,15359,15361,15373,15377,15383,15391,15401,
+        15413,15427,15439,15443,15451,15461,15467,15473,
+        15493,15497,15511,15527,15541,15551,15559,15569,
+        15581,15583,15601,15607,15619,15629,15641,15643,
+        15647,15649,15661,15667,15671,15679,15683,15727,
+        15731,15733,15737,15739,15749,15761,15767,15773,
+        15787,15791,15797,15803,15809,15817,15823,15859,
+        15877,15881,15887,15889,15901,15907,15913,15919,
+        15923,15937,15959,15971,15973,15991,16001,16007,
+        16033,16057,16061,16063,16067,16069,16073,16087,
+        16091,16097,16103,16111,16127,16139,16141,16183,
+        16187,16189,16193,16217,16223,16229,16231,16249,
+        16253,16267,16273,16301,16319,16333,16339,16349,
+        16361,16363,16369,16381,16411,16417,16421,16427,
+        16433,16447,16451,16453,16477,16481,16487,16493,
+        16519,16529,16547,16553,16561,16567,16573,16603,
+        16607,16619,16631,16633,16649,16651,16657,16661,
+        16673,16691,16693,16699,16703,16729,16741,16747,
+        16759,16763,16787,16811,16823,16829,16831,16843,
+        16871,16879,16883,16889,16901,16903,16921,16927,
+        16931,16937,16943,16963,16979,16981,16987,16993,
+        17011,17021,17027,17029,17033,17041,17047,17053,
+        17077,17093,17099,17107,17117,17123,17137,17159,
+        17167,17183,17189,17191,17203,17207,17209,17231,
+        17239,17257,17291,17293,17299,17317,17321,17327,
+        17333,17341,17351,17359,17377,17383,17387,17389,
+        17393,17401,17417,17419,17431,17443,17449,17467,
+        17471,17477,17483,17489,17491,17497,17509,17519,
+        17539,17551,17569,17573,17579,17581,17597,17599,
+        17609,17623,17627,17657,17659,17669,17681,17683,
+        17707,17713,17729,17737,17747,17749,17761,17783,
+        17789,17791,17807,17827,17837,17839,17851,17863,
+#endif
+        };
diff --git a/src/lib/libcrypto/bn/bn_prime.pl b/src/lib/libcrypto/bn/bn_prime.pl
new file mode 100644
index 0000000000..9fc3765486
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_prime.pl
@@ -0,0 +1,117 @@
+#!/usr/local/bin/perl
+# bn_prime.pl
+
+$num=2048;
+$num=$ARGV[0] if ($#ARGV >= 0);
+
+push(@primes,2);
+$p=1;
+loop: while ($#primes < $num-1)
+        {
+        $p+=2;
+        $s=int(sqrt($p));
+
+        for ($i=0; $primes[$i]<=$s; $i++)
+                {
+                next loop if (($p%$primes[$i]) == 0);
+                }
+        push(@primes,$p);
+        }
+
+# print <<"EOF";
+# /* Auto generated by bn_prime.pl */
+# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
+#  * All rights reserved.
+#  * Copyright remains Eric Young's, and as such any Copyright notices in
+#  * the code are not to be removed.
+#  * See the COPYRIGHT file in the SSLeay distribution for more details.
+#  */
+# 
+# EOF
+
+print <<\EOF;
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+EOF
+
+for ($i=0; $i <= $#primes; $i++)
+        {
+        if ($primes[$i] > 256)
+                {
+                $eight=$i;
+                last;
+                }
+        }
+
+printf "#ifndef EIGHT_BIT\n";
+printf "#define NUMPRIMES %d\n",$num;
+printf "#else\n";
+printf "#define NUMPRIMES %d\n",$eight;
+printf "#endif\n";
+print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t";
+$init=0;
+for ($i=0; $i <= $#primes; $i++)
+        {
+        printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);
+        printf("\n\t") if (($i%8) == 0) && ($i != 0);
+        printf("%4d,",$primes[$i]);
+        }
+print "\n#endif\n\t};\n";
+
+
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
new file mode 100644
index 0000000000..acba7ed7ee
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -0,0 +1,333 @@
+/* crypto/bn/bn_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include "bn_lcl.h"
+
+static const char *Hex="0123456789ABCDEF";
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+        {
+        int i,j,v,z=0;
+        char *buf;
+        char *p;
+
+        buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
+        if (buf == NULL)
+                {
+                BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=buf;
+        if (a->neg) *(p++)='-';
+        if (BN_is_zero(a)) *(p++)='0';
+        for (i=a->top-1; i >=0; i--)
+                {
+                for (j=BN_BITS2-8; j >= 0; j-=8)
+                        {
+                        /* strip leading zeros */
+                        v=((int)(a->d[i]>>(long)j))&0xff;
+                        if (z || (v != 0))
+                                {
+                                *(p++)=Hex[v>>4];
+                                *(p++)=Hex[v&0x0f];
+                                z=1;
+                                }
+                        }
+                }
+        *p='\0';
+err:
+        return(buf);
+        }
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+        {
+        int i=0,num;
+        char *buf=NULL;
+        char *p;
+        BIGNUM *t=NULL;
+        BN_ULONG *bn_data=NULL,*lp;
+
+        i=BN_num_bits(a)*3;
+        num=(i/10+i/1000+3)+1;
+        bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
+        buf=(char *)OPENSSL_malloc(num+3);
+        if ((buf == NULL) || (bn_data == NULL))
+                {
+                BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if ((t=BN_dup(a)) == NULL) goto err;
+
+#define BUF_REMAIN (num+3 - (size_t)(p - buf))
+        p=buf;
+        lp=bn_data;
+        if (t->neg) *(p++)='-';
+        if (BN_is_zero(t))
+                {
+                *(p++)='0';
+                *(p++)='\0';
+                }
+        else
+                {
+                i=0;
+                while (!BN_is_zero(t))
+                        {
+                        *lp=BN_div_word(t,BN_DEC_CONV);
+                        lp++;
+                        }
+                lp--;
+                /* We now have a series of blocks, BN_DEC_NUM chars
+                 * in length, where the last one needs truncation.
+                 * The blocks need to be reversed in order. */
+                BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
+                while (*p) p++;
+                while (lp != bn_data)
+                        {
+                        lp--;
+                        BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
+                        while (*p) p++;
+                        }
+                }
+err:
+        if (bn_data != NULL) OPENSSL_free(bn_data);
+        if (t != NULL) BN_free(t);
+        return(buf);
+        }
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+        {
+        BIGNUM *ret=NULL;
+        BN_ULONG l=0;
+        int neg=0,h,m,i,j,k,c;
+        int num;
+
+        if ((a == NULL) || (*a == '\0')) return(0);
+
+        if (*a == '-') { neg=1; a++; }
+
+        for (i=0; isxdigit((unsigned char) a[i]); i++)
+                ;
+
+        num=i+neg;
+        if (bn == NULL) return(num);
+
+        /* a is the start of the hex digits, and it is 'i' long */
+        if (*bn == NULL)
+                {
+                if ((ret=BN_new()) == NULL) return(0);
+                }
+        else
+                {
+                ret= *bn;
+                BN_zero(ret);
+                }
+
+        /* i is the number of hex digests; */
+        if (bn_expand(ret,i*4) == NULL) goto err;
+
+        j=i; /* least significant 'hex' */
+        m=0;
+        h=0;
+        while (j > 0)
+                {
+                m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
+                l=0;
+                for (;;)
+                        {
+                        c=a[j-m];
+                        if ((c >= '0') && (c <= '9')) k=c-'0';
+                        else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
+                        else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
+                        else k=0; /* paranoia */
+                        l=(l<<4)|k;
+
+                        if (--m <= 0)
+                                {
+                                ret->d[h++]=l;
+                                break;
+                                }
+                        }
+                j-=(BN_BYTES*2);
+                }
+        ret->top=h;
+        bn_fix_top(ret);
+        ret->neg=neg;
+
+        *bn=ret;
+        return(num);
+err:
+        if (*bn == NULL) BN_free(ret);
+        return(0);
+        }
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+        {
+        BIGNUM *ret=NULL;
+        BN_ULONG l=0;
+        int neg=0,i,j;
+        int num;
+
+        if ((a == NULL) || (*a == '\0')) return(0);
+        if (*a == '-') { neg=1; a++; }
+
+        for (i=0; isdigit((unsigned char) a[i]); i++)
+                ;
+
+        num=i+neg;
+        if (bn == NULL) return(num);
+
+        /* a is the start of the digits, and it is 'i' long.
+         * We chop it into BN_DEC_NUM digits at a time */
+        if (*bn == NULL)
+                {
+                if ((ret=BN_new()) == NULL) return(0);
+                }
+        else
+                {
+                ret= *bn;
+                BN_zero(ret);
+                }
+
+        /* i is the number of digests, a bit of an over expand; */
+        if (bn_expand(ret,i*4) == NULL) goto err;
+
+        j=BN_DEC_NUM-(i%BN_DEC_NUM);
+        if (j == BN_DEC_NUM) j=0;
+        l=0;
+        while (*a)
+                {
+                l*=10;
+                l+= *a-'0';
+                a++;
+                if (++j == BN_DEC_NUM)
+                        {
+                        BN_mul_word(ret,BN_DEC_CONV);
+                        BN_add_word(ret,l);
+                        l=0;
+                        j=0;
+                        }
+                }
+        ret->neg=neg;
+
+        bn_fix_top(ret);
+        *bn=ret;
+        return(num);
+err:
+        if (*bn == NULL) BN_free(ret);
+        return(0);
+        }
+
+#ifndef OPENSSL_NO_BIO
+#ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                return(0);
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=BN_print(b,a);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+        {
+        int i,j,v,z=0;
+        int ret=0;
+
+        if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
+        if ((BN_is_zero(a)) && (BIO_write(bp,"0",1) != 1)) goto end;
+        for (i=a->top-1; i >=0; i--)
+                {
+                for (j=BN_BITS2-4; j >= 0; j-=4)
+                        {
+                        /* strip leading zeros */
+                        v=((int)(a->d[i]>>(long)j))&0x0f;
+                        if (z || (v != 0))
+                                {
+                                if (BIO_write(bp,&(Hex[v]),1) != 1)
+                                        goto end;
+                                z=1;
+                                }
+                        }
+                }
+        ret=1;
+end:
+        return(ret);
+        }
+#endif
+
+#ifdef BN_DEBUG
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n)
+        {
+        int i;
+        fprintf(o, "%s=", a);
+        for (i=n-1;i>=0;i--)
+                fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */
+        fprintf(o, "\n");
+        }
+#endif
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
new file mode 100644
index 0000000000..893c9d2af9
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -0,0 +1,291 @@
+/* crypto/bn/bn_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+        {
+        unsigned char *buf=NULL;
+        int ret=0,bit,bytes,mask;
+        time_t tim;
+
+        if (bits == 0)
+                {
+                BN_zero(rnd);
+                return 1;
+                }
+
+        bytes=(bits+7)/8;
+        bit=(bits-1)%8;
+        mask=0xff<<(bit+1);
+
+        buf=(unsigned char *)OPENSSL_malloc(bytes);
+        if (buf == NULL)
+                {
+                BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        /* make a random number and set the top and bottom bits */
+        time(&tim);
+        RAND_add(&tim,sizeof(tim),0);
+
+        if (pseudorand)
+                {
+                if (RAND_pseudo_bytes(buf, bytes) == -1)
+                        goto err;
+                }
+        else
+                {
+                if (RAND_bytes(buf, bytes) <= 0)
+                        goto err;
+                }
+
+#if 1
+        if (pseudorand == 2)
+                {
+                /* generate patterns that are more likely to trigger BN
+                   library bugs */
+                int i;
+                unsigned char c;
+
+                for (i = 0; i < bytes; i++)
+                        {
+                        RAND_pseudo_bytes(&c, 1);
+                        if (c >= 128 && i > 0)
+                                buf[i] = buf[i-1];
+                        else if (c < 42)
+                                buf[i] = 0;
+                        else if (c < 84)
+                                buf[i] = 255;
+                        }
+                }
+#endif
+
+        if (top != -1)
+                {
+                if (top)
+                        {
+                        if (bit == 0)
+                                {
+                                buf[0]=1;
+                                buf[1]|=0x80;
+                                }
+                        else
+                                {
+                                buf[0]|=(3<<(bit-1));
+                                }
+                        }
+                else
+                        {
+                        buf[0]|=(1<<bit);
+                        }
+                }
+        buf[0] &= ~mask;
+        if (bottom) /* set bottom bit if requested */
+                buf[bytes-1]|=1;
+        if (!BN_bin2bn(buf,bytes,rnd)) goto err;
+        ret=1;
+err:
+        if (buf != NULL)
+                {
+                OPENSSL_cleanse(buf,bytes);
+                OPENSSL_free(buf);
+                }
+        return(ret);
+        }
+
+int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+        {
+        return bnrand(0, rnd, bits, top, bottom);
+        }
+
+int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+        {
+        return bnrand(1, rnd, bits, top, bottom);
+        }
+
+#if 1
+int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+        {
+        return bnrand(2, rnd, bits, top, bottom);
+        }
+#endif
+
+
+/* random number r:  0 <= r < range */
+static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
+        {
+        int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
+        int n;
+
+        if (range->neg || BN_is_zero(range))
+                {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+                return 0;
+                }
+
+        n = BN_num_bits(range); /* n > 0 */
+
+        /* BN_is_bit_set(range, n - 1) always holds */
+
+        if (n == 1)
+                {
+                if (!BN_zero(r)) return 0;
+                }
+        else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
+                {
+                /* range = 100..._2,
+                 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+                do
+                        {
+                        if (!bn_rand(r, n + 1, -1, 0)) return 0;
+                        /* If  r < 3*range,  use  r := r MOD range
+                         * (which is either  r, r - range,  or  r - 2*range).
+                         * Otherwise, iterate once more.
+                         * Since  3*range = 11..._2, each iteration succeeds with
+                         * probability >= .75. */
+                        if (BN_cmp(r ,range) >= 0)
+                                {
+                                if (!BN_sub(r, r, range)) return 0;
+                                if (BN_cmp(r, range) >= 0)
+                                        if (!BN_sub(r, r, range)) return 0;
+                                }
+                        }
+                while (BN_cmp(r, range) >= 0);
+                }
+        else
+                {
+                do
+                        {
+                        /* range = 11..._2  or  range = 101..._2 */
+                        if (!bn_rand(r, n, -1, 0)) return 0;
+                        }
+                while (BN_cmp(r, range) >= 0);
+                }
+
+        return 1;
+        }
+
+
+int     BN_rand_range(BIGNUM *r, BIGNUM *range)
+        {
+        return bn_rand_range(0, r, range);
+        }
+
+int     BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
+        {
+        return bn_rand_range(1, r, range);
+        }
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
new file mode 100644
index 0000000000..ef5fdd4708
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -0,0 +1,230 @@
+/* crypto/bn/bn_recp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+        {
+        BN_init(&(recp->N));
+        BN_init(&(recp->Nr));
+        recp->num_bits=0;
+        recp->flags=0;
+        }
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+        {
+        BN_RECP_CTX *ret;
+
+        if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
+                return(NULL);
+
+        BN_RECP_CTX_init(ret);
+        ret->flags=BN_FLG_MALLOCED;
+        return(ret);
+        }
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+        {
+        if(recp == NULL)
+            return;
+
+        BN_free(&(recp->N));
+        BN_free(&(recp->Nr));
+        if (recp->flags & BN_FLG_MALLOCED)
+                OPENSSL_free(recp);
+        }
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+        {
+        if (!BN_copy(&(recp->N),d)) return 0;
+        if (!BN_zero(&(recp->Nr))) return 0;
+        recp->num_bits=BN_num_bits(d);
+        recp->shift=0;
+        return(1);
+        }
+
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+        BN_RECP_CTX *recp, BN_CTX *ctx)
+        {
+        int ret=0;
+        BIGNUM *a;
+        const BIGNUM *ca;
+
+        BN_CTX_start(ctx);
+        if ((a = BN_CTX_get(ctx)) == NULL) goto err;
+        if (y != NULL)
+                {
+                if (x == y)
+                        { if (!BN_sqr(a,x,ctx)) goto err; }
+                else
+                        { if (!BN_mul(a,x,y,ctx)) goto err; }
+                ca = a;
+                }
+        else
+                ca=x; /* Just do the mod */
+
+        ret = BN_div_recp(NULL,r,ca,recp,ctx);
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+        BN_RECP_CTX *recp, BN_CTX *ctx)
+        {
+        int i,j,ret=0;
+        BIGNUM *a,*b,*d,*r;
+
+        BN_CTX_start(ctx);
+        a=BN_CTX_get(ctx);
+        b=BN_CTX_get(ctx);
+        if (dv != NULL)
+                d=dv;
+        else
+                d=BN_CTX_get(ctx);
+        if (rem != NULL)
+                r=rem;
+        else
+                r=BN_CTX_get(ctx);
+        if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
+
+        if (BN_ucmp(m,&(recp->N)) < 0)
+                {
+                if (!BN_zero(d)) return 0;
+                if (!BN_copy(r,m)) return 0;
+                BN_CTX_end(ctx);
+                return(1);
+                }
+
+        /* We want the remainder
+         * Given input of ABCDEF / ab
+         * we need multiply ABCDEF by 3 digests of the reciprocal of ab
+         *
+         */
+
+        /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+        i=BN_num_bits(m);
+        j=recp->num_bits<<1;
+        if (j>i) i=j;
+
+        /* Nr := round(2^i / N) */
+        if (i != recp->shift)
+                recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
+                        i,ctx); /* BN_reciprocal returns i, or -1 for an error */
+        if (recp->shift == -1) goto err;
+
+        /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+         *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+         *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+         *    = |m/N|
+         */
+        if (!BN_rshift(a,m,recp->num_bits)) goto err;
+        if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
+        if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
+        d->neg=0;
+
+        if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
+        if (!BN_usub(r,m,b)) goto err;
+        r->neg=0;
+
+#if 1
+        j=0;
+        while (BN_ucmp(r,&(recp->N)) >= 0)
+                {
+                if (j++ > 2)
+                        {
+                        BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL);
+                        goto err;
+                        }
+                if (!BN_usub(r,r,&(recp->N))) goto err;
+                if (!BN_add_word(d,1)) goto err;
+                }
+#endif
+
+        r->neg=BN_is_zero(r)?0:m->neg;
+        d->neg=m->neg^recp->N.neg;
+        ret=1;
+err:
+        BN_CTX_end(ctx);
+        return(ret);
+        } 
+
+/* len is the expected size of the result
+ * We actually calculate with an extra word of precision, so
+ * we can do faster division if the remainder is not required.
+ */
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+        {
+        int ret= -1;
+        BIGNUM t;
+
+        BN_init(&t);
+
+        if (!BN_zero(&t)) goto err;
+        if (!BN_set_bit(&t,len)) goto err;
+
+        if (!BN_div(r,NULL,&t,m,ctx)) goto err;
+
+        ret=len;
+err:
+        BN_free(&t);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c
new file mode 100644
index 0000000000..70f785ea18
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_shift.c
@@ -0,0 +1,205 @@
+/* crypto/bn/bn_shift.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+        {
+        register BN_ULONG *ap,*rp,t,c;
+        int i;
+
+        if (r != a)
+                {
+                r->neg=a->neg;
+                if (bn_wexpand(r,a->top+1) == NULL) return(0);
+                r->top=a->top;
+                }
+        else
+                {
+                if (bn_wexpand(r,a->top+1) == NULL) return(0);
+                }
+        ap=a->d;
+        rp=r->d;
+        c=0;
+        for (i=0; i<a->top; i++)
+                {
+                t= *(ap++);
+                *(rp++)=((t<<1)|c)&BN_MASK2;
+                c=(t & BN_TBIT)?1:0;
+                }
+        if (c)
+                {
+                *rp=1;
+                r->top++;
+                }
+        return(1);
+        }
+
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+        {
+        BN_ULONG *ap,*rp,t,c;
+        int i;
+
+        if (BN_is_zero(a))
+                {
+                BN_zero(r);
+                return(1);
+                }
+        if (a != r)
+                {
+                if (bn_wexpand(r,a->top) == NULL) return(0);
+                r->top=a->top;
+                r->neg=a->neg;
+                }
+        ap=a->d;
+        rp=r->d;
+        c=0;
+        for (i=a->top-1; i>=0; i--)
+                {
+                t=ap[i];
+                rp[i]=((t>>1)&BN_MASK2)|c;
+                c=(t&1)?BN_TBIT:0;
+                }
+        bn_fix_top(r);
+        return(1);
+        }
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+        {
+        int i,nw,lb,rb;
+        BN_ULONG *t,*f;
+        BN_ULONG l;
+
+        r->neg=a->neg;
+        nw=n/BN_BITS2;
+        if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
+        lb=n%BN_BITS2;
+        rb=BN_BITS2-lb;
+        f=a->d;
+        t=r->d;
+        t[a->top+nw]=0;
+        if (lb == 0)
+                for (i=a->top-1; i>=0; i--)
+                        t[nw+i]=f[i];
+        else
+                for (i=a->top-1; i>=0; i--)
+                        {
+                        l=f[i];
+                        t[nw+i+1]|=(l>>rb)&BN_MASK2;
+                        t[nw+i]=(l<<lb)&BN_MASK2;
+                        }
+        memset(t,0,nw*sizeof(t[0]));
+/*      for (i=0; i<nw; i++)
+                t[i]=0;*/
+        r->top=a->top+nw+1;
+        bn_fix_top(r);
+        return(1);
+        }
+
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+        {
+        int i,j,nw,lb,rb;
+        BN_ULONG *t,*f;
+        BN_ULONG l,tmp;
+
+        nw=n/BN_BITS2;
+        rb=n%BN_BITS2;
+        lb=BN_BITS2-rb;
+        if (nw > a->top || a->top == 0)
+                {
+                BN_zero(r);
+                return(1);
+                }
+        if (r != a)
+                {
+                r->neg=a->neg;
+                if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
+                }
+        else
+                {
+                if (n == 0)
+                        return 1; /* or the copying loop will go berserk */
+                }
+
+        f= &(a->d[nw]);
+        t=r->d;
+        j=a->top-nw;
+        r->top=j;
+
+        if (rb == 0)
+                {
+                for (i=j+1; i > 0; i--)
+                        *(t++)= *(f++);
+                }
+        else
+                {
+                l= *(f++);
+                for (i=1; i<j; i++)
+                        {
+                        tmp =(l>>rb)&BN_MASK2;
+                        l= *(f++);
+                        *(t++) =(tmp|(l<<lb))&BN_MASK2;
+                        }
+                *(t++) =(l>>rb)&BN_MASK2;
+                }
+        *t=0;
+        bn_fix_top(r);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c
new file mode 100644
index 0000000000..c1d0cca438
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_sqr.c
@@ -0,0 +1,288 @@
+/* crypto/bn/bn_sqr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must not be a */
+/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+        {
+        int max,al;
+        int ret = 0;
+        BIGNUM *tmp,*rr;
+
+#ifdef BN_COUNT
+        fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
+#endif
+        bn_check_top(a);
+
+        al=a->top;
+        if (al <= 0)
+                {
+                r->top=0;
+                return(1);
+                }
+
+        BN_CTX_start(ctx);
+        rr=(a != r) ? r : BN_CTX_get(ctx);
+        tmp=BN_CTX_get(ctx);
+        if (tmp == NULL) goto err;
+
+        max=(al+al);
+        if (bn_wexpand(rr,max+1) == NULL) goto err;
+
+        if (al == 4)
+                {
+#ifndef BN_SQR_COMBA
+                BN_ULONG t[8];
+                bn_sqr_normal(rr->d,a->d,4,t);
+#else
+                bn_sqr_comba4(rr->d,a->d);
+#endif
+                }
+        else if (al == 8)
+                {
+#ifndef BN_SQR_COMBA
+                BN_ULONG t[16];
+                bn_sqr_normal(rr->d,a->d,8,t);
+#else
+                bn_sqr_comba8(rr->d,a->d);
+#endif
+                }
+        else 
+                {
+#if defined(BN_RECURSION)
+                if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
+                        {
+                        BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
+                        bn_sqr_normal(rr->d,a->d,al,t);
+                        }
+                else
+                        {
+                        int j,k;
+
+                        j=BN_num_bits_word((BN_ULONG)al);
+                        j=1<<(j-1);
+                        k=j+j;
+                        if (al == j)
+                                {
+                                if (bn_wexpand(tmp,k*2) == NULL) goto err;
+                                bn_sqr_recursive(rr->d,a->d,al,tmp->d);
+                                }
+                        else
+                                {
+                                if (bn_wexpand(tmp,max) == NULL) goto err;
+                                bn_sqr_normal(rr->d,a->d,al,tmp->d);
+                                }
+                        }
+#else
+                if (bn_wexpand(tmp,max) == NULL) goto err;
+                bn_sqr_normal(rr->d,a->d,al,tmp->d);
+#endif
+                }
+
+        rr->top=max;
+        rr->neg=0;
+        if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
+        if (rr != r) BN_copy(r,rr);
+        ret = 1;
+ err:
+        BN_CTX_end(ctx);
+        return(ret);
+        }
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+        {
+        int i,j,max;
+        const BN_ULONG *ap;
+        BN_ULONG *rp;
+
+        max=n*2;
+        ap=a;
+        rp=r;
+        rp[0]=rp[max-1]=0;
+        rp++;
+        j=n;
+
+        if (--j > 0)
+                {
+                ap++;
+                rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
+                rp+=2;
+                }
+
+        for (i=n-2; i>0; i--)
+                {
+                j--;
+                ap++;
+                rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
+                rp+=2;
+                }
+
+        bn_add_words(r,r,r,max);
+
+        /* There will not be a carry */
+
+        bn_sqr_words(tmp,a,n);
+
+        bn_add_words(r,r,tmp,max);
+        }
+
+#ifdef BN_RECURSION
+/* r is 2*n words in size,
+ * a and b are both n words in size.    (There's not actually a 'b' here ...)
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+        {
+        int n=n2/2;
+        int zero,c1;
+        BN_ULONG ln,lo,*p;
+
+#ifdef BN_COUNT
+        fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
+#endif
+        if (n2 == 4)
+                {
+#ifndef BN_SQR_COMBA
+                bn_sqr_normal(r,a,4,t);
+#else
+                bn_sqr_comba4(r,a);
+#endif
+                return;
+                }
+        else if (n2 == 8)
+                {
+#ifndef BN_SQR_COMBA
+                bn_sqr_normal(r,a,8,t);
+#else
+                bn_sqr_comba8(r,a);
+#endif
+                return;
+                }
+        if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
+                {
+                bn_sqr_normal(r,a,n2,t);
+                return;
+                }
+        /* r=(a[0]-a[1])*(a[1]-a[0]) */
+        c1=bn_cmp_words(a,&(a[n]),n);
+        zero=0;
+        if (c1 > 0)
+                bn_sub_words(t,a,&(a[n]),n);
+        else if (c1 < 0)
+                bn_sub_words(t,&(a[n]),a,n);
+        else
+                zero=1;
+
+        /* The result will always be negative unless it is zero */
+        p= &(t[n2*2]);
+
+        if (!zero)
+                bn_sqr_recursive(&(t[n2]),t,n,p);
+        else
+                memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+        bn_sqr_recursive(r,a,n,p);
+        bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+
+        /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+         * r[10] holds (a[0]*b[0])
+         * r[32] holds (b[1]*b[1])
+         */
+
+        c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+        /* t[32] is negative */
+        c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+
+        /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+         * r[10] holds (a[0]*a[0])
+         * r[32] holds (a[1]*a[1])
+         * c1 holds the carry bits
+         */
+        c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
+        if (c1)
+                {
+                p= &(r[n+n2]);
+                lo= *p;
+                ln=(lo+c1)&BN_MASK2;
+                *p=ln;
+
+                /* The overflow will stop before we over write
+                 * words we should not overwrite */
+                if (ln < (BN_ULONG)c1)
+                        {
+                        do      {
+                                p++;
+                                lo= *p;
+                                ln=(lo+1)&BN_MASK2;
+                                *p=ln;
+                                } while (ln == 0);
+                        }
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
new file mode 100644
index 0000000000..e2a1105dc8
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -0,0 +1,387 @@
+/* crypto/bn/bn_mod.c */
+/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * and Bodo Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
+/* Returns 'ret' such that
+ *      ret^2 == a (mod p),
+ * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
+ * in Algebraic Computational Number Theory", algorithm 1.5.1).
+ * 'p' must be prime!
+ * If 'a' is not a square, this is not necessarily detected by
+ * the algorithms; a bogus result must be expected in this case.
+ */
+        {
+        BIGNUM *ret = in;
+        int err = 1;
+        int r;
+        BIGNUM *b, *q, *t, *x, *y;
+        int e, i, j;
+        
+        if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
+                {
+                if (BN_abs_is_word(p, 2))
+                        {
+                        if (ret == NULL)
+                                ret = BN_new();
+                        if (ret == NULL)
+                                goto end;
+                        if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
+                                {
+                                BN_free(ret);
+                                return NULL;
+                                }
+                        return ret;
+                        }
+
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+                return(NULL);
+                }
+
+        if (BN_is_zero(a) || BN_is_one(a))
+                {
+                if (ret == NULL)
+                        ret = BN_new();
+                if (ret == NULL)
+                        goto end;
+                if (!BN_set_word(ret, BN_is_one(a)))
+                        {
+                        BN_free(ret);
+                        return NULL;
+                        }
+                return ret;
+                }
+
+#if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */
+        r = BN_kronecker(a, p, ctx);
+        if (r < -1) return NULL;
+        if (r == -1)
+                {
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                return(NULL);
+                }
+#endif
+
+        BN_CTX_start(ctx);
+        b = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx);
+        t = BN_CTX_get(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL) goto end;
+        
+        if (ret == NULL)
+                ret = BN_new();
+        if (ret == NULL) goto end;
+
+        /* now write  |p| - 1  as  2^e*q  where  q  is odd */
+        e = 1;
+        while (!BN_is_bit_set(p, e))
+                e++;
+        /* we'll set  q  later (if needed) */
+
+        if (e == 1)
+                {
+                /* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+                 * modulo  (|p|-1)/2,  and square roots can be computed
+                 * directly by modular exponentiation.
+                 * We have
+                 *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
+                 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
+                 */
+                if (!BN_rshift(q, p, 2)) goto end;
+                q->neg = 0;
+                if (!BN_add_word(q, 1)) goto end;
+                if (!BN_mod_exp(ret, a, q, p, ctx)) goto end;
+                err = 0;
+                goto end;
+                }
+        
+        if (e == 2)
+                {
+                /* |p| == 5  (mod 8)
+                 *
+                 * In this case  2  is always a non-square since
+                 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
+                 * So if  a  really is a square, then  2*a  is a non-square.
+                 * Thus for
+                 *      b := (2*a)^((|p|-5)/8),
+                 *      i := (2*a)*b^2
+                 * we have
+                 *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+                 *         = (2*a)^((p-1)/2)
+                 *         = -1;
+                 * so if we set
+                 *      x := a*b*(i-1),
+                 * then
+                 *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+                 *         = a^2 * b^2 * (-2*i)
+                 *         = a*(-i)*(2*a*b^2)
+                 *         = a*(-i)*i
+                 *         = a.
+                 *
+                 * (This is due to A.O.L. Atkin, 
+                 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+                 * November 1992.)
+                 */
+
+                /* make sure that  a  is reduced modulo p */
+                if (a->neg || BN_ucmp(a, p) >= 0)
+                        {
+                        if (!BN_nnmod(x, a, p, ctx)) goto end;
+                        a = x; /* use x as temporary variable */
+                        }
+
+                /* t := 2*a */
+                if (!BN_mod_lshift1_quick(t, a, p)) goto end;
+
+                /* b := (2*a)^((|p|-5)/8) */
+                if (!BN_rshift(q, p, 3)) goto end;
+                q->neg = 0;
+                if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
+
+                /* y := b^2 */
+                if (!BN_mod_sqr(y, b, p, ctx)) goto end;
+
+                /* t := (2*a)*b^2 - 1*/
+                if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
+                if (!BN_sub_word(t, 1)) goto end;
+
+                /* x = a*b*t */
+                if (!BN_mod_mul(x, a, b, p, ctx)) goto end;
+                if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+
+                if (!BN_copy(ret, x)) goto end;
+                err = 0;
+                goto end;
+                }
+        
+        /* e > 2, so we really have to use the Tonelli/Shanks algorithm.
+         * First, find some  y  that is not a square. */
+        if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
+        q->neg = 0;
+        i = 2;
+        do
+                {
+                /* For efficiency, try small numbers first;
+                 * if this fails, try random numbers.
+                 */
+                if (i < 22)
+                        {
+                        if (!BN_set_word(y, i)) goto end;
+                        }
+                else
+                        {
+                        if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
+                        if (BN_ucmp(y, p) >= 0)
+                                {
+                                if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
+                                }
+                        /* now 0 <= y < |p| */
+                        if (BN_is_zero(y))
+                                if (!BN_set_word(y, i)) goto end;
+                        }
+                
+                r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+                if (r < -1) goto end;
+                if (r == 0)
+                        {
+                        /* m divides p */
+                        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+                        goto end;
+                        }
+                }
+        while (r == 1 && ++i < 82);
+        
+        if (r != -1)
+                {
+                /* Many rounds and still no non-square -- this is more likely
+                 * a bug than just bad luck.
+                 * Even if  p  is not prime, we should have found some  y
+                 * such that r == -1.
+                 */
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+                goto end;
+                }
+
+        /* Here's our actual 'q': */
+        if (!BN_rshift(q, q, e)) goto end;
+
+        /* Now that we have some non-square, we can find an element
+         * of order  2^e  by computing its q'th power. */
+        if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
+        if (BN_is_one(y))
+                {
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+                goto end;
+                }
+
+        /* Now we know that (if  p  is indeed prime) there is an integer
+         * k,  0 <= k < 2^e,  such that
+         *
+         *      a^q * y^k == 1   (mod p).
+         *
+         * As  a^q  is a square and  y  is not,  k  must be even.
+         * q+1  is even, too, so there is an element
+         *
+         *     X := a^((q+1)/2) * y^(k/2),
+         *
+         * and it satisfies
+         *
+         *     X^2 = a^q * a     * y^k
+         *         = a,
+         *
+         * so it is the square root that we are looking for.
+         */
+        
+        /* t := (q-1)/2  (note that  q  is odd) */
+        if (!BN_rshift1(t, q)) goto end;
+        
+        /* x := a^((q-1)/2) */
+        if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
+                {
+                if (!BN_nnmod(t, a, p, ctx)) goto end;
+                if (BN_is_zero(t))
+                        {
+                        /* special case: a == 0  (mod p) */
+                        if (!BN_zero(ret)) goto end;
+                        err = 0;
+                        goto end;
+                        }
+                else
+                        if (!BN_one(x)) goto end;
+                }
+        else
+                {
+                if (!BN_mod_exp(x, a, t, p, ctx)) goto end;
+                if (BN_is_zero(x))
+                        {
+                        /* special case: a == 0  (mod p) */
+                        if (!BN_zero(ret)) goto end;
+                        err = 0;
+                        goto end;
+                        }
+                }
+
+        /* b := a*x^2  (= a^q) */
+        if (!BN_mod_sqr(b, x, p, ctx)) goto end;
+        if (!BN_mod_mul(b, b, a, p, ctx)) goto end;
+        
+        /* x := a*x    (= a^((q+1)/2)) */
+        if (!BN_mod_mul(x, x, a, p, ctx)) goto end;
+
+        while (1)
+                {
+                /* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+                 * where  E  refers to the original value of  e,  which we
+                 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
+                 *
+                 * We have  a*b = x^2,
+                 *    y^2^(e-1) = -1,
+                 *    b^2^(e-1) = 1.
+                 */
+
+                if (BN_is_one(b))
+                        {
+                        if (!BN_copy(ret, x)) goto end;
+                        err = 0;
+                        goto end;
+                        }
+
+
+                /* find smallest  i  such that  b^(2^i) = 1 */
+                i = 1;
+                if (!BN_mod_sqr(t, b, p, ctx)) goto end;
+                while (!BN_is_one(t))
+                        {
+                        i++;
+                        if (i == e)
+                                {
+                                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                                goto end;
+                                }
+                        if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
+                        }
+                
+
+                /* t := y^2^(e - i - 1) */
+                if (!BN_copy(t, y)) goto end;
+                for (j = e - i - 1; j > 0; j--)
+                        {
+                        if (!BN_mod_sqr(t, t, p, ctx)) goto end;
+                        }
+                if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
+                if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+                if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
+                e = i;
+                }
+
+ end:
+        if (err)
+                {
+                if (ret != NULL && ret != in)
+                        {
+                        BN_clear_free(ret);
+                        }
+                ret = NULL;
+                }
+        BN_CTX_end(ctx);
+        return ret;
+        }
diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c
new file mode 100644
index 0000000000..de610ce54c
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_word.c
@@ -0,0 +1,208 @@
+/* crypto/bn/bn_word.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+        {
+#ifndef BN_LLONG
+        BN_ULONG ret=0;
+#else
+        BN_ULLONG ret=0;
+#endif
+        int i;
+
+        w&=BN_MASK2;
+        for (i=a->top-1; i>=0; i--)
+                {
+#ifndef BN_LLONG
+                ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
+                ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
+#else
+                ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
+                        (BN_ULLONG)w);
+#endif
+                }
+        return((BN_ULONG)ret);
+        }
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
+        {
+        BN_ULONG ret;
+        int i;
+
+        if (a->top == 0) return(0);
+        ret=0;
+        w&=BN_MASK2;
+        for (i=a->top-1; i>=0; i--)
+                {
+                BN_ULONG l,d;
+                
+                l=a->d[i];
+                d=bn_div_words(ret,l,w);
+                ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
+                a->d[i]=d;
+                }
+        if ((a->top > 0) && (a->d[a->top-1] == 0))
+                a->top--;
+        return(ret);
+        }
+
+int BN_add_word(BIGNUM *a, BN_ULONG w)
+        {
+        BN_ULONG l;
+        int i;
+
+        if ((w & BN_MASK2) == 0)
+                return(1);
+
+        if (a->neg)
+                {
+                a->neg=0;
+                i=BN_sub_word(a,w);
+                if (!BN_is_zero(a))
+                        a->neg=!(a->neg);
+                return(i);
+                }
+        w&=BN_MASK2;
+        if (bn_wexpand(a,a->top+1) == NULL) return(0);
+        i=0;
+        for (;;)
+                {
+                if (i >= a->top)
+                        l=w;
+                else
+                        l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+                a->d[i]=l;
+                if (w > l)
+                        w=1;
+                else
+                        break;
+                i++;
+                }
+        if (i >= a->top)
+                a->top++;
+        return(1);
+        }
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
+        {
+        int i;
+
+        if ((w & BN_MASK2) == 0)
+                return(1);
+
+        if (BN_is_zero(a) || a->neg)
+                {
+                a->neg=0;
+                i=BN_add_word(a,w);
+                a->neg=1;
+                return(i);
+                }
+
+        w&=BN_MASK2;
+        if ((a->top == 1) && (a->d[0] < w))
+                {
+                a->d[0]=w-a->d[0];
+                a->neg=1;
+                return(1);
+                }
+        i=0;
+        for (;;)
+                {
+                if (a->d[i] >= w)
+                        {
+                        a->d[i]-=w;
+                        break;
+                        }
+                else
+                        {
+                        a->d[i]=(a->d[i]-w)&BN_MASK2;
+                        i++;
+                        w=1;
+                        }
+                }
+        if ((a->d[i] == 0) && (i == (a->top-1)))
+                a->top--;
+        return(1);
+        }
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
+        {
+        BN_ULONG ll;
+
+        w&=BN_MASK2;
+        if (a->top)
+                {
+                if (w == 0)
+                        BN_zero(a);
+                else
+                        {
+                        ll=bn_mul_words(a->d,a->d,a->top,w);
+                        if (ll)
+                                {
+                                if (bn_wexpand(a,a->top+1) == NULL) return(0);
+                                a->d[a->top++]=ll;
+                                }
+                        }
+                }
+        return(1);
+        }
+
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
index 685007d330..79d813d85e 100644
--- a/src/lib/libcrypto/bn/bntest.c
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -86,7 +86,6 @@ int test_mont(BIO *bp,BN_CTX *ctx);
 int test_mod(BIO *bp,BN_CTX *ctx);
 int test_mod_mul(BIO *bp,BN_CTX *ctx);
 int test_mod_exp(BIO *bp,BN_CTX *ctx);
-int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
 int test_exp(BIO *bp,BN_CTX *ctx);
 int test_kron(BIO *bp,BN_CTX *ctx);
 int test_sqrt(BIO *bp,BN_CTX *ctx);
@@ -214,10 +213,6 @@ int main(int argc, char *argv[])
         if (!test_mod_exp(out,ctx)) goto err;
         BIO_flush(out);
 
-        message(out,"BN_mod_exp_mont_consttime");
-        if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
-        BIO_flush(out);
-
         message(out,"BN_exp");
         if (!test_exp(out,ctx)) goto err;
         BIO_flush(out);
@@ -785,58 +780,7 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
                 BN_bntest_rand(b,2+i,0,0); /**/
 
                 if (!BN_mod_exp(d,a,b,c,ctx))
-                        return(00);
-
-                if (bp != NULL)
-                        {
-                        if (!results)
-                                {
-                                BN_print(bp,a);
-                                BIO_puts(bp," ^ ");
-                                BN_print(bp,b);
-                                BIO_puts(bp," % ");
-                                BN_print(bp,c);
-                                BIO_puts(bp," - ");
-                                }
-                        BN_print(bp,d);
-                        BIO_puts(bp,"\n");
-                        }
-                BN_exp(e,a,b,ctx);
-                BN_sub(e,e,d);
-                BN_div(a,b,e,c,ctx);
-                if(!BN_is_zero(b))
-                    {
-                    fprintf(stderr,"Modulo exponentiation test failed!\n");
-                    return 0;
-                    }
-                }
-        BN_free(a);
-        BN_free(b);
-        BN_free(c);
-        BN_free(d);
-        BN_free(e);
-        return(1);
-        }
-
-int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
-        {
-        BIGNUM *a,*b,*c,*d,*e;
-        int i;
-
-        a=BN_new();
-        b=BN_new();
-        c=BN_new();
-        d=BN_new();
-        e=BN_new();
-
-        BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
-        for (i=0; i<num2; i++)
-                {
-                BN_bntest_rand(a,20+i*5,0,0); /**/
-                BN_bntest_rand(b,2+i,0,0); /**/
-
-                if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
-                        return(00);
+                        return(0);
 
                 if (bp != NULL)
                         {
@@ -887,7 +831,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
                 BN_bntest_rand(b,2+i,0,0); /**/
 
                 if (!BN_exp(d,a,b,ctx))
-                        return(00);
+                        return(0);
 
                 if (bp != NULL)
                         {
diff --git a/src/lib/libcrypto/bn/expspeed.c b/src/lib/libcrypto/bn/expspeed.c
index 4d5f221f33..07a1bcf51c 100644
--- a/src/lib/libcrypto/bn/expspeed.c
+++ b/src/lib/libcrypto/bn/expspeed.c
@@ -321,7 +321,7 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
 #else /* TEST_SQRT */
                         "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
 #endif
-                        " -> %8.6fms %5.1f (%ld)\n",
+                        " -> %8.3fms %5.1f (%ld)\n",
 #ifdef TEST_SQRT
                         P_MOD_64,
 #endif
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
index 28aaac2ac1..b09cf88705 100644
--- a/src/lib/libcrypto/bn/exptest.c
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -77,7 +77,7 @@ int main(int argc, char *argv[])
         BIO *out=NULL;
         int i,ret;
         unsigned char c;
-        BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
+        BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
 
         RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
                                                * even check its return value
@@ -88,7 +88,6 @@ int main(int argc, char *argv[])
         ctx=BN_CTX_new();
         if (ctx == NULL) EXIT(1);
         r_mont=BN_new();
-        r_mont_const=BN_new();
         r_recp=BN_new();
         r_simple=BN_new();
         a=BN_new();
@@ -144,17 +143,8 @@ int main(int argc, char *argv[])
                         EXIT(1);
                         }
 
-                ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
-                if (ret <= 0)
-                        {
-                        printf("BN_mod_exp_mont_consttime() problems\n");
-                        ERR_print_errors(out);
-                        EXIT(1);
-                        }
-
                 if (BN_cmp(r_simple, r_mont) == 0
-                    && BN_cmp(r_simple,r_recp) == 0
-                        && BN_cmp(r_simple,r_mont_const) == 0)
+                    && BN_cmp(r_simple,r_recp) == 0)
                         {
                         printf(".");
                         fflush(stdout);
@@ -163,8 +153,6 @@ int main(int argc, char *argv[])
                         {
                         if (BN_cmp(r_simple,r_mont) != 0)
                                 printf("\nsimple and mont results differ\n");
-                        if (BN_cmp(r_simple,r_mont) != 0)
-                                printf("\nsimple and mont const time results differ\n");
                         if (BN_cmp(r_simple,r_recp) != 0)
                                 printf("\nsimple and recp results differ\n");
 
@@ -174,13 +162,11 @@ int main(int argc, char *argv[])
                         printf("\nsimple   ="); BN_print(out,r_simple);
                         printf("\nrecp     ="); BN_print(out,r_recp);
                         printf("\nmont     ="); BN_print(out,r_mont);
-                        printf("\nmont_ct  ="); BN_print(out,r_mont_const);
                         printf("\n");
                         EXIT(1);
                         }
                 }
         BN_free(r_mont);
-        BN_free(r_mont_const);
         BN_free(r_recp);
         BN_free(r_simple);
         BN_free(a);
diff --git a/src/lib/libcrypto/buffer/Makefile.ssl b/src/lib/libcrypto/buffer/Makefile.ssl
new file mode 100644
index 0000000000..b131ca3078
--- /dev/null
+++ b/src/lib/libcrypto/buffer/Makefile.ssl
@@ -0,0 +1,94 @@
+#
+# SSLeay/crypto/buffer/Makefile
+#
+
+DIR=    buffer
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c buf_err.c
+LIBOBJ= buffer.o buf_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_err.o: ../../include/openssl/symhacks.h buf_err.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+buffer.o: ../cryptlib.h buffer.c
diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c
new file mode 100644
index 0000000000..5eee653e14
--- /dev/null
+++ b/src/lib/libcrypto/buffer/buf_err.c
@@ -0,0 +1,95 @@
+/* crypto/buffer/buf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA BUF_str_functs[]=
+        {
+{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),      "BUF_MEM_grow"},
+{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0),       "BUF_MEM_new"},
+{ERR_PACK(0,BUF_F_BUF_STRDUP,0),        "BUF_strdup"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA BUF_str_reasons[]=
+        {
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_BUF_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
+                ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
new file mode 100644
index 0000000000..d96487e7db
--- /dev/null
+++ b/src/lib/libcrypto/buffer/buffer.c
@@ -0,0 +1,202 @@
+/* crypto/buffer/buffer.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+
+BUF_MEM *BUF_MEM_new(void)
+        {
+        BUF_MEM *ret;
+
+        ret=OPENSSL_malloc(sizeof(BUF_MEM));
+        if (ret == NULL)
+                {
+                BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->length=0;
+        ret->max=0;
+        ret->data=NULL;
+        return(ret);
+        }
+
+void BUF_MEM_free(BUF_MEM *a)
+        {
+        if(a == NULL)
+            return;
+
+        if (a->data != NULL)
+                {
+                memset(a->data,0,(unsigned int)a->max);
+                OPENSSL_free(a->data);
+                }
+        OPENSSL_free(a);
+        }
+
+int BUF_MEM_grow(BUF_MEM *str, int len)
+        {
+        char *ret;
+        unsigned int n;
+
+        if (str->length >= len)
+                {
+                str->length=len;
+                return(len);
+                }
+        if (str->max >= len)
+                {
+                memset(&str->data[str->length],0,len-str->length);
+                str->length=len;
+                return(len);
+                }
+        n=(len+3)/3*4;
+        if (str->data == NULL)
+                ret=OPENSSL_malloc(n);
+        else
+                ret=OPENSSL_realloc(str->data,n);
+        if (ret == NULL)
+                {
+                BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+                len=0;
+                }
+        else
+                {
+                str->data=ret;
+                str->max=n;
+                memset(&str->data[str->length],0,len-str->length);
+                str->length=len;
+                }
+        return(len);
+        }
+
+int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+        {
+        char *ret;
+        unsigned int n;
+
+        if (str->length >= len)
+                {
+                memset(&str->data[len],0,str->length-len);
+                str->length=len;
+                return(len);
+                }
+        if (str->max >= len)
+                {
+                memset(&str->data[str->length],0,len-str->length);
+                str->length=len;
+                return(len);
+                }
+        n=(len+3)/3*4;
+        if (str->data == NULL)
+                ret=OPENSSL_malloc(n);
+        else
+                ret=OPENSSL_realloc_clean(str->data,str->max,n);
+        if (ret == NULL)
+                {
+                BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+                len=0;
+                }
+        else
+                {
+                str->data=ret;
+                str->max=n;
+                memset(&str->data[str->length],0,len-str->length);
+                str->length=len;
+                }
+        return(len);
+        }
+
+char *BUF_strdup(const char *str)
+        {
+        char *ret;
+        int n;
+
+        if (str == NULL) return(NULL);
+
+        n=strlen(str);
+        ret=OPENSSL_malloc(n+1);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memcpy(ret,str,n+1);
+        return(ret);
+        }
+
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 1 && *src; size--)
+                {
+                *dst++ = *src++;
+                l++;
+                }
+        if (size)
+                *dst = '\0';
+        return l + strlen(src);
+        }
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 0 && *dst; size--, dst++)
+                l++;
+        return l + BUF_strlcpy(dst, src, size);
+        }
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h
new file mode 100644
index 0000000000..465dc34f3f
--- /dev/null
+++ b/src/lib/libcrypto/buffer/buffer.h
@@ -0,0 +1,105 @@
+/* crypto/buffer/buffer.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BUFFER_H
+#define HEADER_BUFFER_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#include <stddef.h>
+#include <sys/types.h>
+
+typedef struct buf_mem_st
+        {
+        int length;     /* current number of bytes */
+        char *data;
+        int max;        /* size of buffer */
+        } BUF_MEM;
+
+BUF_MEM *BUF_MEM_new(void);
+void    BUF_MEM_free(BUF_MEM *a);
+int     BUF_MEM_grow(BUF_MEM *str, int len);
+int     BUF_MEM_grow_clean(BUF_MEM *str, int len);
+char *  BUF_strdup(const char *str);
+
+/* safe string functions */
+size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
+size_t BUF_strlcat(char *dst,const char *src,size_t siz);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BUF_strings(void);
+
+/* Error codes for the BUF functions. */
+
+/* Function codes. */
+#define BUF_F_BUF_MEM_GROW                               100
+#define BUF_F_BUF_MEM_NEW                                101
+#define BUF_F_BUF_STRDUP                                 102
+
+/* Reason codes. */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/cast/Makefile.ssl b/src/lib/libcrypto/cast/Makefile.ssl
new file mode 100644
index 0000000000..98393a37ba
--- /dev/null
+++ b/src/lib/libcrypto/cast/Makefile.ssl
@@ -0,0 +1,120 @@
+#
+# SSLeay/crypto/cast/Makefile
+#
+
+DIR=    cast
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s)
+
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+        $(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+        $(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
+
+asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libcrypto/cast/asm/cast-586.pl b/src/lib/libcrypto/cast/asm/cast-586.pl
new file mode 100644
index 0000000000..0ed55d1905
--- /dev/null
+++ b/src/lib/libcrypto/cast/asm/cast-586.pl
@@ -0,0 +1,176 @@
+#!/usr/local/bin/perl
+
+# define for pentium pro friendly version
+$ppro=1;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+
+&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
+
+$CAST_ROUNDS=16;
+$L="edi";
+$R="esi";
+$K="ebp";
+$tmp1="ecx";
+$tmp2="ebx";
+$tmp3="eax";
+$tmp4="edx";
+$S1="CAST_S_table0";
+$S2="CAST_S_table1";
+$S3="CAST_S_table2";
+$S4="CAST_S_table3";
+
+@F1=("add","xor","sub");
+@F2=("xor","sub","add");
+@F3=("sub","add","xor");
+
+&CAST_encrypt("CAST_encrypt",1);
+&CAST_encrypt("CAST_decrypt",0);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
+
+&asm_finish();
+
+sub CAST_encrypt {
+    local($name,$enc)=@_;
+
+    local($win_ex)=<<"EOF";
+EXTERN  _CAST_S_table0:DWORD
+EXTERN  _CAST_S_table1:DWORD
+EXTERN  _CAST_S_table2:DWORD
+EXTERN  _CAST_S_table3:DWORD
+EOF
+    &main::external_label(
+                          "CAST_S_table0",
+                          "CAST_S_table1",
+                          "CAST_S_table2",
+                          "CAST_S_table3",
+                          );
+
+    &function_begin_B($name,$win_ex);
+
+    &comment("");
+
+    &push("ebp");
+    &push("ebx");
+    &mov($tmp2,&wparam(0));
+    &mov($K,&wparam(1));
+    &push("esi");
+    &push("edi");
+
+    &comment("Load the 2 words");
+    &mov($L,&DWP(0,$tmp2,"",0));
+    &mov($R,&DWP(4,$tmp2,"",0));
+
+    &comment('Get short key flag');
+    &mov($tmp3,&DWP(128,$K,"",0));
+    if($enc) {
+        &push($tmp3);
+    } else {
+        &or($tmp3,$tmp3);
+        &jnz(&label('cast_dec_skip'));
+    }
+
+    &xor($tmp3, $tmp3);
+
+    # encrypting part
+
+    if ($enc) {
+        &E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &comment('test short key flag');
+        &pop($tmp4);
+        &or($tmp4,$tmp4);
+        &jnz(&label('cast_enc_done'));
+        &E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    } else {
+        &E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &set_label('cast_dec_skip');
+        &E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+        &E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    }
+
+    &set_label('cast_enc_done') if $enc;
+# Why the nop? - Ben 17/1/99
+    &nop();
+    &mov($tmp3,&wparam(0));
+    &mov(&DWP(4,$tmp3,"",0),$L);
+    &mov(&DWP(0,$tmp3,"",0),$R);
+    &function_end($name);
+}
+
+sub E_CAST {
+    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
+    # Ri needs to have 16 pre added.
+
+    &comment("round $i");
+    &mov(       $tmp4,          &DWP($i*8,$K,"",1));
+
+    &mov(       $tmp1,          &DWP($i*8+4,$K,"",1));
+    &$OP1(      $tmp4,          $R);
+
+    &rotl(      $tmp4,          &LB($tmp1));
+
+    if ($ppro) {
+        &mov(   $tmp2,          $tmp4);         # B
+        &xor(   $tmp1,          $tmp1);
+        
+        &movb(  &LB($tmp1),     &HB($tmp4));    # A
+        &and(   $tmp2,          0xff);
+
+        &shr(   $tmp4,          16);            #
+        &xor(   $tmp3,          $tmp3);
+    } else {
+        &mov(   $tmp2,          $tmp4);         # B
+        &movb(  &LB($tmp1),     &HB($tmp4));    # A     # BAD BAD BAD
+        
+        &shr(   $tmp4,          16);            #
+        &and(   $tmp2,          0xff);
+    }
+
+    &movb(      &LB($tmp3),     &HB($tmp4));    # C     # BAD BAD BAD
+    &and(       $tmp4,          0xff);          # D
+
+    &mov(       $tmp1,          &DWP($S1,"",$tmp1,4));
+    &mov(       $tmp2,          &DWP($S2,"",$tmp2,4));
+
+    &$OP2(      $tmp1,          $tmp2);
+    &mov(       $tmp2,          &DWP($S3,"",$tmp3,4));
+
+    &$OP3(      $tmp1,          $tmp2);
+    &mov(       $tmp2,          &DWP($S4,"",$tmp4,4));
+
+    &$OP1(      $tmp1,          $tmp2);
+    # XXX
+
+    &xor(       $L,             $tmp1);
+    # XXX
+}
+
diff --git a/src/lib/libcrypto/cast/c_cfb64.c b/src/lib/libcrypto/cast/c_cfb64.c
new file mode 100644
index 0000000000..514c005c32
--- /dev/null
+++ b/src/lib/libcrypto/cast/c_cfb64.c
@@ -0,0 +1,122 @@
+/* crypto/cast/c_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        int *num, int enc)
+        {
+        register CAST_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        CAST_LONG ti[2];
+        unsigned char *iv,c,cc;
+
+        iv=ivec;
+        if (enc)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                CAST_encrypt((CAST_LONG *)ti,schedule);
+                                iv=ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                n2l(iv,v0); ti[0]=v0;
+                                n2l(iv,v1); ti[1]=v1;
+                                CAST_encrypt((CAST_LONG *)ti,schedule);
+                                iv=ivec;
+                                t=ti[0]; l2n(t,iv);
+                                t=ti[1]; l2n(t,iv);
+                                iv=ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/cast/c_ecb.c b/src/lib/libcrypto/cast/c_ecb.c
new file mode 100644
index 0000000000..0b3da9ad87
--- /dev/null
+++ b/src/lib/libcrypto/cast/c_ecb.c
@@ -0,0 +1,80 @@
+/* crypto/cast/c_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+#include <openssl/opensslv.h>
+
+const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT;
+
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      CAST_KEY *ks, int enc)
+        {
+        CAST_LONG l,d[2];
+
+        n2l(in,l); d[0]=l;
+        n2l(in,l); d[1]=l;
+        if (enc)
+                CAST_encrypt(d,ks);
+        else
+                CAST_decrypt(d,ks);
+        l=d[0]; l2n(l,out);
+        l=d[1]; l2n(l,out);
+        l=d[0]=d[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c
new file mode 100644
index 0000000000..e80f65b698
--- /dev/null
+++ b/src/lib/libcrypto/cast/c_enc.c
@@ -0,0 +1,209 @@
+/* crypto/cast/c_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+#ifndef OPENBSD_CAST_ASM
+void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
+        {
+        register CAST_LONG l,r,*k,t;
+
+        k= &(key->data[0]);
+        l=data[0];
+        r=data[1];
+
+        E_CAST( 0,k,l,r,+,^,-);
+        E_CAST( 1,k,r,l,^,-,+);
+        E_CAST( 2,k,l,r,-,+,^);
+        E_CAST( 3,k,r,l,+,^,-);
+        E_CAST( 4,k,l,r,^,-,+);
+        E_CAST( 5,k,r,l,-,+,^);
+        E_CAST( 6,k,l,r,+,^,-);
+        E_CAST( 7,k,r,l,^,-,+);
+        E_CAST( 8,k,l,r,-,+,^);
+        E_CAST( 9,k,r,l,+,^,-);
+        E_CAST(10,k,l,r,^,-,+);
+        E_CAST(11,k,r,l,-,+,^);
+        if(!key->short_key)
+            {
+            E_CAST(12,k,l,r,+,^,-);
+            E_CAST(13,k,r,l,^,-,+);
+            E_CAST(14,k,l,r,-,+,^);
+            E_CAST(15,k,r,l,+,^,-);
+            }
+
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+        }
+
+void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
+        {
+        register CAST_LONG l,r,*k,t;
+
+        k= &(key->data[0]);
+        l=data[0];
+        r=data[1];
+
+        if(!key->short_key)
+            {
+            E_CAST(15,k,l,r,+,^,-);
+            E_CAST(14,k,r,l,-,+,^);
+            E_CAST(13,k,l,r,^,-,+);
+            E_CAST(12,k,r,l,+,^,-);
+            }
+        E_CAST(11,k,l,r,-,+,^);
+        E_CAST(10,k,r,l,^,-,+);
+        E_CAST( 9,k,l,r,+,^,-);
+        E_CAST( 8,k,r,l,-,+,^);
+        E_CAST( 7,k,l,r,^,-,+);
+        E_CAST( 6,k,r,l,+,^,-);
+        E_CAST( 5,k,l,r,-,+,^);
+        E_CAST( 4,k,r,l,^,-,+);
+        E_CAST( 3,k,l,r,+,^,-);
+        E_CAST( 2,k,r,l,-,+,^);
+        E_CAST( 1,k,l,r,^,-,+);
+        E_CAST( 0,k,r,l,+,^,-);
+
+        data[1]=l&0xffffffffL;
+        data[0]=r&0xffffffffL;
+        }
+#endif
+
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+             CAST_KEY *ks, unsigned char *iv, int enc)
+        {
+        register CAST_LONG tin0,tin1;
+        register CAST_LONG tout0,tout1,xor0,xor1;
+        register long l=length;
+        CAST_LONG tin[2];
+
+        if (enc)
+                {
+                n2l(iv,tout0);
+                n2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        n2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_encrypt(tin,ks);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        }
+                l2n(tout0,iv);
+                l2n(tout1,iv);
+                }
+        else
+                {
+                n2l(iv,xor0);
+                n2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2n(tout0,out);
+                        l2n(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        n2l(in,tin0);
+                        n2l(in,tin1);
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        CAST_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2nn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2n(xor0,iv);
+                l2n(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/cast/c_ofb64.c b/src/lib/libcrypto/cast/c_ofb64.c
new file mode 100644
index 0000000000..fd0469a62f
--- /dev/null
+++ b/src/lib/libcrypto/cast/c_ofb64.c
@@ -0,0 +1,111 @@
+/* crypto/cast/c_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        int *num)
+        {
+        register CAST_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        CAST_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv=ivec;
+        n2l(iv,v0);
+        n2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2n(v0,dp);
+        l2n(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        CAST_encrypt((CAST_LONG *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2n(t,dp);
+                        t=ti[1]; l2n(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=ivec;
+                l2n(v0,iv);
+                l2n(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c
new file mode 100644
index 0000000000..dc4791a8cf
--- /dev/null
+++ b/src/lib/libcrypto/cast/c_skey.c
@@ -0,0 +1,168 @@
+/* crypto/cast/c_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/cast.h>
+
+#include "cast_lcl.h"
+#include "cast_s.h"
+
+#define CAST_exp(l,A,a,n) \
+        A[n/4]=l; \
+        a[n+3]=(l    )&0xff; \
+        a[n+2]=(l>> 8)&0xff; \
+        a[n+1]=(l>>16)&0xff; \
+        a[n+0]=(l>>24)&0xff;
+
+#define S4 CAST_S_table4
+#define S5 CAST_S_table5
+#define S6 CAST_S_table6
+#define S7 CAST_S_table7
+
+FIPS_NON_FIPS_VCIPHER_Init(CAST)
+        {
+        CAST_LONG x[16];
+        CAST_LONG z[16];
+        CAST_LONG k[32];
+        CAST_LONG X[4],Z[4];
+        CAST_LONG l,*K;
+        int i;
+
+        for (i=0; i<16; i++) x[i]=0;
+        if (len > 16) len=16;
+        for (i=0; i<len; i++)
+                x[i]=data[i];
+        if(len <= 10)
+            key->short_key=1;
+        else
+            key->short_key=0;
+
+        K= &k[0];
+        X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
+        X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
+        X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
+        X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
+
+        for (;;)
+                {
+        l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
+        CAST_exp(l,Z,z, 0);
+        l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
+        CAST_exp(l,Z,z, 4);
+        l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
+        CAST_exp(l,Z,z, 8);
+        l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
+        CAST_exp(l,Z,z,12);
+
+        K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
+        K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
+        K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
+        K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
+
+        l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
+        CAST_exp(l,X,x, 0);
+        l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
+        CAST_exp(l,X,x, 4);
+        l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
+        CAST_exp(l,X,x, 8);
+        l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
+        CAST_exp(l,X,x,12);
+
+        K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
+        K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
+        K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
+        K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
+
+        l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
+        CAST_exp(l,Z,z, 0);
+        l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
+        CAST_exp(l,Z,z, 4);
+        l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
+        CAST_exp(l,Z,z, 8);
+        l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
+        CAST_exp(l,Z,z,12);
+
+        K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
+        K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
+        K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
+        K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
+
+        l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
+        CAST_exp(l,X,x, 0);
+        l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
+        CAST_exp(l,X,x, 4);
+        l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
+        CAST_exp(l,X,x, 8);
+        l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
+        CAST_exp(l,X,x,12);
+
+        K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
+        K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
+        K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
+        K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
+        if (K != k)  break;
+        K+=16;
+                }
+
+        for (i=0; i<16; i++)
+                {
+                key->data[i*2]=k[i];
+                key->data[i*2+1]=((k[i+16])+16)&0x1f;
+                }
+        }
+
diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h
new file mode 100644
index 0000000000..9e300178d9
--- /dev/null
+++ b/src/lib/libcrypto/cast/cast.h
@@ -0,0 +1,106 @@
+/* crypto/cast/cast.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CAST_H
+#define HEADER_CAST_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_CAST
+#error CAST is disabled.
+#endif
+
+#define CAST_ENCRYPT    1
+#define CAST_DECRYPT    0
+
+#define CAST_LONG unsigned long
+
+#define CAST_BLOCK      8
+#define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st
+        {
+        CAST_LONG data[32];
+        int short_key;  /* Use reduced rounds for short key */
+        } CAST_KEY;
+
+
+#ifdef OPENSSL_FIPS 
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+#endif
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+                      int enc);
+void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                      CAST_KEY *ks, unsigned char *iv, int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+                        long length, CAST_KEY *schedule, unsigned char *ivec,
+                        int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/cast/cast_lcl.h b/src/lib/libcrypto/cast/cast_lcl.h
new file mode 100644
index 0000000000..37f41cc6a4
--- /dev/null
+++ b/src/lib/libcrypto/cast/cast_lcl.h
@@ -0,0 +1,232 @@
+/* crypto/cast/cast_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+
+#include "e_os.h"
+
+#ifdef OPENSSL_SYS_WIN32
+#include <stdlib.h>
+#endif
+
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+#define ROTL(a,n)     (_lrotl(a,n))
+#else
+#define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
+#endif
+
+#define C_M    0x3fc
+#define C_0    22L
+#define C_1    14L
+#define C_2     6L
+#define C_3     2L /* left shift */
+
+/* The rotate has an extra 16 added to it to help the x86 asm */
+#if defined(CAST_PTR)
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        t=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        t=ROTL(t,i); \
+        L^= (((((*(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table0+((t>>C_2)&C_M)) OP2 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
+        }
+#elif defined(CAST_PTR2)
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        CAST_LONG u,v,w; \
+        w=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        w=ROTL(w,i); \
+        u=w>>C_2; \
+        v=w<<C_3; \
+        u&=C_M; \
+        v&=C_M; \
+        t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
+        u=w>>C_0; \
+        t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
+        v=w>>C_1; \
+        u&=C_M; \
+        v&=C_M; \
+        t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
+        t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
+        L^=(t&0xffffffff); \
+        }
+#else
+#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        CAST_LONG a,b,c,d; \
+        t=(key[n*2] OP1 R)&0xffffffff; \
+        t=ROTL(t,(key[n*2+1])); \
+        a=CAST_S_table0[(t>> 8)&0xff]; \
+        b=CAST_S_table1[(t    )&0xff]; \
+        c=CAST_S_table2[(t>>24)&0xff]; \
+        d=CAST_S_table3[(t>>16)&0xff]; \
+        L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
+        }
+#endif
+
+OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256];
diff --git a/src/lib/libcrypto/cast/cast_s.h b/src/lib/libcrypto/cast/cast_s.h
new file mode 100644
index 0000000000..c483fd5e43
--- /dev/null
+++ b/src/lib/libcrypto/cast/cast_s.h
@@ -0,0 +1,585 @@
+/* crypto/cast/cast_s.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={
+        0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
+        0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
+        0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
+        0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,
+        0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,
+        0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,
+        0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f,
+        0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0,
+        0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de,
+        0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7,
+        0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f,
+        0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935,
+        0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d,
+        0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d,
+        0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165,
+        0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50,
+        0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272,
+        0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe,
+        0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d,
+        0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3,
+        0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a,
+        0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167,
+        0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f,
+        0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291,
+        0xd7894360,0x425c750d,0x93b39e26,0x187184c9,
+        0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779,
+        0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6,
+        0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2,
+        0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9,
+        0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511,
+        0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e,
+        0x31366241,0x051ef495,0xaa573b04,0x4a805d8d,
+        0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e,
+        0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5,
+        0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82,
+        0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324,
+        0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac,
+        0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c,
+        0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f,
+        0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc,
+        0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491,
+        0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d,
+        0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de,
+        0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96,
+        0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a,
+        0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a,
+        0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79,
+        0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d,
+        0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779,
+        0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd,
+        0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755,
+        0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6,
+        0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb,
+        0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9,
+        0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0,
+        0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872,
+        0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79,
+        0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c,
+        0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298,
+        0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e,
+        0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571,
+        0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9,
+        0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,
+        0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,
+        };
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={
+        0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,
+        0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,
+        0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,
+        0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3,
+        0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909,
+        0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb,
+        0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b,
+        0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806,
+        0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4,
+        0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b,
+        0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f,
+        0x62143154,0x0d554b63,0x5d681121,0xc866c359,
+        0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21,
+        0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b,
+        0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d,
+        0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c,
+        0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f,
+        0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34,
+        0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d,
+        0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb,
+        0xe8256333,0x844e8212,0x128d8098,0xfed33fb4,
+        0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd,
+        0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801,
+        0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860,
+        0x54f03084,0x066ff472,0xa31aa153,0xdadc4755,
+        0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b,
+        0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709,
+        0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304,
+        0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b,
+        0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b,
+        0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c,
+        0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf,
+        0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9,
+        0x0beeff53,0xe3214517,0xb4542835,0x9f63293c,
+        0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3,
+        0xf33401c6,0x30a22c95,0x31a70850,0x60930f13,
+        0x73f98417,0xa1269859,0xec645c44,0x52c877a9,
+        0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f,
+        0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab,
+        0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6,
+        0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4,
+        0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6,
+        0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43,
+        0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58,
+        0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8,
+        0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906,
+        0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171,
+        0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d,
+        0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89,
+        0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6,
+        0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b,
+        0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4,
+        0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb,
+        0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6,
+        0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e,
+        0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f,
+        0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea,
+        0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249,
+        0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea,
+        0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa,
+        0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd,
+        0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9,
+        0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,
+        0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,
+        };
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={
+        0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,
+        0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,
+        0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,
+        0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5,
+        0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e,
+        0xb9afa820,0xfade82e0,0xa067268b,0x8272792e,
+        0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc,
+        0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240,
+        0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e,
+        0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5,
+        0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f,
+        0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b,
+        0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99,
+        0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71,
+        0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f,
+        0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04,
+        0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380,
+        0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82,
+        0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8,
+        0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15,
+        0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504,
+        0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2,
+        0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6,
+        0x94fd6574,0x927985b2,0x8276dbcb,0x02778176,
+        0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e,
+        0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148,
+        0xef303cab,0x984faf28,0x779faf9b,0x92dc560d,
+        0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc,
+        0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1,
+        0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341,
+        0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c,
+        0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e,
+        0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15,
+        0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51,
+        0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4,
+        0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f,
+        0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b,
+        0x6d498623,0x193cbcfa,0x27627545,0x825cf47a,
+        0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392,
+        0x10428db7,0x8272a972,0x9270c4a8,0x127de50b,
+        0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231,
+        0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b,
+        0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889,
+        0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5,
+        0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67,
+        0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45,
+        0x3a609437,0xec00c9a9,0x44715253,0x0a874b49,
+        0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536,
+        0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d,
+        0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc,
+        0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d,
+        0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0,
+        0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e,
+        0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69,
+        0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767,
+        0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2,
+        0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce,
+        0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49,
+        0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24,
+        0xaf96da0f,0x68458425,0x99833be5,0x600d457d,
+        0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0,
+        0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a,
+        0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,
+        0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,
+        };
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={
+        0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,
+        0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,
+        0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,
+        0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf,
+        0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220,
+        0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15,
+        0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe,
+        0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121,
+        0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701,
+        0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25,
+        0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b,
+        0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5,
+        0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93,
+        0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb,
+        0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746,
+        0xc9335400,0x6920318f,0x081dbb99,0xffc304a5,
+        0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9,
+        0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d,
+        0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb,
+        0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6,
+        0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c,
+        0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23,
+        0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7,
+        0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003,
+        0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340,
+        0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6,
+        0xe756bdff,0xdd3369ac,0xec17b035,0x06572327,
+        0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119,
+        0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec,
+        0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24,
+        0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205,
+        0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a,
+        0x6701902c,0x9b757a54,0x31d477f7,0x9126b031,
+        0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79,
+        0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5,
+        0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df,
+        0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c,
+        0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26,
+        0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69,
+        0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab,
+        0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9,
+        0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7,
+        0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff,
+        0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417,
+        0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3,
+        0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2,
+        0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2,
+        0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2,
+        0x109873f6,0x00613096,0xc32d9521,0xada121ff,
+        0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a,
+        0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091,
+        0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919,
+        0x77079103,0xdea03af6,0x78a8565e,0xdee356df,
+        0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef,
+        0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf,
+        0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876,
+        0x39e4460c,0x1fda8538,0x1987832f,0xca007367,
+        0xa99144f8,0x296b299e,0x492fc295,0x9266beab,
+        0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c,
+        0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04,
+        0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43,
+        0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282,
+        0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,
+        0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,
+        };
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={
+        0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,
+        0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,
+        0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,
+        0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a,
+        0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180,
+        0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff,
+        0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2,
+        0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02,
+        0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725,
+        0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a,
+        0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b,
+        0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7,
+        0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571,
+        0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9,
+        0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec,
+        0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981,
+        0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea,
+        0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774,
+        0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263,
+        0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655,
+        0x911e739a,0x17af8975,0x32c7911c,0x89f89468,
+        0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2,
+        0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b,
+        0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910,
+        0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284,
+        0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1,
+        0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4,
+        0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da,
+        0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7,
+        0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049,
+        0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce,
+        0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f,
+        0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6,
+        0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba,
+        0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4,
+        0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be,
+        0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561,
+        0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3,
+        0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6,
+        0x309e374f,0x2cb6356a,0x85808573,0x4991f840,
+        0x76f0ae02,0x083be84d,0x28421c9a,0x44489406,
+        0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4,
+        0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472,
+        0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2,
+        0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487,
+        0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7,
+        0x445f7382,0x175683f4,0xcdc66a97,0x70be0288,
+        0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5,
+        0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2,
+        0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e,
+        0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78,
+        0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e,
+        0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76,
+        0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801,
+        0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0,
+        0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad,
+        0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58,
+        0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0,
+        0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2,
+        0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20,
+        0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be,
+        0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8,
+        0xe822fe15,0x88570983,0x750e6249,0xda627e55,
+        0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,
+        };
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={
+        0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,
+        0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,
+        0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,
+        0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138,
+        0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e,
+        0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367,
+        0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866,
+        0xa084db2d,0x09a8486f,0xa888614a,0x2900af98,
+        0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c,
+        0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072,
+        0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd,
+        0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3,
+        0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53,
+        0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd,
+        0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d,
+        0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8,
+        0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf,
+        0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9,
+        0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807,
+        0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54,
+        0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a,
+        0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387,
+        0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563,
+        0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc,
+        0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0,
+        0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf,
+        0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be,
+        0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf,
+        0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0,
+        0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f,
+        0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2,
+        0x372b74af,0x692573e4,0xe9a9d848,0xf3160289,
+        0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853,
+        0x20951063,0x4576698d,0xb6fad407,0x592af950,
+        0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa,
+        0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f,
+        0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9,
+        0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b,
+        0x7dede786,0xc39a3373,0x42410005,0x6a091751,
+        0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be,
+        0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358,
+        0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13,
+        0x8cf63166,0x061c87be,0x88c98f88,0x6062e397,
+        0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976,
+        0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459,
+        0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0,
+        0x3007cd3e,0x74719eef,0xdc872681,0x073340d4,
+        0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891,
+        0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f,
+        0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da,
+        0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb,
+        0xe2969123,0x257f0c3d,0x9348af49,0x361400bc,
+        0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2,
+        0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084,
+        0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab,
+        0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25,
+        0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b,
+        0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121,
+        0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b,
+        0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5,
+        0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855,
+        0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd,
+        0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,
+        0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,
+        };
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={
+        0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,
+        0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,
+        0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,
+        0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de,
+        0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd,
+        0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43,
+        0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f,
+        0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19,
+        0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9,
+        0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2,
+        0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e,
+        0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516,
+        0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83,
+        0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88,
+        0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e,
+        0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816,
+        0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a,
+        0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756,
+        0xc06eba30,0x07211b24,0x45c28829,0xc95e317f,
+        0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a,
+        0xad4ebc46,0x468f508b,0x7829435f,0xf124183b,
+        0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264,
+        0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78,
+        0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688,
+        0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d,
+        0xf7debb85,0x61fe033c,0x16746233,0x3c034c28,
+        0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802,
+        0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3,
+        0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9,
+        0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7,
+        0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302,
+        0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06,
+        0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858,
+        0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033,
+        0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a,
+        0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a,
+        0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4,
+        0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566,
+        0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df,
+        0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509,
+        0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9,
+        0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962,
+        0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c,
+        0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e,
+        0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07,
+        0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c,
+        0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939,
+        0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c,
+        0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e,
+        0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285,
+        0x74904698,0x4c2b0edd,0x4f757656,0x5d393378,
+        0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301,
+        0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd,
+        0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be,
+        0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567,
+        0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767,
+        0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2,
+        0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647,
+        0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf,
+        0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914,
+        0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2,
+        0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c,
+        0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,
+        0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,
+        };
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={
+        0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,
+        0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,
+        0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,
+        0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc,
+        0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940,
+        0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd,
+        0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42,
+        0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d,
+        0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164,
+        0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2,
+        0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4,
+        0x38129022,0xce949ad4,0xb84769ad,0x965bd862,
+        0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0,
+        0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc,
+        0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6,
+        0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c,
+        0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491,
+        0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e,
+        0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b,
+        0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039,
+        0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8,
+        0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8,
+        0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006,
+        0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42,
+        0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564,
+        0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5,
+        0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab,
+        0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472,
+        0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc,
+        0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225,
+        0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8,
+        0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c,
+        0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441,
+        0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb,
+        0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f,
+        0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054,
+        0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504,
+        0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70,
+        0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c,
+        0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc,
+        0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6,
+        0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c,
+        0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd,
+        0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3,
+        0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4,
+        0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4,
+        0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc,
+        0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101,
+        0x730edebc,0x5b643113,0x94917e4f,0x503c2fba,
+        0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f,
+        0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf,
+        0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e,
+        0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603,
+        0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a,
+        0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37,
+        0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c,
+        0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819,
+        0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384,
+        0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,
+        0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,
+        0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,
+        0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,
+        0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,
+        0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,
+        };
diff --git a/src/lib/libcrypto/comp/Makefile.ssl b/src/lib/libcrypto/comp/Makefile.ssl
new file mode 100644
index 0000000000..f70ba1b285
--- /dev/null
+++ b/src/lib/libcrypto/comp/Makefile.ssl
@@ -0,0 +1,114 @@
+#
+# SSLeay/crypto/comp/Makefile
+#
+
+DIR=    comp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= comp_lib.c comp_err.c \
+        c_rle.c c_zlib.c
+
+LIBOBJ= comp_lib.o comp_err.o \
+        c_rle.o c_zlib.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= comp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_rle.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
+c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_zlib.o: c_zlib.c
+comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
+comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+comp_err.o: ../../include/openssl/opensslconf.h
+comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+comp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+comp_err.o: comp_err.c
+comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+comp_lib.o: ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
diff --git a/src/lib/libcrypto/comp/c_rle.c b/src/lib/libcrypto/comp/c_rle.c
new file mode 100644
index 0000000000..efd366fa22
--- /dev/null
+++ b/src/lib/libcrypto/comp/c_rle.c
@@ -0,0 +1,62 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+
+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
+        unsigned int olen, unsigned char *in, unsigned int ilen);
+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
+        unsigned int olen, unsigned char *in, unsigned int ilen);
+
+static COMP_METHOD rle_method={
+        NID_rle_compression,
+        LN_rle_compression,
+        NULL,
+        NULL,
+        rle_compress_block,
+        rle_expand_block,
+        NULL,
+        NULL,
+        };
+
+COMP_METHOD *COMP_rle(void)
+        {
+        return(&rle_method);
+        }
+
+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
+             unsigned int olen, unsigned char *in, unsigned int ilen)
+        {
+        /* int i; */
+
+        if (olen < (ilen+1))
+                {
+                /* ZZZZZZZZZZZZZZZZZZZZZZ */
+                return(-1);
+                }
+
+        *(out++)=0;
+        memcpy(out,in,ilen);
+        return(ilen+1);
+        }
+
+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
+             unsigned int olen, unsigned char *in, unsigned int ilen)
+        {
+        int i;
+
+        if (olen < (ilen-1))
+                {
+                /* ZZZZZZZZZZZZZZZZZZZZZZ */
+                return(-1);
+                }
+
+        i= *(in++);
+        if (i == 0)
+                {
+                memcpy(out,in,ilen-1);
+                }
+        return(ilen-1);
+        }
+
diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c
new file mode 100644
index 0000000000..1bd2850d15
--- /dev/null
+++ b/src/lib/libcrypto/comp/c_zlib.c
@@ -0,0 +1,271 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include <openssl/err.h>
+
+COMP_METHOD *COMP_zlib(void );
+
+static COMP_METHOD zlib_method_nozlib={
+        NID_undef,
+        "(undef)",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        };
+
+#ifndef ZLIB
+#undef ZLIB_SHARED
+#else
+
+#include <zlib.h>
+
+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
+        unsigned int olen, unsigned char *in, unsigned int ilen);
+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
+        unsigned int olen, unsigned char *in, unsigned int ilen);
+
+static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
+        uLong sourceLen);
+
+static COMP_METHOD zlib_method={
+        NID_zlib_compression,
+        LN_zlib_compression,
+        NULL,
+        NULL,
+        zlib_compress_block,
+        zlib_expand_block,
+        NULL,
+        NULL,
+        };
+
+/* 
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the ZLIB.DLL be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all ZLIB routines are loaded at run time
+ * and we do not link to a .LIB file.
+ */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+# include <windows.h>
+
+# define Z_CALLCONV _stdcall
+# define ZLIB_SHARED
+#else
+# define Z_CALLCONV
+#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
+
+#ifdef ZLIB_SHARED
+#include <openssl/dso.h>
+
+/* Prototypes for built in stubs */
+static int stub_compress(Bytef *dest,uLongf *destLen,
+        const Bytef *source, uLong sourceLen);
+static int stub_inflateEnd(z_streamp strm);
+static int stub_inflate(z_streamp strm, int flush);
+static int stub_inflateInit_(z_streamp strm, const char * version,
+        int stream_size);
+
+/* Function pointers */
+typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+        const Bytef *source, uLong sourceLen);
+typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
+typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
+typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+        const char * version, int stream_size);
+static compress_ft      p_compress=NULL;
+static inflateEnd_ft    p_inflateEnd=NULL;
+static inflate_ft       p_inflate=NULL;
+static inflateInit__ft  p_inflateInit_=NULL;
+
+static int zlib_loaded = 0;     /* only attempt to init func pts once */
+static DSO *zlib_dso = NULL;
+
+#define compress                stub_compress
+#define inflateEnd              stub_inflateEnd
+#define inflate                 stub_inflate
+#define inflateInit_            stub_inflateInit_
+#endif /* ZLIB_SHARED */
+
+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
+             unsigned int olen, unsigned char *in, unsigned int ilen)
+        {
+        unsigned long l;
+        int i;
+        int clear=1;
+
+        if (ilen > 128)
+                {
+                out[0]=1;
+                l=olen-1;
+                i=compress(&(out[1]),&l,in,(unsigned long)ilen);
+                if (i != Z_OK)
+                        return(-1);
+                if (ilen > l)
+                        {
+                        clear=0;
+                        l++;
+                        }
+                }
+        if (clear)
+                {
+                out[0]=0;
+                memcpy(&(out[1]),in,ilen);
+                l=ilen+1;
+                }
+#ifdef DEBUG_ZLIB
+        fprintf(stderr,"compress(%4d)->%4d %s\n",
+                ilen,(int)l,(clear)?"clear":"zlib");
+#endif
+        return((int)l);
+        }
+
+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
+             unsigned int olen, unsigned char *in, unsigned int ilen)
+        {
+        unsigned long l;
+        int i;
+
+        if (in[0])
+                {
+                l=olen;
+                i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1);
+                if (i != Z_OK)
+                        return(-1);
+                }
+        else
+                {
+                memcpy(out,&(in[1]),ilen-1);
+                l=ilen-1;
+                }
+#ifdef DEBUG_ZLIB
+        fprintf(stderr,"expand  (%4d)->%4d %s\n",
+                ilen,(int)l,in[0]?"zlib":"clear");
+#endif
+        return((int)l);
+        }
+
+static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
+             uLong sourceLen)
+{
+    z_stream stream;
+    int err;
+
+    stream.next_in = (Bytef*)source;
+    stream.avail_in = (uInt)sourceLen;
+    /* Check for source > 64K on 16-bit machine: */
+    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
+
+    stream.next_out = dest;
+    stream.avail_out = (uInt)*destLen;
+    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
+
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+
+    err = inflateInit(&stream);
+    if (err != Z_OK) return err;
+
+    err = inflate(&stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        inflateEnd(&stream);
+        return err;
+    }
+    *destLen = stream.total_out;
+
+    err = inflateEnd(&stream);
+    return err;
+}
+
+#endif
+
+COMP_METHOD *COMP_zlib(void)
+        {
+        COMP_METHOD *meth = &zlib_method_nozlib;
+
+#ifdef ZLIB_SHARED
+        if (!zlib_loaded)
+                {
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+                zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
+                if (!zlib_dso)
+                        {
+                        zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
+                        if (zlib_dso)
+                                {
+                                /* Clear the errors from the first failed
+                                   DSO_load() */
+                                ERR_clear_error();
+                                }
+                        }
+#else
+                zlib_dso = DSO_load(NULL, "z", NULL, 0);
+#endif
+                if (zlib_dso != NULL)
+                        {
+                        p_compress
+                                = (compress_ft) DSO_bind_func(zlib_dso,
+                                        "compress");
+                        p_inflateEnd
+                                = (inflateEnd_ft) DSO_bind_func(zlib_dso,
+                                        "inflateEnd");
+                        p_inflate
+                                = (inflate_ft) DSO_bind_func(zlib_dso,
+                                        "inflate");
+                        p_inflateInit_
+                                = (inflateInit__ft) DSO_bind_func(zlib_dso,
+                                        "inflateInit_");
+                        zlib_loaded++;
+                        }
+                }
+
+#endif
+#if defined(ZLIB) || defined(ZLIB_SHARED)
+        meth = &zlib_method;
+#endif
+
+        return(meth);
+        }
+
+#ifdef ZLIB_SHARED
+/* Stubs for each function to be dynamicly loaded */
+static int 
+stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
+        {
+        if (p_compress)
+                return(p_compress(dest,destLen,source,sourceLen));
+        else
+                return(Z_MEM_ERROR);
+        }
+
+static int
+stub_inflateEnd(z_streamp strm)
+        {
+        if ( p_inflateEnd )
+                return(p_inflateEnd(strm));
+        else
+                return(Z_MEM_ERROR);
+        }
+
+static int
+stub_inflate(z_streamp strm, int flush)
+        {
+        if ( p_inflate )
+                return(p_inflate(strm,flush));
+        else
+                return(Z_MEM_ERROR);
+        }
+
+static int
+stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
+        {
+        if ( p_inflateInit_ )
+                return(p_inflateInit_(strm,version,stream_size));
+        else
+                return(Z_MEM_ERROR);
+        }
+
+#endif /* ZLIB_SHARED */
diff --git a/src/lib/libcrypto/comp/comp.h b/src/lib/libcrypto/comp/comp.h
new file mode 100644
index 0000000000..ab48b78ae9
--- /dev/null
+++ b/src/lib/libcrypto/comp/comp.h
@@ -0,0 +1,59 @@
+
+#ifndef HEADER_COMP_H
+#define HEADER_COMP_H
+
+#include <openssl/crypto.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct comp_method_st
+        {
+        int type;               /* NID for compression library */
+        const char *name;       /* A text string to identify the library */
+        int (*init)();
+        void (*finish)();
+        int (*compress)();
+        int (*expand)();
+        long (*ctrl)();
+        long (*callback_ctrl)();
+        } COMP_METHOD;
+
+typedef struct comp_ctx_st
+        {
+        COMP_METHOD *meth;
+        unsigned long compress_in;
+        unsigned long compress_out;
+        unsigned long expand_in;
+        unsigned long expand_out;
+
+        CRYPTO_EX_DATA  ex_data;
+        } COMP_CTX;
+
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+        unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+        unsigned char *in, int ilen);
+COMP_METHOD *COMP_rle(void );
+COMP_METHOD *COMP_zlib(void );
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_COMP_strings(void);
+
+/* Error codes for the COMP functions. */
+
+/* Function codes. */
+
+/* Reason codes. */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/comp/comp_err.c b/src/lib/libcrypto/comp/comp_err.c
new file mode 100644
index 0000000000..1652b8c2c4
--- /dev/null
+++ b/src/lib/libcrypto/comp/comp_err.c
@@ -0,0 +1,92 @@
+/* crypto/comp/comp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/comp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA COMP_str_functs[]=
+        {
+{0,NULL}
+        };
+
+static ERR_STRING_DATA COMP_str_reasons[]=
+        {
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_COMP_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_COMP,COMP_str_functs);
+                ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/comp/comp_lib.c b/src/lib/libcrypto/comp/comp_lib.c
new file mode 100644
index 0000000000..beb98ce8cc
--- /dev/null
+++ b/src/lib/libcrypto/comp/comp_lib.c
@@ -0,0 +1,78 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
+        {
+        COMP_CTX *ret;
+
+        if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)
+                {
+                /* ZZZZZZZZZZZZZZZZ */
+                return(NULL);
+                }
+        memset(ret,0,sizeof(COMP_CTX));
+        ret->meth=meth;
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+#if 0
+        else
+                CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
+#endif
+        return(ret);
+        }
+
+void COMP_CTX_free(COMP_CTX *ctx)
+        {
+        /* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */
+
+        if(ctx == NULL)
+            return;
+
+        if (ctx->meth->finish != NULL)
+                ctx->meth->finish(ctx);
+
+        OPENSSL_free(ctx);
+        }
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+             unsigned char *in, int ilen)
+        {
+        int ret;
+        if (ctx->meth->compress == NULL)
+                {
+                /* ZZZZZZZZZZZZZZZZZ */
+                return(-1);
+                }
+        ret=ctx->meth->compress(ctx,out,olen,in,ilen);
+        if (ret > 0)
+                {
+                ctx->compress_in+=ilen;
+                ctx->compress_out+=ret;
+                }
+        return(ret);
+        }
+
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+             unsigned char *in, int ilen)
+        {
+        int ret;
+
+        if (ctx->meth->expand == NULL)
+                {
+                /* ZZZZZZZZZZZZZZZZZ */
+                return(-1);
+                }
+        ret=ctx->meth->expand(ctx,out,olen,in,ilen);
+        if (ret > 0)
+                {
+                ctx->expand_in+=ilen;
+                ctx->expand_out+=ret;
+                }
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/conf/Makefile.ssl b/src/lib/libcrypto/conf/Makefile.ssl
new file mode 100644
index 0000000000..c5873bc6e7
--- /dev/null
+++ b/src/lib/libcrypto/conf/Makefile.ssl
@@ -0,0 +1,183 @@
+#
+# SSLeay/crypto/conf/Makefile
+#
+
+DIR=    conf
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+         conf_mall.c conf_sap.c
+
+LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
+        conf_mall.o conf_sap.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= conf.h conf_api.h
+HEADER= conf_def.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_api.o: conf_api.c
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_def.o: ../cryptlib.h conf_def.c conf_def.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_err.o: ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_err.o: conf_err.c
+conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_lib.o: conf_lib.c
+conf_mall.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mall.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mall.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mall.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mall.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mall.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_mall.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_mall.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_mall.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/opensslconf.h
+conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_mall.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_mall.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_mall.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c
+conf_mod.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mod.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mod.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mod.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mod.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mod.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mod.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+conf_mod.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+conf_mod.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+conf_mod.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+conf_mod.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_mod.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+conf_mod.o: ../cryptlib.h conf_mod.c
+conf_sap.o: ../../e_os.h ../../include/openssl/aes.h
+conf_sap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_sap.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_sap.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_sap.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_sap.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_sap.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_sap.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_sap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_sap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_sap.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c
diff --git a/src/lib/libcrypto/conf/README b/src/lib/libcrypto/conf/README
new file mode 100644
index 0000000000..ca58d0240f
--- /dev/null
+++ b/src/lib/libcrypto/conf/README
@@ -0,0 +1,78 @@
+WARNING WARNING WARNING!!!
+
+This stuff is experimental, may change radically or be deleted altogether
+before OpenSSL 0.9.7 release. You have been warned!
+
+Configuration modules. These are a set of modules which can perform
+various configuration functions.
+
+Currently the routines should be called at most once when an application
+starts up: that is before it starts any threads.
+
+The routines read a configuration file set up like this:
+
+-----
+#default section
+openssl_init=init_section
+
+[init_section]
+
+module1=value1
+#Second instance of module1
+module1.1=valueX
+module2=value2
+module3=dso_literal
+module4=dso_section
+
+[dso_section]
+
+path=/some/path/to/some/dso.so
+other_stuff=other_value
+----
+
+When this file is loaded a configuration module with the specified
+string (module* in the above example) is looked up and its init
+function called as:
+
+int conf_init_func(CONF_IMODULE *md, CONF *cnf);
+
+The function can then take whatever action is appropriate, for example
+further lookups based on the value. Multiple instances of the same 
+config module can be loaded.
+
+When the application closes down the modules are cleaned up by calling
+an optional finish function:
+
+void conf_finish_func(CONF_IMODULE *md);
+
+The finish functions are called in reverse order: that is the last module
+loaded is the first one cleaned up.
+
+If no module exists with a given name then an attempt is made to load
+a DSO with the supplied name. This might mean that "module3" attempts
+to load a DSO called libmodule3.so or module3.dll for example. An explicit
+DSO name can be given by including a separate section as in the module4 example
+above.
+
+The DSO is expected to at least contain an initialization function:
+
+int OPENSSL_init(CONF_IMODULE *md, CONF *cnf);
+
+and may also include a finish function:
+
+void OPENSSL_finish(CONF_IMODULE *md);
+
+Static modules can also be added using,
+
+int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);
+
+where "name" is the name in the configuration file this function corresponds to.
+
+A set of builtin modules (currently only an ASN1 non functional test module) can be 
+added by calling OPENSSL_load_builtin_modules(). 
+
+The function OPENSSL_config() is intended as a simple configuration function that
+any application can call to perform various default configuration tasks. It uses the
+file openssl.cnf in the usual locations.
+
+
diff --git a/src/lib/libcrypto/conf/conf.h b/src/lib/libcrypto/conf/conf.h
new file mode 100644
index 0000000000..f4671442ab
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf.h
@@ -0,0 +1,250 @@
+/* crypto/conf/conf.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef  HEADER_CONF_H
+#define HEADER_CONF_H
+
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct
+        {
+        char *section;
+        char *name;
+        char *value;
+        } CONF_VALUE;
+
+DECLARE_STACK_OF(CONF_VALUE)
+DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_STACK_OF(CONF_IMODULE)
+
+struct conf_st;
+typedef struct conf_st CONF;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st
+        {
+        const char *name;
+        CONF *(*create)(CONF_METHOD *meth);
+        int (*init)(CONF *conf);
+        int (*destroy)(CONF *conf);
+        int (*destroy_data)(CONF *conf);
+        int (*load_bio)(CONF *conf, BIO *bp, long *eline);
+        int (*dump)(const CONF *conf, BIO *bp);
+        int (*is_number)(const CONF *conf, char c);
+        int (*to_int)(const CONF *conf, char c);
+        int (*load)(CONF *conf, const char *name, long *eline);
+        };
+
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+/* DSO module function typedefs */
+typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func(CONF_IMODULE *md);
+
+#define CONF_MFLAGS_IGNORE_ERRORS       0x1
+#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
+#define CONF_MFLAGS_SILENT              0x4
+#define CONF_MFLAGS_NO_DSO              0x8
+#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf,LHASH *hash);
+LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+#ifndef OPENSSL_NO_FP_API
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+#endif
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
+char *CONF_get_string(LHASH *conf,const char *group,const char *name);
+long CONF_get_number(LHASH *conf,const char *group,const char *name);
+void CONF_free(LHASH *conf);
+int CONF_dump_fp(LHASH *conf, FILE *out);
+int CONF_dump_bio(LHASH *conf, BIO *out);
+
+void OPENSSL_config(const char *config_name);
+void OPENSSL_no_config(void);
+
+/* New conf code.  The semantics are different from the functions above.
+   If that wasn't the case, the above functions would have been replaced */
+
+struct conf_st
+        {
+        CONF_METHOD *meth;
+        void *meth_data;
+        LHASH *data;
+        };
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+#if 0 /* Just to give you an idea of what I have in mind */
+CONF_METHOD *NCONF_XML(void);
+#endif
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf,const char *file,long *eline);
+#ifndef OPENSSL_NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
+#endif
+int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
+char *NCONF_get_string(const CONF *conf,const char *group,const char *name);
+int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
+                       long *result);
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#if 0 /* The following function has no error checking,
+         and should therefore be avoided */
+long NCONF_get_number(CONF *conf,char *group,char *name);
+#else
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+#endif
+  
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+void CONF_modules_free(void);
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+        int (*list_cb)(const char *elem, int len, void *usr), void *arg);
+
+void OPENSSL_load_builtin_modules(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CONF_strings(void);
+
+/* Error codes for the CONF functions. */
+
+/* Function codes. */
+#define CONF_F_CONF_DUMP_FP                              104
+#define CONF_F_CONF_LOAD                                 100
+#define CONF_F_CONF_LOAD_BIO                             102
+#define CONF_F_CONF_LOAD_FP                              103
+#define CONF_F_CONF_MODULES_LOAD                         116
+#define CONF_F_MODULE_INIT                               115
+#define CONF_F_MODULE_LOAD_DSO                           117
+#define CONF_F_MODULE_RUN                                118
+#define CONF_F_NCONF_DUMP_BIO                            105
+#define CONF_F_NCONF_DUMP_FP                             106
+#define CONF_F_NCONF_GET_NUMBER                          107
+#define CONF_F_NCONF_GET_NUMBER_E                        112
+#define CONF_F_NCONF_GET_SECTION                         108
+#define CONF_F_NCONF_GET_STRING                          109
+#define CONF_F_NCONF_LOAD                                113
+#define CONF_F_NCONF_LOAD_BIO                            110
+#define CONF_F_NCONF_LOAD_FP                             114
+#define CONF_F_NCONF_NEW                                 111
+#define CONF_F_STR_COPY                                  101
+
+/* Reason codes. */
+#define CONF_R_ERROR_LOADING_DSO                         110
+#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
+#define CONF_R_MISSING_EQUAL_SIGN                        101
+#define CONF_R_MISSING_FINISH_FUNCTION                   111
+#define CONF_R_MISSING_INIT_FUNCTION                     112
+#define CONF_R_MODULE_INITIALIZATION_ERROR               109
+#define CONF_R_NO_CLOSE_BRACE                            102
+#define CONF_R_NO_CONF                                   105
+#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE           106
+#define CONF_R_NO_SECTION                                107
+#define CONF_R_NO_SUCH_FILE                              114
+#define CONF_R_NO_VALUE                                  108
+#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
+#define CONF_R_UNKNOWN_MODULE_NAME                       113
+#define CONF_R_VARIABLE_HAS_NO_VALUE                     104
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c
new file mode 100644
index 0000000000..0032baa711
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_api.c
@@ -0,0 +1,308 @@
+/* conf_api.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#ifndef CONF_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "e_os.h"
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
+/* We don't use function pointer casting or wrapper functions - but cast each
+ * callback parameter inside the callback functions. */
+/* static unsigned long hash(CONF_VALUE *v); */
+static unsigned long hash(const void *v_void);
+/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
+static int cmp_conf(const void *a_void,const void *b_void);
+
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
+        {
+        CONF_VALUE *v,vv;
+
+        if ((conf == NULL) || (section == NULL)) return(NULL);
+        vv.name=NULL;
+        vv.section=(char *)section;
+        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+        return(v);
+        }
+
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section)
+        {
+        CONF_VALUE *v;
+
+        v=_CONF_get_section(conf,section);
+        if (v != NULL)
+                return((STACK_OF(CONF_VALUE) *)v->value);
+        else
+                return(NULL);
+        }
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
+        {
+        CONF_VALUE *v = NULL;
+        STACK_OF(CONF_VALUE) *ts;
+
+        ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+        value->section=section->section;        
+        if (!sk_CONF_VALUE_push(ts,value))
+                {
+                return 0;
+                }
+
+        v = (CONF_VALUE *)lh_insert(conf->data, value);
+        if (v != NULL)
+                {
+                sk_CONF_VALUE_delete_ptr(ts,v);
+                OPENSSL_free(v->name);
+                OPENSSL_free(v->value);
+                OPENSSL_free(v);
+                }
+        return 1;
+        }
+
+char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
+        {
+        CONF_VALUE *v,vv;
+        char *p;
+
+        if (name == NULL) return(NULL);
+        if (conf != NULL)
+                {
+                if (section != NULL)
+                        {
+                        vv.name=(char *)name;
+                        vv.section=(char *)section;
+                        v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                        if (v != NULL) return(v->value);
+                        if (strcmp(section,"ENV") == 0)
+                                {
+                                p=Getenv(name);
+                                if (p != NULL) return(p);
+                                }
+                        }
+                vv.section="default";
+                vv.name=(char *)name;
+                v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+                if (v != NULL)
+                        return(v->value);
+                else
+                        return(NULL);
+                }
+        else
+                return(Getenv(name));
+        }
+
+#if 0 /* There's no way to provide error checking with this function, so
+         force implementors of the higher levels to get a string and read
+         the number themselves. */
+long _CONF_get_number(CONF *conf, char *section, char *name)
+        {
+        char *str;
+        long ret=0;
+
+        str=_CONF_get_string(conf,section,name);
+        if (str == NULL) return(0);
+        for (;;)
+                {
+                if (conf->meth->is_number(conf, *str))
+                        ret=ret*10+conf->meth->to_int(conf, *str);
+                else
+                        return(ret);
+                str++;
+                }
+        }
+#endif
+
+int _CONF_new_data(CONF *conf)
+        {
+        if (conf == NULL)
+                {
+                return 0;
+                }
+        if (conf->data == NULL)
+                if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
+                        {
+                        return 0;
+                        }
+        return 1;
+        }
+
+void _CONF_free_data(CONF *conf)
+        {
+        if (conf == NULL || conf->data == NULL) return;
+
+        conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
+                                  * works as expected */
+        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
+                        conf->data);
+
+        /* We now have only 'section' entries in the hash table.
+         * Due to problems with */
+
+        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
+                        conf->data);
+        lh_free(conf->data);
+        }
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+        {
+        if (a->name != NULL)
+                {
+                a=(CONF_VALUE *)lh_delete(conf,a);
+                }
+        }
+
+static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+        {
+        CONF_VALUE *vv;
+        STACK *sk;
+        int i;
+
+        if (a->name != NULL) return;
+
+        sk=(STACK *)a->value;
+        for (i=sk_num(sk)-1; i>=0; i--)
+                {
+                vv=(CONF_VALUE *)sk_value(sk,i);
+                OPENSSL_free(vv->value);
+                OPENSSL_free(vv->name);
+                OPENSSL_free(vv);
+                }
+        if (sk != NULL) sk_free(sk);
+        OPENSSL_free(a->section);
+        OPENSSL_free(a);
+        }
+
+/* static unsigned long hash(CONF_VALUE *v) */
+static unsigned long hash(const void *v_void)
+        {
+        CONF_VALUE *v = (CONF_VALUE *)v_void;
+        return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
+        }
+
+/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
+static int cmp_conf(const void *a_void,const  void *b_void)
+        {
+        int i;
+        CONF_VALUE *a = (CONF_VALUE *)a_void;
+        CONF_VALUE *b = (CONF_VALUE *)b_void;
+
+        if (a->section != b->section)
+                {
+                i=strcmp(a->section,b->section);
+                if (i) return(i);
+                }
+
+        if ((a->name != NULL) && (b->name != NULL))
+                {
+                i=strcmp(a->name,b->name);
+                return(i);
+                }
+        else if (a->name == b->name)
+                return(0);
+        else
+                return((a->name == NULL)?-1:1);
+        }
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
+        {
+        STACK *sk=NULL;
+        int ok=0,i;
+        CONF_VALUE *v=NULL,*vv;
+
+        if ((sk=sk_new_null()) == NULL)
+                goto err;
+        if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+                goto err;
+        i=strlen(section)+1;
+        if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
+                goto err;
+
+        memcpy(v->section,section,i);
+        v->name=NULL;
+        v->value=(char *)sk;
+        
+        vv=(CONF_VALUE *)lh_insert(conf->data,v);
+        assert(vv == NULL);
+        ok=1;
+err:
+        if (!ok)
+                {
+                if (sk != NULL) sk_free(sk);
+                if (v != NULL) OPENSSL_free(v);
+                v=NULL;
+                }
+        return(v);
+        }
+
+IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/src/lib/libcrypto/conf/conf_api.h b/src/lib/libcrypto/conf/conf_api.h
new file mode 100644
index 0000000000..87a954aff6
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_api.h
@@ -0,0 +1,89 @@
+/* conf_api.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef  HEADER_CONF_API_H
+#define HEADER_CONF_API_H
+
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name);
+long _CONF_get_number(const CONF *conf, const char *section, const char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
new file mode 100644
index 0000000000..b5a876ae68
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -0,0 +1,745 @@
+/* crypto/conf/conf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "conf_def.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include "cryptlib.h"
+
+static char *eat_ws(CONF *conf, char *p);
+static char *eat_alpha_numeric(CONF *conf, char *p);
+static void clear_comments(CONF *conf, char *p);
+static int str_copy(CONF *conf,char *section,char **to, char *from);
+static char *scan_quote(CONF *conf, char *p);
+static char *scan_dquote(CONF *conf, char *p);
+#define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+
+static CONF *def_create(CONF_METHOD *meth);
+static int def_init_default(CONF *conf);
+static int def_init_WIN32(CONF *conf);
+static int def_destroy(CONF *conf);
+static int def_destroy_data(CONF *conf);
+static int def_load(CONF *conf, const char *name, long *eline);
+static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_dump(const CONF *conf, BIO *bp);
+static int def_is_number(const CONF *conf, char c);
+static int def_to_int(const CONF *conf, char c);
+
+const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD default_method = {
+        "OpenSSL default",
+        def_create,
+        def_init_default,
+        def_destroy,
+        def_destroy_data,
+        def_load_bio,
+        def_dump,
+        def_is_number,
+        def_to_int,
+        def_load
+        };
+
+static CONF_METHOD WIN32_method = {
+        "WIN32",
+        def_create,
+        def_init_WIN32,
+        def_destroy,
+        def_destroy_data,
+        def_load_bio,
+        def_dump,
+        def_is_number,
+        def_to_int,
+        def_load
+        };
+
+CONF_METHOD *NCONF_default()
+        {
+        return &default_method;
+        }
+CONF_METHOD *NCONF_WIN32()
+        {
+        return &WIN32_method;
+        }
+
+static CONF *def_create(CONF_METHOD *meth)
+        {
+        CONF *ret;
+
+        ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
+        if (ret)
+                if (meth->init(ret) == 0)
+                        {
+                        OPENSSL_free(ret);
+                        ret = NULL;
+                        }
+        return ret;
+        }
+        
+static int def_init_default(CONF *conf)
+        {
+        if (conf == NULL)
+                return 0;
+
+        conf->meth = &default_method;
+        conf->meth_data = (void *)CONF_type_default;
+        conf->data = NULL;
+
+        return 1;
+        }
+
+static int def_init_WIN32(CONF *conf)
+        {
+        if (conf == NULL)
+                return 0;
+
+        conf->meth = &WIN32_method;
+        conf->meth_data = (void *)CONF_type_win32;
+        conf->data = NULL;
+
+        return 1;
+        }
+
+static int def_destroy(CONF *conf)
+        {
+        if (def_destroy_data(conf))
+                {
+                OPENSSL_free(conf);
+                return 1;
+                }
+        return 0;
+        }
+
+static int def_destroy_data(CONF *conf)
+        {
+        if (conf == NULL)
+                return 0;
+        _CONF_free_data(conf);
+        return 1;
+        }
+
+static int def_load(CONF *conf, const char *name, long *line)
+        {
+        int ret;
+        BIO *in=NULL;
+
+#ifdef OPENSSL_SYS_VMS
+        in=BIO_new_file(name, "r");
+#else
+        in=BIO_new_file(name, "rb");
+#endif
+        if (in == NULL)
+                {
+                if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+                        CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE);
+                else
+                        CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+                return 0;
+                }
+
+        ret = def_load_bio(conf, in, line);
+        BIO_free(in);
+
+        return ret;
+        }
+
+static int def_load_bio(CONF *conf, BIO *in, long *line)
+        {
+/* The macro BUFSIZE conflicts with a system macro in VxWorks */
+#define CONFBUFSIZE     512
+        int bufnum=0,i,ii;
+        BUF_MEM *buff=NULL;
+        char *s,*p,*end;
+        int again,n;
+        long eline=0;
+        char btmp[DECIMAL_SIZE(eline)+1];
+        CONF_VALUE *v=NULL,*tv;
+        CONF_VALUE *sv=NULL;
+        char *section=NULL,*buf;
+        STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+        char *start,*psection,*pname;
+        void *h = (void *)(conf->data);
+
+        if ((buff=BUF_MEM_new()) == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+                goto err;
+                }
+
+        section=(char *)OPENSSL_malloc(10);
+        if (section == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        BUF_strlcpy(section,"default",10);
+
+        if (_CONF_new_data(conf) == 0)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        sv=_CONF_new_section(conf,section);
+        if (sv == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                goto err;
+                }
+        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+
+        bufnum=0;
+        again=0;
+        for (;;)
+                {
+                if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
+                        {
+                        CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+                        goto err;
+                        }
+                p= &(buff->data[bufnum]);
+                *p='\0';
+                BIO_gets(in, p, CONFBUFSIZE-1);
+                p[CONFBUFSIZE-1]='\0';
+                ii=i=strlen(p);
+                if (i == 0 && !again) break;
+                again=0;
+                while (i > 0)
+                        {
+                        if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+                                break;
+                        else
+                                i--;
+                        }
+                /* we removed some trailing stuff so there is a new
+                 * line on the end. */
+                if (ii && i == ii)
+                        again=1; /* long line */
+                else
+                        {
+                        p[i]='\0';
+                        eline++; /* another input line */
+                        }
+
+                /* we now have a line with trailing \r\n removed */
+
+                /* i is the number of bytes */
+                bufnum+=i;
+
+                v=NULL;
+                /* check for line continuation */
+                if (bufnum >= 1)
+                        {
+                        /* If we have bytes and the last char '\\' and
+                         * second last char is not '\\' */
+                        p= &(buff->data[bufnum-1]);
+                        if (IS_ESC(conf,p[0]) &&
+                                ((bufnum <= 1) || !IS_ESC(conf,p[-1])))
+                                {
+                                bufnum--;
+                                again=1;
+                                }
+                        }
+                if (again) continue;
+                bufnum=0;
+                buf=buff->data;
+
+                clear_comments(conf, buf);
+                n=strlen(buf);
+                s=eat_ws(conf, buf);
+                if (IS_EOF(conf,*s)) continue; /* blank line */
+                if (*s == '[')
+                        {
+                        char *ss;
+
+                        s++;
+                        start=eat_ws(conf, s);
+                        ss=start;
+again:
+                        end=eat_alpha_numeric(conf, ss);
+                        p=eat_ws(conf, end);
+                        if (*p != ']')
+                                {
+                                if (*p != '\0')
+                                        {
+                                        ss=p;
+                                        goto again;
+                                        }
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+                                goto err;
+                                }
+                        *end='\0';
+                        if (!str_copy(conf,NULL,&section,start)) goto err;
+                        if ((sv=_CONF_get_section(conf,section)) == NULL)
+                                sv=_CONF_new_section(conf,section);
+                        if (sv == NULL)
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                                goto err;
+                                }
+                        section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+                        continue;
+                        }
+                else
+                        {
+                        pname=s;
+                        psection=NULL;
+                        end=eat_alpha_numeric(conf, s);
+                        if ((end[0] == ':') && (end[1] == ':'))
+                                {
+                                *end='\0';
+                                end+=2;
+                                psection=pname;
+                                pname=end;
+                                end=eat_alpha_numeric(conf, end);
+                                }
+                        p=eat_ws(conf, end);
+                        if (*p != '=')
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                CONF_R_MISSING_EQUAL_SIGN);
+                                goto err;
+                                }
+                        *end='\0';
+                        p++;
+                        start=eat_ws(conf, p);
+                        while (!IS_EOF(conf,*p))
+                                p++;
+                        p--;
+                        while ((p != start) && (IS_WS(conf,*p)))
+                                p--;
+                        p++;
+                        *p='\0';
+
+                        if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        if (psection == NULL) psection=section;
+                        v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
+                        v->value=NULL;
+                        if (v->name == NULL)
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        BUF_strlcpy(v->name,pname,strlen(pname)+1);
+                        if (!str_copy(conf,psection,&(v->value),start)) goto err;
+
+                        if (strcmp(psection,section) != 0)
+                                {
+                                if ((tv=_CONF_get_section(conf,psection))
+                                        == NULL)
+                                        tv=_CONF_new_section(conf,psection);
+                                if (tv == NULL)
+                                        {
+                                        CONFerr(CONF_F_CONF_LOAD_BIO,
+                                           CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                                        goto err;
+                                        }
+                                ts=(STACK_OF(CONF_VALUE) *)tv->value;
+                                }
+                        else
+                                {
+                                tv=sv;
+                                ts=section_sk;
+                                }
+#if 1
+                        if (_CONF_add_string(conf, tv, v) == 0)
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+#else
+                        v->section=tv->section; 
+                        if (!sk_CONF_VALUE_push(ts,v))
+                                {
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        vv=(CONF_VALUE *)lh_insert(conf->data,v);
+                        if (vv != NULL)
+                                {
+                                sk_CONF_VALUE_delete_ptr(ts,vv);
+                                OPENSSL_free(vv->name);
+                                OPENSSL_free(vv->value);
+                                OPENSSL_free(vv);
+                                }
+#endif
+                        v=NULL;
+                        }
+                }
+        if (buff != NULL) BUF_MEM_free(buff);
+        if (section != NULL) OPENSSL_free(section);
+        return(1);
+err:
+        if (buff != NULL) BUF_MEM_free(buff);
+        if (section != NULL) OPENSSL_free(section);
+        if (line != NULL) *line=eline;
+        BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
+        ERR_add_error_data(2,"line ",btmp);
+        if ((h != conf->data) && (conf->data != NULL))
+                {
+                CONF_free(conf->data);
+                conf->data=NULL;
+                }
+        if (v != NULL)
+                {
+                if (v->name != NULL) OPENSSL_free(v->name);
+                if (v->value != NULL) OPENSSL_free(v->value);
+                if (v != NULL) OPENSSL_free(v);
+                }
+        return(0);
+        }
+
+static void clear_comments(CONF *conf, char *p)
+        {
+        char *to;
+
+        to=p;
+        for (;;)
+                {
+                if (IS_FCOMMENT(conf,*p))
+                        {
+                        *p='\0';
+                        return;
+                        }
+                if (!IS_WS(conf,*p))
+                        {
+                        break;
+                        }
+                p++;
+                }
+
+        for (;;)
+                {
+                if (IS_COMMENT(conf,*p))
+                        {
+                        *p='\0';
+                        return;
+                        }
+                if (IS_DQUOTE(conf,*p))
+                        {
+                        p=scan_dquote(conf, p);
+                        continue;
+                        }
+                if (IS_QUOTE(conf,*p))
+                        {
+                        p=scan_quote(conf, p);
+                        continue;
+                        }
+                if (IS_ESC(conf,*p))
+                        {
+                        p=scan_esc(conf,p);
+                        continue;
+                        }
+                if (IS_EOF(conf,*p))
+                        return;
+                else
+                        p++;
+                }
+        }
+
+static int str_copy(CONF *conf, char *section, char **pto, char *from)
+        {
+        int q,r,rr=0,to=0,len=0;
+        char *s,*e,*rp,*p,*rrp,*np,*cp,v;
+        BUF_MEM *buf;
+
+        if ((buf=BUF_MEM_new()) == NULL) return(0);
+
+        len=strlen(from)+1;
+        if (!BUF_MEM_grow(buf,len)) goto err;
+
+        for (;;)
+                {
+                if (IS_QUOTE(conf,*from))
+                        {
+                        q= *from;
+                        from++;
+                        while (!IS_EOF(conf,*from) && (*from != q))
+                                {
+                                if (IS_ESC(conf,*from))
+                                        {
+                                        from++;
+                                        if (IS_EOF(conf,*from)) break;
+                                        }
+                                buf->data[to++]= *(from++);
+                                }
+                        if (*from == q) from++;
+                        }
+                else if (IS_DQUOTE(conf,*from))
+                        {
+                        q= *from;
+                        from++;
+                        while (!IS_EOF(conf,*from))
+                                {
+                                if (*from == q)
+                                        {
+                                        if (*(from+1) == q)
+                                                {
+                                                from++;
+                                                }
+                                        else
+                                                {
+                                                break;
+                                                }
+                                        }
+                                buf->data[to++]= *(from++);
+                                }
+                        if (*from == q) from++;
+                        }
+                else if (IS_ESC(conf,*from))
+                        {
+                        from++;
+                        v= *(from++);
+                        if (IS_EOF(conf,v)) break;
+                        else if (v == 'r') v='\r';
+                        else if (v == 'n') v='\n';
+                        else if (v == 'b') v='\b';
+                        else if (v == 't') v='\t';
+                        buf->data[to++]= v;
+                        }
+                else if (IS_EOF(conf,*from))
+                        break;
+                else if (*from == '$')
+                        {
+                        /* try to expand it */
+                        rrp=NULL;
+                        s= &(from[1]);
+                        if (*s == '{')
+                                q='}';
+                        else if (*s == '(')
+                                q=')';
+                        else q=0;
+
+                        if (q) s++;
+                        cp=section;
+                        e=np=s;
+                        while (IS_ALPHA_NUMERIC(conf,*e))
+                                e++;
+                        if ((e[0] == ':') && (e[1] == ':'))
+                                {
+                                cp=np;
+                                rrp=e;
+                                rr= *e;
+                                *rrp='\0';
+                                e+=2;
+                                np=e;
+                                while (IS_ALPHA_NUMERIC(conf,*e))
+                                        e++;
+                                }
+                        r= *e;
+                        *e='\0';
+                        rp=e;
+                        if (q)
+                                {
+                                if (r != q)
+                                        {
+                                        CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
+                                        goto err;
+                                        }
+                                e++;
+                                }
+                        /* So at this point we have
+                         * ns which is the start of the name string which is
+                         *   '\0' terminated. 
+                         * cs which is the start of the section string which is
+                         *   '\0' terminated.
+                         * e is the 'next point after'.
+                         * r and s are the chars replaced by the '\0'
+                         * rp and sp is where 'r' and 's' came from.
+                         */
+                        p=_CONF_get_string(conf,cp,np);
+                        if (rrp != NULL) *rrp=rr;
+                        *rp=r;
+                        if (p == NULL)
+                                {
+                                CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
+                                goto err;
+                                }
+                        BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from)));
+                        while (*p)
+                                buf->data[to++]= *(p++);
+
+                        /* Since we change the pointer 'from', we also have
+                           to change the perceived length of the string it
+                           points at.  /RL */
+                        len -= e-from;
+                        from=e;
+                        }
+                else
+                        buf->data[to++]= *(from++);
+                }
+        buf->data[to]='\0';
+        if (*pto != NULL) OPENSSL_free(*pto);
+        *pto=buf->data;
+        OPENSSL_free(buf);
+        return(1);
+err:
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(0);
+        }
+
+static char *eat_ws(CONF *conf, char *p)
+        {
+        while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
+                p++;
+        return(p);
+        }
+
+static char *eat_alpha_numeric(CONF *conf, char *p)
+        {
+        for (;;)
+                {
+                if (IS_ESC(conf,*p))
+                        {
+                        p=scan_esc(conf,p);
+                        continue;
+                        }
+                if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
+                        return(p);
+                p++;
+                }
+        }
+
+static char *scan_quote(CONF *conf, char *p)
+        {
+        int q= *p;
+
+        p++;
+        while (!(IS_EOF(conf,*p)) && (*p != q))
+                {
+                if (IS_ESC(conf,*p))
+                        {
+                        p++;
+                        if (IS_EOF(conf,*p)) return(p);
+                        }
+                p++;
+                }
+        if (*p == q) p++;
+        return(p);
+        }
+
+
+static char *scan_dquote(CONF *conf, char *p)
+        {
+        int q= *p;
+
+        p++;
+        while (!(IS_EOF(conf,*p)))
+                {
+                if (*p == q)
+                        {
+                        if (*(p+1) == q)
+                                {
+                                p++;
+                                }
+                        else
+                                {
+                                break;
+                                }
+                        }
+                p++;
+                }
+        if (*p == q) p++;
+        return(p);
+        }
+
+static void dump_value(CONF_VALUE *a, BIO *out)
+        {
+        if (a->name)
+                BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+        else
+                BIO_printf(out, "[[%s]]\n", a->section);
+        }
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
+
+static int def_dump(const CONF *conf, BIO *out)
+        {
+        lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
+        return 1;
+        }
+
+static int def_is_number(const CONF *conf, char c)
+        {
+        return IS_NUMBER(conf,c);
+        }
+
+static int def_to_int(const CONF *conf, char c)
+        {
+        return c - '0';
+        }
+
diff --git a/src/lib/libcrypto/conf/conf_def.h b/src/lib/libcrypto/conf/conf_def.h
new file mode 100644
index 0000000000..92a7d8ad77
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_def.h
@@ -0,0 +1,180 @@
+/* crypto/conf/conf_def.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE WAS AUTOMAGICALLY GENERATED!
+   Please modify and use keysets.pl to regenerate it. */
+
+#define CONF_NUMBER             1
+#define CONF_UPPER              2
+#define CONF_LOWER              4
+#define CONF_UNDER              256
+#define CONF_PUNCTUATION        512
+#define CONF_WS                 16
+#define CONF_ESC                32
+#define CONF_QUOTE              64
+#define CONF_DQUOTE             1024
+#define CONF_COMMENT            128
+#define CONF_FCOMMENT           2048
+#define CONF_EOF                8
+#define CONF_HIGHBIT            4096
+#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+                                        CONF_PUNCTUATION)
+
+#define KEYTYPES(c)             ((unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+
+#else /*CHARSET_EBCDIC*/
+
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+                                (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+#endif /*CHARSET_EBCDIC*/
+
+static unsigned short CONF_type_default[256]={
+        0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+        0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
+        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+        0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
+        0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
+        0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
+        0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
+        0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+        0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
+        0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+        0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        };
+
+static unsigned short CONF_type_win32[256]={
+        0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+        0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
+        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+        0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+        0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
+        0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
+        0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
+        0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
+        0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+        0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+        0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
+        0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+        0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+        0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+        };
+
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c
new file mode 100644
index 0000000000..ee07bfe9d9
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_err.c
@@ -0,0 +1,126 @@
+/* crypto/conf/conf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CONF_str_functs[]=
+        {
+{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0),     "CONF_dump_fp"},
+{ERR_PACK(0,CONF_F_CONF_LOAD,0),        "CONF_load"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0),    "CONF_load_bio"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0),     "CONF_load_fp"},
+{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0),        "CONF_modules_load"},
+{ERR_PACK(0,CONF_F_MODULE_INIT,0),      "MODULE_INIT"},
+{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0),  "MODULE_LOAD_DSO"},
+{ERR_PACK(0,CONF_F_MODULE_RUN,0),       "MODULE_RUN"},
+{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0),   "NCONF_dump_bio"},
+{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0),    "NCONF_dump_fp"},
+{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"},
+{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0),       "NCONF_get_number_e"},
+{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0),        "NCONF_get_section"},
+{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD,0),       "NCONF_load"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0),   "NCONF_load_bio"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0),    "NCONF_load_fp"},
+{ERR_PACK(0,CONF_F_NCONF_NEW,0),        "NCONF_new"},
+{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA CONF_str_reasons[]=
+        {
+{CONF_R_ERROR_LOADING_DSO                ,"error loading dso"},
+{CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
+{CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
+{CONF_R_MISSING_FINISH_FUNCTION          ,"missing finish function"},
+{CONF_R_MISSING_INIT_FUNCTION            ,"missing init function"},
+{CONF_R_MODULE_INITIALIZATION_ERROR      ,"module initialization error"},
+{CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
+{CONF_R_NO_CONF                          ,"no conf"},
+{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
+{CONF_R_NO_SECTION                       ,"no section"},
+{CONF_R_NO_SUCH_FILE                     ,"no such file"},
+{CONF_R_NO_VALUE                         ,"no value"},
+{CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
+{CONF_R_UNKNOWN_MODULE_NAME              ,"unknown module name"},
+{CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_CONF_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
+                ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c
new file mode 100644
index 0000000000..6a3cf109dd
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_lib.c
@@ -0,0 +1,401 @@
+/* conf_lib.c */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include <openssl/lhash.h>
+
+const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD *default_CONF_method=NULL;
+
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH *hash)
+        {
+        if (default_CONF_method == NULL)
+                default_CONF_method = NCONF_default();
+
+        default_CONF_method->init(conf);
+        conf->data = hash;
+        }
+
+/* The following section contains the "CONF classic" functions,
+   rewritten in terms of the new CONF interface. */
+
+int CONF_set_default_method(CONF_METHOD *meth)
+        {
+        default_CONF_method = meth;
+        return 1;
+        }
+
+LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
+        {
+        LHASH *ltmp;
+        BIO *in=NULL;
+
+#ifdef OPENSSL_SYS_VMS
+        in=BIO_new_file(file, "r");
+#else
+        in=BIO_new_file(file, "rb");
+#endif
+        if (in == NULL)
+                {
+                CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+                return NULL;
+                }
+
+        ltmp = CONF_load_bio(conf, in, eline);
+        BIO_free(in);
+
+        return ltmp;
+        }
+
+#ifndef OPENSSL_NO_FP_API
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
+        {
+        BIO *btmp;
+        LHASH *ltmp;
+        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+                CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+                return NULL;
+        }
+        ltmp = CONF_load_bio(conf, btmp, eline);
+        BIO_free(btmp);
+        return ltmp;
+        }
+#endif
+
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
+        {
+        CONF ctmp;
+        int ret;
+
+        CONF_set_nconf(&ctmp, conf);
+
+        ret = NCONF_load_bio(&ctmp, bp, eline);
+        if (ret)
+                return ctmp.data;
+        return NULL;
+        }
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
+        {
+        if (conf == NULL)
+                {
+                return NULL;
+                }
+        else
+                {
+                CONF ctmp;
+                CONF_set_nconf(&ctmp, conf);
+                return NCONF_get_section(&ctmp, section);
+                }
+        }
+
+char *CONF_get_string(LHASH *conf,const char *group,const char *name)
+        {
+        if (conf == NULL)
+                {
+                return NCONF_get_string(NULL, group, name);
+                }
+        else
+                {
+                CONF ctmp;
+                CONF_set_nconf(&ctmp, conf);
+                return NCONF_get_string(&ctmp, group, name);
+                }
+        }
+
+long CONF_get_number(LHASH *conf,const char *group,const char *name)
+        {
+        int status;
+        long result = 0;
+
+        if (conf == NULL)
+                {
+                status = NCONF_get_number_e(NULL, group, name, &result);
+                }
+        else
+                {
+                CONF ctmp;
+                CONF_set_nconf(&ctmp, conf);
+                status = NCONF_get_number_e(&ctmp, group, name, &result);
+                }
+
+        if (status == 0)
+                {
+                /* This function does not believe in errors... */
+                ERR_get_error();
+                }
+        return result;
+        }
+
+void CONF_free(LHASH *conf)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        NCONF_free_data(&ctmp);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+int CONF_dump_fp(LHASH *conf, FILE *out)
+        {
+        BIO *btmp;
+        int ret;
+
+        if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+                CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
+                return 0;
+        }
+        ret = CONF_dump_bio(conf, btmp);
+        BIO_free(btmp);
+        return ret;
+        }
+#endif
+
+int CONF_dump_bio(LHASH *conf, BIO *out)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_dump_bio(&ctmp, out);
+        }
+
+/* The following section contains the "New CONF" functions.  They are
+   completely centralised around a new CONF structure that may contain
+   basically anything, but at least a method pointer and a table of data.
+   These functions are also written in terms of the bridge functions used
+   by the "CONF classic" functions, for consistency.  */
+
+CONF *NCONF_new(CONF_METHOD *meth)
+        {
+        CONF *ret;
+
+        if (meth == NULL)
+                meth = NCONF_default();
+
+        ret = meth->create(meth);
+        if (ret == NULL)
+                {
+                CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+
+        return ret;
+        }
+
+void NCONF_free(CONF *conf)
+        {
+        if (conf == NULL)
+                return;
+        conf->meth->destroy(conf);
+        }
+
+void NCONF_free_data(CONF *conf)
+        {
+        if (conf == NULL)
+                return;
+        conf->meth->destroy_data(conf);
+        }
+
+int NCONF_load(CONF *conf, const char *file, long *eline)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
+                return 0;
+                }
+
+        return conf->meth->load(conf, file, eline);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
+        {
+        BIO *btmp;
+        int ret;
+        if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+                {
+                CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
+                return 0;
+                }
+        ret = NCONF_load_bio(conf, btmp, eline);
+        BIO_free(btmp);
+        return ret;
+        }
+#endif
+
+int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
+                return 0;
+                }
+
+        return conf->meth->load_bio(conf, bp, eline);
+        }
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
+                return NULL;
+                }
+
+        if (section == NULL)
+                {
+                CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
+                return NULL;
+                }
+
+        return _CONF_get_section_values(conf, section);
+        }
+
+char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
+        {
+        char *s = _CONF_get_string(conf, group, name);
+
+        /* Since we may get a value from an environment variable even
+           if conf is NULL, let's check the value first */
+        if (s) return s;
+
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_GET_STRING,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+                return NULL;
+                }
+        CONFerr(CONF_F_NCONF_GET_STRING,
+                CONF_R_NO_VALUE);
+        ERR_add_error_data(4,"group=",group," name=",name);
+        return NULL;
+        }
+
+int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
+                       long *result)
+        {
+        char *str;
+
+        if (result == NULL)
+                {
+                CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+
+        str = NCONF_get_string(conf,group,name);
+
+        if (str == NULL)
+                return 0;
+
+        for (*result = 0;conf->meth->is_number(conf, *str);)
+                {
+                *result = (*result)*10 + conf->meth->to_int(conf, *str);
+                str++;
+                }
+
+        return 1;
+        }
+
+#ifndef OPENSSL_NO_FP_API
+int NCONF_dump_fp(const CONF *conf, FILE *out)
+        {
+        BIO *btmp;
+        int ret;
+        if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+                CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
+                return 0;
+        }
+        ret = NCONF_dump_bio(conf, btmp);
+        BIO_free(btmp);
+        return ret;
+        }
+#endif
+
+int NCONF_dump_bio(const CONF *conf, BIO *out)
+        {
+        if (conf == NULL)
+                {
+                CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
+                return 0;
+                }
+
+        return conf->meth->dump(conf, out);
+        }
+
+
+/* This function should be avoided */
+#if 0
+long NCONF_get_number(CONF *conf,char *group,char *name)
+        {
+        int status;
+        long ret=0;
+
+        status = NCONF_get_number_e(conf, group, name, &ret);
+        if (status == 0)
+                {
+                /* This function does not believe in errors... */
+                ERR_get_error();
+                }
+        return ret;
+        }
+#endif
diff --git a/src/lib/libcrypto/conf/conf_mall.c b/src/lib/libcrypto/conf/conf_mall.c
new file mode 100644
index 0000000000..4ba40cf44c
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_mall.c
@@ -0,0 +1,80 @@
+/* conf_mall.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+/* Load all OpenSSL builtin modules */
+
+void OPENSSL_load_builtin_modules(void)
+        {
+        /* Add builtin modules here */
+        ASN1_add_oid_module();
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_add_conf_module();
+#endif
+        }
+
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
new file mode 100644
index 0000000000..d45adea851
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -0,0 +1,616 @@
+/* conf_mod.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+
+/* This structure contains a data about supported modules.
+ * entries in this table correspond to either dynamic or
+ * static modules.
+ */
+
+struct conf_module_st
+        {
+        /* DSO of this module or NULL if static */
+        DSO *dso;
+        /* Name of the module */
+        char *name;
+        /* Init function */
+        conf_init_func *init; 
+        /* Finish function */
+        conf_finish_func *finish;
+        /* Number of successfully initialized modules */
+        int links;
+        void *usr_data;
+        };
+
+
+/* This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a
+ * given module.
+ */
+
+struct conf_imodule_st
+        {
+        CONF_MODULE *pmod;
+        char *name;
+        char *value;
+        unsigned long flags;
+        void *usr_data;
+        };
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(const CONF *cnf, char *name, char *value,
+                                          unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                        conf_init_func *ifunc, conf_finish_func *ffunc);
+static CONF_MODULE *module_find(char *name);
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+                                           const CONF *cnf);
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+                                                                        unsigned long flags);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags)
+        {
+        STACK_OF(CONF_VALUE) *values;
+        CONF_VALUE *vl;
+        char *vsection;
+
+        int ret, i;
+
+        if (!cnf)
+                return 1;
+
+        if (appname == NULL)
+                appname = "openssl_conf";
+
+        vsection = NCONF_get_string(cnf, NULL, appname); 
+
+        if (!vsection)
+                {
+                ERR_clear_error();
+                return 1;
+                }
+
+        values = NCONF_get_section(cnf, vsection);
+
+        if (!values)
+                return 0;
+
+        for (i = 0; i < sk_CONF_VALUE_num(values); i++)
+                {
+                vl = sk_CONF_VALUE_value(values, i);
+                ret = module_run(cnf, vl->name, vl->value, flags);
+                if (ret <= 0)
+                        if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+                                return ret;
+                }
+
+        return 1;
+
+        }
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags)
+        {
+        char *file = NULL;
+        CONF *conf = NULL;
+        int ret = 0;
+        conf = NCONF_new(NULL);
+        if (!conf)
+                goto err;
+
+        if (filename == NULL)
+                {
+                file = CONF_get1_default_config_file();
+                if (!file)
+                        goto err;
+                }
+        else
+                file = (char *)filename;
+
+        if (NCONF_load(conf, file, NULL) <= 0)
+                {
+                if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+                  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
+                        {
+                        ERR_clear_error();
+                        ret = 1;
+                        }
+                goto err;
+                }
+
+        ret = CONF_modules_load(conf, appname, flags);
+
+        err:
+        if (filename == NULL)
+                OPENSSL_free(file);
+        NCONF_free(conf);
+
+        return ret;
+        }
+
+static int module_run(const CONF *cnf, char *name, char *value,
+                      unsigned long flags)
+        {
+        CONF_MODULE *md;
+        int ret;
+
+        md = module_find(name);
+
+        /* Module not found: try to load DSO */
+        if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+                md = module_load_dso(cnf, name, value, flags);
+
+        if (!md)
+                {
+                if (!(flags & CONF_MFLAGS_SILENT))
+                        {
+                        CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+                        ERR_add_error_data(2, "module=", name);
+                        }
+                return -1;
+                }
+
+        ret = module_init(md, name, value, cnf);
+
+        if (ret <= 0)
+                {
+                if (!(flags & CONF_MFLAGS_SILENT))
+                        {
+                        char rcode[DECIMAL_SIZE(ret)+1];
+                        CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
+                        BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
+                        ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
+                        }
+                }
+
+        return ret;
+        }
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+                                    unsigned long flags)
+        {
+        DSO *dso = NULL;
+        conf_init_func *ifunc;
+        conf_finish_func *ffunc;
+        char *path = NULL;
+        int errcode = 0;
+        CONF_MODULE *md;
+        /* Look for alternative path in module section */
+        path = NCONF_get_string(cnf, value, "path");
+        if (!path)
+                {
+                ERR_get_error();
+                path = name;
+                }
+        dso = DSO_load(NULL, path, NULL, 0);
+        if (!dso)
+                {
+                errcode = CONF_R_ERROR_LOADING_DSO;
+                goto err;
+                }
+        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+        if (!ifunc)
+                {
+                errcode = CONF_R_MISSING_INIT_FUNCTION;
+                goto err;
+                }
+        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+        /* All OK, add module */
+        md = module_add(dso, name, ifunc, ffunc);
+
+        if (!md)
+                goto err;
+
+        return md;
+
+        err:
+        if (dso)
+                DSO_free(dso);
+        CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+        ERR_add_error_data(4, "module=", name, ", path=", path);
+        return NULL;
+        }
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                               conf_init_func *ifunc, conf_finish_func *ffunc)
+        {
+        CONF_MODULE *tmod = NULL;
+        if (supported_modules == NULL)
+                supported_modules = sk_CONF_MODULE_new_null();
+        if (supported_modules == NULL)
+                return NULL;
+        tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
+        if (tmod == NULL)
+                return NULL;
+
+        tmod->dso = dso;
+        tmod->name = BUF_strdup(name);
+        tmod->init = ifunc;
+        tmod->finish = ffunc;
+        tmod->links = 0;
+
+        if (!sk_CONF_MODULE_push(supported_modules, tmod))
+                {
+                OPENSSL_free(tmod);
+                return NULL;
+                }
+
+        return tmod;
+        }
+
+/* Find a module from the list. We allow module names of the
+ * form modname.XXXX to just search for modname to allow the
+ * same module to be initialized more than once.
+ */
+
+static CONF_MODULE *module_find(char *name)
+        {
+        CONF_MODULE *tmod;
+        int i, nchar;
+        char *p;
+        p = strrchr(name, '.');
+
+        if (p)
+                nchar = p - name;
+        else 
+                nchar = strlen(name);
+
+        for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
+                {
+                tmod = sk_CONF_MODULE_value(supported_modules, i);
+                if (!strncmp(tmod->name, name, nchar))
+                        return tmod;
+                }
+
+        return NULL;
+
+        }
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+                       const CONF *cnf)
+        {
+        int ret = 1;
+        int init_called = 0;
+        CONF_IMODULE *imod = NULL;
+
+        /* Otherwise add initialized module to list */
+        imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
+        if (!imod)
+                goto err;
+
+        imod->pmod = pmod;
+        imod->name = BUF_strdup(name);
+        imod->value = BUF_strdup(value);
+        imod->usr_data = NULL;
+
+        if (!imod->name || !imod->value)
+                goto memerr;
+
+        /* Try to initialize module */
+        if(pmod->init)
+                {
+                ret = pmod->init(imod, cnf);
+                init_called = 1;
+                /* Error occurred, exit */
+                if (ret <= 0)
+                        goto err;
+                }
+
+        if (initialized_modules == NULL)
+                {
+                initialized_modules = sk_CONF_IMODULE_new_null();
+                if (!initialized_modules)
+                        {
+                        CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+
+        if (!sk_CONF_IMODULE_push(initialized_modules, imod))
+                {
+                CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        pmod->links++;
+
+        return ret;
+
+        err:
+
+        /* We've started the module so we'd better finish it */
+        if (pmod->finish && init_called)
+                pmod->finish(imod);
+
+        memerr:
+        if (imod)
+                {
+                if (imod->name)
+                        OPENSSL_free(imod->name);
+                if (imod->value)
+                        OPENSSL_free(imod->value);
+                OPENSSL_free(imod);
+                }
+
+        return -1;
+
+        }
+
+/* Unload any dynamic modules that have a link count of zero:
+ * i.e. have no active initialized modules. If 'all' is set
+ * then all modules are unloaded including static ones.
+ */
+
+void CONF_modules_unload(int all)
+        {
+        int i;
+        CONF_MODULE *md;
+        CONF_modules_finish();
+        /* unload modules in reverse order */
+        for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
+                {
+                md = sk_CONF_MODULE_value(supported_modules, i);
+                /* If static or in use and 'all' not set ignore it */
+                if (((md->links > 0) || !md->dso) && !all)
+                        continue;
+                /* Since we're working in reverse this is OK */
+                sk_CONF_MODULE_delete(supported_modules, i);
+                module_free(md);
+                }
+        if (sk_CONF_MODULE_num(supported_modules) == 0)
+                {
+                sk_CONF_MODULE_free(supported_modules);
+                supported_modules = NULL;
+                }
+        }
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+        {
+        if (md->dso)
+                DSO_free(md->dso);
+        OPENSSL_free(md->name);
+        OPENSSL_free(md);
+        }
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+        {
+        CONF_IMODULE *imod;
+        while (sk_CONF_IMODULE_num(initialized_modules) > 0)
+                {
+                imod = sk_CONF_IMODULE_pop(initialized_modules);
+                module_finish(imod);
+                }
+        sk_CONF_IMODULE_free(initialized_modules);
+        initialized_modules = NULL;
+        }
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+        {
+        if (imod->pmod->finish)
+                imod->pmod->finish(imod);
+        imod->pmod->links--;
+        OPENSSL_free(imod->name);
+        OPENSSL_free(imod->value);
+        OPENSSL_free(imod);
+        }
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(const char *name, conf_init_func *ifunc, 
+                    conf_finish_func *ffunc)
+        {
+        if (module_add(NULL, name, ifunc, ffunc))
+                return 1;
+        else
+                return 0;
+        }
+
+void CONF_modules_free(void)
+        {
+        CONF_modules_finish();
+        CONF_modules_unload(1);
+        }
+
+/* Utility functions */
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md)
+        {
+        return md->name;
+        }
+
+const char *CONF_imodule_get_value(const CONF_IMODULE *md)
+        {
+        return md->value;
+        }
+
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
+        {
+        return md->usr_data;
+        }
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+        {
+        md->usr_data = usr_data;
+        }
+
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
+        {
+        return md->pmod;
+        }
+
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
+        {
+        return md->flags;
+        }
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+        {
+        md->flags = flags;
+        }
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+        {
+        return pmod->usr_data;
+        }
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+        {
+        pmod->usr_data = usr_data;
+        }
+
+/* Return default config file name */
+
+char *CONF_get1_default_config_file(void)
+        {
+        char *file;
+        int len;
+
+        file = getenv("OPENSSL_CONF");
+        if (file) 
+                return BUF_strdup(file);
+
+        len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+        len++;
+#endif
+        len += strlen(OPENSSL_CONF);
+
+        file = OPENSSL_malloc(len + 1);
+
+        if (!file)
+                return NULL;
+        BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
+#ifndef OPENSSL_SYS_VMS
+        BUF_strlcat(file,"/",len + 1);
+#endif
+        BUF_strlcat(file,OPENSSL_CONF,len + 1);
+
+        return file;
+        }
+
+/* This function takes a list separated by 'sep' and calls the
+ * callback function giving the start and length of each member
+ * optionally stripping leading and trailing whitespace. This can
+ * be used to parse comma separated lists for example.
+ */
+
+int CONF_parse_list(const char *list_, int sep, int nospc,
+        int (*list_cb)(const char *elem, int len, void *usr), void *arg)
+        {
+        int ret;
+        const char *lstart, *tmpend, *p;
+        lstart = list_;
+
+        for(;;)
+                {
+                if (nospc)
+                        {
+                        while(*lstart && isspace((unsigned char)*lstart))
+                                lstart++;
+                        }
+                p = strchr(lstart, sep);
+                if (p == lstart || !*lstart)
+                        ret = list_cb(NULL, 0, arg);
+                else
+                        {
+                        if (p)
+                                tmpend = p - 1;
+                        else 
+                                tmpend = lstart + strlen(lstart) - 1;
+                        if (nospc)
+                                {
+                                while(isspace((unsigned char)*tmpend))
+                                        tmpend--;
+                                }
+                        ret = list_cb(lstart, tmpend - lstart + 1, arg);
+                        }
+                if (ret <= 0)
+                        return ret;
+                if (p == NULL)
+                        return 1;
+                lstart = p + 1;
+                }
+        }
+
diff --git a/src/lib/libcrypto/conf/conf_sap.c b/src/lib/libcrypto/conf/conf_sap.c
new file mode 100644
index 0000000000..e15c2e5546
--- /dev/null
+++ b/src/lib/libcrypto/conf/conf_sap.c
@@ -0,0 +1,111 @@
+/* conf_sap.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+/* This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are called,
+ * unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+void OPENSSL_config(const char *config_name)
+        {
+        if (openssl_configured)
+                return;
+
+        OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
+        /* Need to load ENGINEs */
+        ENGINE_load_builtin_engines();
+#endif
+        /* Add others here? */
+
+
+        ERR_clear_error();
+        if (CONF_modules_load_file(NULL, NULL,
+                                        CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
+                {
+                BIO *bio_err;
+                ERR_load_crypto_strings();
+                if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
+                        {
+                        BIO_printf(bio_err,"Auto configuration failed\n");
+                        ERR_print_errors(bio_err);
+                        BIO_free(bio_err);
+                        }
+                exit(1);
+                }
+
+        return;
+        }
+
+void OPENSSL_no_config()
+        {
+        openssl_configured = 1;
+        }
diff --git a/src/lib/libcrypto/conf/keysets.pl b/src/lib/libcrypto/conf/keysets.pl
new file mode 100644
index 0000000000..50ed67fa52
--- /dev/null
+++ b/src/lib/libcrypto/conf/keysets.pl
@@ -0,0 +1,185 @@
+#!/usr/local/bin/perl
+
+$NUMBER=0x01;
+$UPPER=0x02;
+$LOWER=0x04;
+$UNDER=0x100;
+$PUNCTUATION=0x200;
+$WS=0x10;
+$ESC=0x20;
+$QUOTE=0x40;
+$DQUOTE=0x400;
+$COMMENT=0x80;
+$FCOMMENT=0x800;
+$EOF=0x08;
+$HIGHBIT=0x1000;
+
+foreach (0 .. 255)
+        {
+        $v=0;
+        $c=sprintf("%c",$_);
+        $v|=$NUMBER     if ($c =~ /[0-9]/);
+        $v|=$UPPER      if ($c =~ /[A-Z]/);
+        $v|=$LOWER      if ($c =~ /[a-z]/);
+        $v|=$UNDER      if ($c =~ /_/);
+        $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+        $v|=$WS         if ($c =~ /[ \t\r\n]/);
+        $v|=$ESC        if ($c =~ /\\/);
+        $v|=$QUOTE      if ($c =~ /['`"]/); # for emacs: "`'}/)
+        $v|=$COMMENT    if ($c =~ /\#/);
+        $v|=$EOF        if ($c =~ /\0/);
+        $v|=$HIGHBIT    if ($c =~/[\x80-\xff]/);
+
+        push(@V_def,$v);
+        }
+
+foreach (0 .. 255)
+        {
+        $v=0;
+        $c=sprintf("%c",$_);
+        $v|=$NUMBER     if ($c =~ /[0-9]/);
+        $v|=$UPPER      if ($c =~ /[A-Z]/);
+        $v|=$LOWER      if ($c =~ /[a-z]/);
+        $v|=$UNDER      if ($c =~ /_/);
+        $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+        $v|=$WS         if ($c =~ /[ \t\r\n]/);
+        $v|=$DQUOTE     if ($c =~ /["]/); # for emacs: "}/)
+        $v|=$FCOMMENT   if ($c =~ /;/);
+        $v|=$EOF        if ($c =~ /\0/);
+        $v|=$HIGHBIT    if ($c =~/[\x80-\xff]/);
+
+        push(@V_w32,$v);
+        }
+
+print <<"EOF";
+/* crypto/conf/conf_def.h */
+/* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay\@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh\@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay\@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE WAS AUTOMAGICALLY GENERATED!
+   Please modify and use keysets.pl to regenerate it. */
+
+#define CONF_NUMBER             $NUMBER
+#define CONF_UPPER              $UPPER
+#define CONF_LOWER              $LOWER
+#define CONF_UNDER              $UNDER
+#define CONF_PUNCTUATION        $PUNCTUATION
+#define CONF_WS                 $WS
+#define CONF_ESC                $ESC
+#define CONF_QUOTE              $QUOTE
+#define CONF_DQUOTE             $DQUOTE
+#define CONF_COMMENT            $COMMENT
+#define CONF_FCOMMENT           $FCOMMENT
+#define CONF_EOF                $EOF
+#define CONF_HIGHBIT            $HIGHBIT
+#define CONF_ALPHA              (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC      (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
+                                        CONF_PUNCTUATION)
+
+#define KEYTYPES(c)             ((unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[(a)&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+                                (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+
+#else /*CHARSET_EBCDIC*/
+
+#define IS_COMMENT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)        (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+#define IS_ESC(c,a)             (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)              (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)   (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+                                (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)           (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)          (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)         (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+#endif /*CHARSET_EBCDIC*/
+
+EOF
+
+print "static unsigned short CONF_type_default[256]={";
+
+for ($i=0; $i<256; $i++)
+        {
+        print "\n\t" if ($i % 8) == 0;
+        printf "0x%04X,",$V_def[$i];
+        }
+
+print "\n\t};\n\n";
+
+print "static unsigned short CONF_type_win32[256]={";
+
+for ($i=0; $i<256; $i++)
+        {
+        print "\n\t" if ($i % 8) == 0;
+        printf "0x%04X,",$V_w32[$i];
+        }
+
+print "\n\t};\n\n";
diff --git a/src/lib/libcrypto/conf/ssleay.cnf b/src/lib/libcrypto/conf/ssleay.cnf
new file mode 100644
index 0000000000..ed33af601e
--- /dev/null
+++ b/src/lib/libcrypto/conf/ssleay.cnf
@@ -0,0 +1,78 @@
+#
+# This is a test configuration file for use in SSLeay etc...
+#
+
+init = 5
+in\#it1 =10
+init2='10'
+init3='10\''
+init4="10'"
+init5='='10\'' again'
+
+SSLeay::version = 0.5.0
+
+[genrsa]
+default_bits    = 512
+SSLEAY::version = 0.5.0
+
+[gendh]
+default_bits    = 512
+def_generator   = 2
+
+[s_client]
+cipher1         = DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\
+cipher2         = 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5'
+cipher3         = "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5"
+cipher4         = DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5
+
+[ default ]
+cert_dir        = $ENV::HOME/.ca_certs
+
+HOME            = /tmp/eay
+
+tmp_cert_dir    = $HOME/.ca_certs
+tmp2_cert_dir   = thisis$(HOME)stuff
+
+LOGNAME = Eric Young (home=$HOME)
+
+[ special ]
+
+H=$HOME
+H=$default::HOME
+H=$ENV::HOME
+#
+# SSLeay example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE                = $HOME/.rand
+
+[ req ]
+default_bits            = 512
+default_keyfile         = privkey.pem
+
+Attribute_type_1        = countryName
+Attribute_text_1        = Country Name (2 letter code)
+Attribute_default_1     = AU
+
+Attribute_type_2        = stateOrProvinceName
+Attribute_text_2        = State or Province Name (full name)
+Attribute_default_2     = Queensland
+
+Attribute_type_3        = localityName
+Attribute_text_3        = Locality Name (eg, city)
+
+Attribute_type_4        = organizationName
+Attribute_text_4        = Organization Name (eg, company)
+Attribute_default_4     = Mincom Pty Ltd
+
+Attribute_type_5        = organizationalUnitName
+Attribute_text_5        = Organizational Unit Name (eg, section)
+Attribute_default_5     = TR
+
+Attribute_type_6        = commonName
+Attribute_text_6        = Common Name (eg, YOUR name)
+
+Attribute_type_7        = emailAddress
+Attribute_text_7        = Email Address
+
diff --git a/src/lib/libcrypto/cpt_err.c b/src/lib/libcrypto/cpt_err.c
new file mode 100644
index 0000000000..1b4a1cb4d4
--- /dev/null
+++ b/src/lib/libcrypto/cpt_err.c
@@ -0,0 +1,102 @@
+/* crypto/cpt_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CRYPTO_str_functs[]=
+        {
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0),        "CRYPTO_get_ex_new_index"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0),       "CRYPTO_get_new_dynlockid"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0),  "CRYPTO_get_new_lockid"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0),     "CRYPTO_set_ex_data"},
+{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0),  "DEF_ADD_INDEX"},
+{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0),  "DEF_GET_CLASS"},
+{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0),        "INT_DUP_EX_DATA"},
+{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0),       "INT_FREE_EX_DATA"},
+{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0),        "INT_NEW_EX_DATA"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA CRYPTO_str_reasons[]=
+        {
+{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK     ,"no dynlock create callback"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_CRYPTO_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
+                ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
new file mode 100644
index 0000000000..fef0afb29f
--- /dev/null
+++ b/src/lib/libcrypto/cryptlib.c
@@ -0,0 +1,632 @@
+/* crypto/cryptlib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/safestack.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+#endif
+
+DECLARE_STACK_OF(CRYPTO_dynlock)
+IMPLEMENT_STACK_OF(CRYPTO_dynlock)
+
+/* real #defines in crypto.h, keep these upto date */
+static const char* lock_names[CRYPTO_NUM_LOCKS] =
+        {
+        "<<ERROR>>",
+        "err",
+        "ex_data",
+        "x509",
+        "x509_info",
+        "x509_pkey",
+        "x509_crl",
+        "x509_req",
+        "dsa",
+        "rsa",
+        "evp_pkey",
+        "x509_store",
+        "ssl_ctx",
+        "ssl_cert",
+        "ssl_session",
+        "ssl_sess_cert",
+        "ssl",
+        "ssl_method",
+        "rand",
+        "rand2",
+        "debug_malloc",
+        "BIO",
+        "gethostbyname",
+        "getservbyname",
+        "readdir",
+        "RSA_blinding",
+        "dh",
+        "debug_malloc2",
+        "dso",
+        "dynlock",
+        "engine",
+        "ui",
+        "hwcrhk",               /* This is a HACK which will disappear in 0.9.8 */
+        "fips",
+        "fips2",
+#if CRYPTO_NUM_LOCKS != 35
+# error "Inconsistency between crypto.h and cryptlib.c"
+#endif
+        };
+
+/* This is for applications to allocate new type names in the non-dynamic
+   array of lock names.  These are numbered with positive numbers.  */
+static STACK *app_locks=NULL;
+
+/* For applications that want a more dynamic way of handling threads, the
+   following stack is used.  These are externally numbered with negative
+   numbers.  */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+
+
+static void (MS_FAR *locking_callback)(int mode,int type,
+        const char *file,int line)=NULL;
+static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
+        int type,const char *file,int line)=NULL;
+static unsigned long (MS_FAR *id_callback)(void)=NULL;
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+        (const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_lock_callback)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
+        const char *file,int line)=NULL;
+
+int CRYPTO_get_new_lockid(char *name)
+        {
+        char *str;
+        int i;
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+        /* A hack to make Visual C++ 5.0 work correctly when linking as
+         * a DLL using /MT. Without this, the application cannot use
+         * and floating point printf's.
+         * It also seems to be needed for Visual C 1.5 (win16) */
+        SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+
+        if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        if ((str=BUF_strdup(name)) == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        i=sk_push(app_locks,str);
+        if (!i)
+                OPENSSL_free(str);
+        else
+                i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+        return(i);
+        }
+
+int CRYPTO_num_locks(void)
+        {
+        return CRYPTO_NUM_LOCKS;
+        }
+
+int CRYPTO_get_new_dynlockid(void)
+        {
+        int i = 0;
+        CRYPTO_dynlock *pointer = NULL;
+
+        if (dynlock_create_callback == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if ((dyn_locks == NULL)
+                && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+        if (pointer == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        pointer->references = 1;
+        pointer->data = dynlock_create_callback(__FILE__,__LINE__);
+        if (pointer->data == NULL)
+                {
+                OPENSSL_free(pointer);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        /* First, try to find an existing empty slot */
+        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+        /* If there was none, push, thereby creating a new one */
+        if (i == -1)
+                /* Since sk_push() returns the number of items on the
+                   stack, not the location of the pushed item, we need
+                   to transform the returned number into a position,
+                   by decreasing it.  */
+                i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+        else
+                /* If we found a place with a NULL pointer, put our pointer
+                   in it.  */
+                sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (i == -1)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        else
+                i += 1; /* to avoid 0 */
+        return -i;
+        }
+
+void CRYPTO_destroy_dynlockid(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        if (dynlock_destroy_callback == NULL)
+                return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                return;
+                }
+        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer != NULL)
+                {
+                --pointer->references;
+#ifdef REF_CHECK
+                if (pointer->references < 0)
+                        {
+                        fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
+                        abort();
+                        }
+                else
+#endif
+                        if (pointer->references <= 0)
+                                {
+                                sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+                                }
+                        else
+                                pointer = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        }
+
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+                pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer)
+                pointer->references++;
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                return pointer->data;
+        return NULL;
+        }
+
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+        (const char *file,int line)
+        {
+        return(dynlock_create_callback);
+        }
+
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_lock_callback);
+        }
+
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+        (struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_destroy_callback);
+        }
+
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+        (const char *file, int line))
+        {
+        dynlock_create_callback=func;
+        }
+
+void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_lock_callback=func;
+        }
+
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+        (struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_destroy_callback=func;
+        }
+
+
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+                int line)
+        {
+        return(locking_callback);
+        }
+
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+                                          const char *file,int line)
+        {
+        return(add_lock_callback);
+        }
+
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+                                              const char *file,int line))
+        {
+        locking_callback=func;
+        }
+
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+                                              const char *file,int line))
+        {
+        add_lock_callback=func;
+        }
+
+unsigned long (*CRYPTO_get_id_callback(void))(void)
+        {
+        return(id_callback);
+        }
+
+void CRYPTO_set_id_callback(unsigned long (*func)(void))
+        {
+        id_callback=func;
+        }
+
+unsigned long CRYPTO_thread_id(void)
+        {
+        unsigned long ret=0;
+
+        if (id_callback == NULL)
+                {
+#ifdef OPENSSL_SYS_WIN16
+                ret=(unsigned long)GetCurrentTask();
+#elif defined(OPENSSL_SYS_WIN32)
+                ret=(unsigned long)GetCurrentThreadId();
+#elif defined(GETPID_IS_MEANINGLESS)
+                ret=1L;
+#else
+                ret=(unsigned long)getpid();
+#endif
+                }
+        else
+                ret=id_callback();
+        return(ret);
+        }
+
+void CRYPTO_lock(int mode, int type, const char *file, int line)
+        {
+#ifdef LOCK_DEBUG
+                {
+                char *rw_text,*operation_text;
+
+                if (mode & CRYPTO_LOCK)
+                        operation_text="lock  ";
+                else if (mode & CRYPTO_UNLOCK)
+                        operation_text="unlock";
+                else
+                        operation_text="ERROR ";
+
+                if (mode & CRYPTO_READ)
+                        rw_text="r";
+                else if (mode & CRYPTO_WRITE)
+                        rw_text="w";
+                else
+                        rw_text="ERROR";
+
+                fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
+                        CRYPTO_thread_id(), rw_text, operation_text,
+                        CRYPTO_get_lock_name(type), file, line);
+                }
+#endif
+        if (type < 0)
+                {
+                if (dynlock_lock_callback != NULL)
+                        {
+                        struct CRYPTO_dynlock_value *pointer
+                                = CRYPTO_get_dynlock_value(type);
+
+                        OPENSSL_assert(pointer != NULL);
+
+                        dynlock_lock_callback(mode, pointer, file, line);
+
+                        CRYPTO_destroy_dynlockid(type);
+                        }
+                }
+        else
+                if (locking_callback != NULL)
+                        locking_callback(mode,type,file,line);
+        }
+
+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
+             int line)
+        {
+        int ret = 0;
+
+        if (add_lock_callback != NULL)
+                {
+#ifdef LOCK_DEBUG
+                int before= *pointer;
+#endif
+
+                ret=add_lock_callback(pointer,amount,type,file,line);
+#ifdef LOCK_DEBUG
+                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+                        CRYPTO_thread_id(),
+                        before,amount,ret,
+                        CRYPTO_get_lock_name(type),
+                        file,line);
+#endif
+                }
+        else
+                {
+                CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
+
+                ret= *pointer+amount;
+#ifdef LOCK_DEBUG
+                fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+                        CRYPTO_thread_id(),
+                        *pointer,amount,ret,
+                        CRYPTO_get_lock_name(type),
+                        file,line);
+#endif
+                *pointer=ret;
+                CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
+                }
+        return(ret);
+        }
+
+const char *CRYPTO_get_lock_name(int type)
+        {
+        if (type < 0)
+                return("dynamic");
+        else if (type < CRYPTO_NUM_LOCKS)
+                return(lock_names[type]);
+        else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+                return("ERROR");
+        else
+                return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+        }
+
+#if defined(_WIN32) && defined(_WINDLL)
+
+/* All we really need to do is remove the 'error' state when a thread
+ * detaches */
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
+             LPVOID lpvReserved)
+        {
+        switch(fdwReason)
+                {
+        case DLL_PROCESS_ATTACH:
+                break;
+        case DLL_THREAD_ATTACH:
+                break;
+        case DLL_THREAD_DETACH:
+                ERR_remove_state(0);
+                break;
+        case DLL_PROCESS_DETACH:
+                break;
+                }
+        return(TRUE);
+        }
+#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+        {
+        fprintf(stderr,
+                "%s(%d): OpenSSL internal error, assertion failed: %s\n",
+                file,line,assertion);
+        abort();
+        }
+
+#ifdef OPENSSL_FIPS
+static int fips_started = 0;
+static int fips_mode = 0;
+static void *fips_rand_check = 0;
+static unsigned long fips_thread = 0;
+
+void fips_set_started(void)
+        {
+        fips_started = 1;
+        }
+
+int fips_is_started(void)
+        {
+        return fips_started;
+        }
+
+int fips_is_owning_thread(void)
+        {
+        int ret = 0;
+
+        if (fips_is_started())
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
+                        ret = 1;
+                CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+
+int fips_set_owning_thread(void)
+        {
+        int ret = 0;
+
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == 0)
+                        {
+                        fips_thread = CRYPTO_thread_id();
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+
+int fips_clear_owning_thread(void)
+        {
+        int ret = 0;
+
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == CRYPTO_thread_id())
+                        {
+                        fips_thread = 0;
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+
+void fips_set_mode(int onoff)
+        {
+        int owning_thread = fips_is_owning_thread();
+
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+                fips_mode = onoff;
+                if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+                }
+        }
+
+void fips_set_rand_check(void *rand_check)
+        {
+        int owning_thread = fips_is_owning_thread();
+
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+                fips_rand_check = rand_check;
+                if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+                }
+        }
+
+int FIPS_mode(void)
+        {
+        int ret = 0;
+        int owning_thread = fips_is_owning_thread();
+
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+                ret = fips_mode;
+                if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+                }
+        return ret;
+        }
+
+void *FIPS_rand_check(void)
+        {
+        void *ret = 0;
+        int owning_thread = fips_is_owning_thread();
+
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+                ret = fips_rand_check;
+                if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+                }
+        return ret;
+        }
+
+#endif /* OPENSSL_FIPS */
+
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
new file mode 100644
index 0000000000..0d6b9d59f0
--- /dev/null
+++ b/src/lib/libcrypto/cryptlib.h
@@ -0,0 +1,100 @@
+/* crypto/cryptlib.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTLIB_H
+#define HEADER_CRYPTLIB_H
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/buffer.h> 
+#include <openssl/bio.h> 
+#include <openssl/err.h>
+#include <openssl/opensslconf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifndef OPENSSL_SYS_VMS
+#define X509_CERT_AREA          OPENSSLDIR
+#define X509_CERT_DIR           OPENSSLDIR "/certs"
+#define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
+#define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+#else
+#define X509_CERT_AREA          "SSLROOT:[000000]"
+#define X509_CERT_DIR           "SSLCERTS:"
+#define X509_CERT_FILE          "SSLCERTS:cert.pem"
+#define X509_PRIVATE_DIR        "SSLPRIVATE:"
+#endif
+
+#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+
+/* size of string representations */
+#define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)          (sizeof(type)*2)
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index 427c321f25..c044ce0099 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
 $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
         "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
         "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
-        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
+        "bn_recp,bn_mont,bn_mpi,bn_exp2"
 $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
         "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-        "rsa_pss,rsa_x931,rsa_asn1"
+        "rsa_asn1"
 $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
         "ec_err"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -265,15 +265,10 @@ $ LIB_KRB5 = "krb5_asn"
 $!
 $! Setup exceptional compilations
 $!
-$ ! Add definitions for no threads on OpenVMS 7.1 and higher
 $ COMPILEWITH_CC3 = ",bss_rtcp,"
-$ ! Disable the DOLLARID warning
 $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
-$ ! Disable disjoint optimization
 $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
                     "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
-$ ! Disable the MIXLINKAGE warning
-$ COMPILEWITH_CC6 = ",enc_read,set_key,"
 $!
 $! Figure Out What Other Modules We Are To Build.
 $!
@@ -502,12 +497,7 @@ $       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
 $       THEN
 $         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $       ELSE
-$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
-$         THEN
-$           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ELSE
-$           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ENDIF
+$         CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $       ENDIF
 $     ENDIF
 $   ENDIF
@@ -970,7 +960,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
         CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
@@ -1087,18 +1077,14 @@ $   THEN
 $     IF CCDISABLEWARNINGS .EQS. ""
 $     THEN
 $       CC4DISABLEWARNINGS = "DOLLARID"
-$       CC6DISABLEWARNINGS = "MIXLINKAGE"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
 $       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
 $     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$     CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
-$     CC6DISABLEWARNINGS = ""
 $   ENDIF
 $   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
 $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -1109,7 +1095,6 @@ $   ELSE
 $     CC5 = CC + "/NOOPTIMIZE"
 $   ENDIF
 $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
 $!
 $!  Show user the result
 $!
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
new file mode 100644
index 0000000000..4d1dfac7f1
--- /dev/null
+++ b/src/lib/libcrypto/crypto.h
@@ -0,0 +1,521 @@
+/* crypto/crypto.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#include <stdlib.h>
+
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h>
+#endif
+
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+#include <openssl/opensslv.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+/* Resolve problems on some operating systems with symbol names that clash
+   one way or another */
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Backward compatibility to SSLeay */
+/* This is more to be used to check the correct DLL is being used
+ * in the MS world. */
+#define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
+#define SSLEAY_VERSION          0
+/* #define SSLEAY_OPTIONS       1 no longer supported */
+#define SSLEAY_CFLAGS           2
+#define SSLEAY_BUILT_ON         3
+#define SSLEAY_PLATFORM         4
+#define SSLEAY_DIR              5
+
+/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
+ * names in cryptlib.c
+ */
+
+#define CRYPTO_LOCK_ERR                 1
+#define CRYPTO_LOCK_EX_DATA             2
+#define CRYPTO_LOCK_X509                3
+#define CRYPTO_LOCK_X509_INFO           4
+#define CRYPTO_LOCK_X509_PKEY           5
+#define CRYPTO_LOCK_X509_CRL            6
+#define CRYPTO_LOCK_X509_REQ            7
+#define CRYPTO_LOCK_DSA                 8
+#define CRYPTO_LOCK_RSA                 9
+#define CRYPTO_LOCK_EVP_PKEY            10
+#define CRYPTO_LOCK_X509_STORE          11
+#define CRYPTO_LOCK_SSL_CTX             12
+#define CRYPTO_LOCK_SSL_CERT            13
+#define CRYPTO_LOCK_SSL_SESSION         14
+#define CRYPTO_LOCK_SSL_SESS_CERT       15
+#define CRYPTO_LOCK_SSL                 16
+#define CRYPTO_LOCK_SSL_METHOD          17
+#define CRYPTO_LOCK_RAND                18
+#define CRYPTO_LOCK_RAND2               19
+#define CRYPTO_LOCK_MALLOC              20
+#define CRYPTO_LOCK_BIO                 21
+#define CRYPTO_LOCK_GETHOSTBYNAME       22
+#define CRYPTO_LOCK_GETSERVBYNAME       23
+#define CRYPTO_LOCK_READDIR             24
+#define CRYPTO_LOCK_RSA_BLINDING        25
+#define CRYPTO_LOCK_DH                  26
+#define CRYPTO_LOCK_MALLOC2             27
+#define CRYPTO_LOCK_DSO                 28
+#define CRYPTO_LOCK_DYNLOCK             29
+#define CRYPTO_LOCK_ENGINE              30
+#define CRYPTO_LOCK_UI                  31
+#define CRYPTO_LOCK_HWCRHK              32 /* This is a HACK which will disappear in 0.9.8 */
+#define CRYPTO_LOCK_FIPS                33
+#define CRYPTO_LOCK_FIPS2               34
+#define CRYPTO_NUM_LOCKS                35
+
+#define CRYPTO_LOCK             1
+#define CRYPTO_UNLOCK           2
+#define CRYPTO_READ             4
+#define CRYPTO_WRITE            8
+
+#ifndef OPENSSL_NO_LOCKING
+#ifndef CRYPTO_w_lock
+#define CRYPTO_w_lock(type)     \
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_w_unlock(type)   \
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+#define CRYPTO_r_lock(type)     \
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_r_unlock(type)   \
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+#define CRYPTO_add(addr,amount,type)    \
+        CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+#endif
+#else
+#define CRYPTO_w_lock(a)
+#define CRYPTO_w_unlock(a)
+#define CRYPTO_r_lock(a)
+#define CRYPTO_r_unlock(a)
+#define CRYPTO_add(a,b,c)       ((*(a))+=(b))
+#endif
+
+/* Some applications as well as some parts of OpenSSL need to allocate
+   and deallocate locks in a dynamic fashion.  The following typedef
+   makes this possible in a type-safe manner.  */
+/* struct CRYPTO_dynlock_value has to be defined by the application. */
+typedef struct
+        {
+        int references;
+        struct CRYPTO_dynlock_value *data;
+        } CRYPTO_dynlock;
+
+
+/* The following can be used to detect memory leaks in the SSLeay library.
+ * It used, it turns on malloc checking */
+
+#define CRYPTO_MEM_CHECK_OFF    0x0     /* an enume */
+#define CRYPTO_MEM_CHECK_ON     0x1     /* a bit */
+#define CRYPTO_MEM_CHECK_ENABLE 0x2     /* a bit */
+#define CRYPTO_MEM_CHECK_DISABLE 0x3    /* an enume */
+
+/* The following are bit values to turn on or off options connected to the
+ * malloc checking functionality */
+
+/* Adds time to the memory checking information */
+#define V_CRYPTO_MDEBUG_TIME    0x1 /* a bit */
+/* Adds thread number to the memory checking information */
+#define V_CRYPTO_MDEBUG_THREAD  0x2 /* a bit */
+
+#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
+
+
+/* predec of the BIO type */
+typedef struct bio_st BIO_dummy;
+
+typedef struct crypto_ex_data_st
+        {
+        STACK *sk;
+        int dummy; /* gcc is screwing up this data structure :-( */
+        } CRYPTO_EX_DATA;
+
+/* Called when a new object is created */
+typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                        int idx, long argl, void *argp);
+/* Called when an object is free()ed */
+typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                        int idx, long argl, void *argp);
+/* Called when we need to dup an object */
+typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+                                        int idx, long argl, void *argp);
+
+/* This stuff is basically class callback functions
+ * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
+
+typedef struct crypto_ex_data_func_st
+        {
+        long argl;      /* Arbitary long */
+        void *argp;     /* Arbitary void * */
+        CRYPTO_EX_new *new_func;
+        CRYPTO_EX_free *free_func;
+        CRYPTO_EX_dup *dup_func;
+        } CRYPTO_EX_DATA_FUNCS;
+
+DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
+
+/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
+ * entry.
+ */
+
+#define CRYPTO_EX_INDEX_BIO             0
+#define CRYPTO_EX_INDEX_SSL             1
+#define CRYPTO_EX_INDEX_SSL_CTX         2
+#define CRYPTO_EX_INDEX_SSL_SESSION     3
+#define CRYPTO_EX_INDEX_X509_STORE      4
+#define CRYPTO_EX_INDEX_X509_STORE_CTX  5
+#define CRYPTO_EX_INDEX_RSA             6
+#define CRYPTO_EX_INDEX_DSA             7
+#define CRYPTO_EX_INDEX_DH              8
+#define CRYPTO_EX_INDEX_ENGINE          9
+#define CRYPTO_EX_INDEX_X509            10
+#define CRYPTO_EX_INDEX_UI              11
+
+/* Dynamically assigned indexes start from this value (don't use directly, use
+ * via CRYPTO_ex_data_new_class). */
+#define CRYPTO_EX_INDEX_USER            100
+
+
+/* This is the default callbacks, but we can have others as well:
+ * this is needed in Win32 where the application malloc and the
+ * library malloc may not be the same.
+ */
+#define CRYPTO_malloc_init()    CRYPTO_set_mem_functions(\
+        malloc, realloc, free)
+
+#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
+# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
+#  define CRYPTO_MDEBUG
+# endif
+#endif
+
+/* Set standard debugging functions (not done by default
+ * unless CRYPTO_MDEBUG is defined) */
+#define CRYPTO_malloc_debug_init()      do {\
+        CRYPTO_set_mem_debug_functions(\
+                CRYPTO_dbg_malloc,\
+                CRYPTO_dbg_realloc,\
+                CRYPTO_dbg_free,\
+                CRYPTO_dbg_set_options,\
+                CRYPTO_dbg_get_options);\
+        } while(0)
+
+int CRYPTO_mem_ctrl(int mode);
+int CRYPTO_is_mem_check_on(void);
+
+/* for applications */
+#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
+#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
+
+/* for library-internal use */
+#define MemCheck_on()   CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
+#define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+#define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+#define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
+#define OPENSSL_realloc(addr,num) \
+        CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+#define OPENSSL_realloc_clean(addr,old_num,num) \
+        CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+#define OPENSSL_remalloc(addr,num) \
+        CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+#define OPENSSL_freeFunc        CRYPTO_free
+#define OPENSSL_free(addr)      CRYPTO_free(addr)
+
+#define OPENSSL_malloc_locked(num) \
+        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+
+const char *SSLeay_version(int type);
+unsigned long SSLeay(void);
+
+int OPENSSL_issetugid(void);
+
+/* An opaque type representing an implementation of "ex_data" support */
+typedef struct st_CRYPTO_EX_DATA_IMPL   CRYPTO_EX_DATA_IMPL;
+/* Return an opaque pointer to the current "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
+/* Sets the "ex_data" implementation to be used (if it's not too late) */
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
+/* Get a new "ex_data" class, and return the corresponding "class_index" */
+int CRYPTO_ex_data_new_class(void);
+/* Within a given class, get/register a new index */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
+ * class (invokes whatever per-class callbacks are applicable) */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                CRYPTO_EX_DATA *from);
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
+ * (relative to the class type involved) */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
+/* This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions. */
+void CRYPTO_cleanup_all_ex_data(void);
+
+int CRYPTO_get_new_lockid(char *name);
+
+int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
+void CRYPTO_lock(int mode, int type,const char *file,int line);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+                                              const char *file,int line));
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+                int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+                                              const char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+                                          const char *file,int line);
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
+unsigned long (*CRYPTO_get_id_callback(void))(void);
+unsigned long CRYPTO_thread_id(void);
+const char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
+                    int line);
+
+int CRYPTO_get_new_dynlockid(void);
+void CRYPTO_destroy_dynlockid(int i);
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
+void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
+void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
+void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
+
+/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
+ * call the latter last if you need different functions */
+int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
+int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
+int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
+                                void *(*r)(void *,size_t,const char *,int),
+                                void (*f)(void *));
+int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),
+                                       void (*free_func)(void *));
+int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+                                   void (*r)(void *,void *,int,const char *,int,int),
+                                   void (*f)(void *,int),
+                                   void (*so)(long),
+                                   long (*go)(void));
+void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
+void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
+void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
+                                 void *(**r)(void *, size_t,const char *,int),
+                                 void (**f)(void *));
+void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
+                                        void (**f)(void *));
+void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+                                    void (**r)(void *,void *,int,const char *,int,int),
+                                    void (**f)(void *,int),
+                                    void (**so)(long),
+                                    long (**go)(void));
+
+void *CRYPTO_malloc_locked(int num, const char *file, int line);
+void CRYPTO_free_locked(void *);
+void *CRYPTO_malloc(int num, const char *file, int line);
+void CRYPTO_free(void *);
+void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
+                           int line);
+void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+void CRYPTO_set_mem_debug_options(long bits);
+long CRYPTO_get_mem_debug_options(void);
+
+#define CRYPTO_push_info(info) \
+        CRYPTO_push_info_(info, __FILE__, __LINE__);
+int CRYPTO_push_info_(const char *info, const char *file, int line);
+int CRYPTO_pop_info(void);
+int CRYPTO_remove_all_info(void);
+
+
+/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
+ * used as default in CRYPTO_MDEBUG compilations): */
+/* The last argument has the following significance:
+ *
+ * 0:   called before the actual memory allocation has taken place
+ * 1:   called after the actual memory allocation has taken place
+ */
+void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
+void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
+void CRYPTO_dbg_free(void *addr,int before_p);
+/* Tell the debugging code about options.  By default, the following values
+ * apply:
+ *
+ * 0:                           Clear all options.
+ * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
+ * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
+ * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
+ */
+void CRYPTO_dbg_set_options(long bits);
+long CRYPTO_dbg_get_options(void);
+
+
+#ifndef OPENSSL_NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *);
+#endif
+void CRYPTO_mem_leaks(struct bio_st *bio);
+/* unsigned long order, char *file, int line, int num_bytes, char *addr */
+typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define OPENSSL_assert(e)       ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+
+#ifdef OPENSSL_FIPS
+int FIPS_mode(void);
+void *FIPS_rand_check(void);
+
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+                alg " previous FIPS forbidden algorithm error ignored");
+
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+                #alg " Algorithm forbidden in FIPS mode");
+
+#ifdef OPENSSL_FIPS_STRICT
+#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
+#else
+#define FIPS_BAD_ALGORITHM(alg) \
+        { \
+        FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
+        ERR_add_error_data(2, "Algorithm=", #alg); \
+        return 0; \
+        }
+#endif
+
+/* Low level digest API blocking macro */
+
+#define FIPS_NON_FIPS_MD_Init(alg) \
+        int alg##_Init(alg##_CTX *c) \
+                { \
+                if (FIPS_mode()) \
+                        FIPS_BAD_ALGORITHM(alg) \
+                return private_##alg##_Init(c); \
+                } \
+        int private_##alg##_Init(alg##_CTX *c)
+
+/* For ciphers the API often varies from cipher to cipher and each needs to
+ * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
+ * CAST) however are very similar and can use a blocking macro.
+ */
+
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
+                { \
+                if (FIPS_mode()) \
+                        FIPS_BAD_ABORT(alg) \
+                private_##alg##_set_key(key, len, data); \
+                } \
+        void private_##alg##_set_key(alg##_KEY *key, int len, \
+                                        const unsigned char *data)
+
+#else
+
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
+
+#define FIPS_NON_FIPS_MD_Init(alg) \
+        int alg##_Init(alg##_CTX *c) 
+
+#endif /* def OPENSSL_FIPS */
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CRYPTO_strings(void);
+
+/* Error codes for the CRYPTO functions. */
+
+/* Function codes. */
+#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
+#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID                103
+#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID                   101
+#define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
+#define CRYPTO_F_DEF_ADD_INDEX                           104
+#define CRYPTO_F_DEF_GET_CLASS                           105
+#define CRYPTO_F_INT_DUP_EX_DATA                         106
+#define CRYPTO_F_INT_FREE_EX_DATA                        107
+#define CRYPTO_F_INT_NEW_EX_DATA                         108
+
+/* Reason codes. */
+#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK              100
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c
new file mode 100644
index 0000000000..beeeb14013
--- /dev/null
+++ b/src/lib/libcrypto/cversion.c
@@ -0,0 +1,120 @@
+/* crypto/cversion.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+
+#ifndef NO_WINDOWS_BRAINDEATH
+#include "buildinf.h"
+#endif
+
+const char *SSLeay_version(int t)
+        {
+        if (t == SSLEAY_VERSION)
+                return OPENSSL_VERSION_TEXT;
+        if (t == SSLEAY_BUILT_ON)
+                {
+#ifdef DATE
+                static char buf[sizeof(DATE)+11];
+
+                BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
+                return(buf);
+#else
+                return("built on: date not available");
+#endif
+                }
+        if (t == SSLEAY_CFLAGS)
+                {
+#ifdef CFLAGS
+                static char buf[sizeof(CFLAGS)+11];
+
+                BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
+                return(buf);
+#else
+                return("compiler: information not available");
+#endif
+                }
+        if (t == SSLEAY_PLATFORM)
+                {
+#ifdef PLATFORM
+                static char buf[sizeof(PLATFORM)+11];
+
+                BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
+                return(buf);
+#else
+                return("platform: information not available");
+#endif
+                }
+        if (t == SSLEAY_DIR)
+                {
+#ifdef OPENSSLDIR
+                return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+#else
+                return "OPENSSLDIR: N/A";
+#endif
+                }
+        return("not available");
+        }
+
+unsigned long SSLeay(void)
+        {
+        return(SSLEAY_VERSION_NUMBER);
+        }
+
diff --git a/src/lib/libcrypto/des/COPYRIGHT b/src/lib/libcrypto/des/COPYRIGHT
new file mode 100644
index 0000000000..5469e1e469
--- /dev/null
+++ b/src/lib/libcrypto/des/COPYRIGHT
@@ -0,0 +1,50 @@
+Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+All rights reserved.
+
+This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
+The implementation was written so as to conform with MIT's libdes.
+
+This library is free for commercial and non-commercial use as long as
+the following conditions are aheared to.  The following conditions
+apply to all code found in this distribution.
+
+Copyright remains Eric Young's, and as such any Copyright notices in
+the code are not to be removed.
+If this package is used in a product, Eric Young should be given attribution
+as the author of that the SSL library.  This can be in the form of a textual
+message at program startup or in documentation (online or textual) provided
+with the package.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+   must display the following acknowledgement:
+   This product includes software developed by Eric Young (eay@cryptsoft.com)
+
+THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+The license and distribution terms for any publically available version or
+derivative of this code cannot be changed.  i.e. this code cannot simply be
+copied and put under another distrubution license
+[including the GNU Public License.]
+
+The reason behind this being stated in this direct manner is past
+experience in code simply being copied and the attribution removed
+from it and then being distributed as part of other packages. This
+implementation was a non-trivial and unpaid effort.
diff --git a/src/lib/libcrypto/des/Makefile.ssl b/src/lib/libcrypto/des/Makefile.ssl
new file mode 100644
index 0000000000..0d9ba2b42f
--- /dev/null
+++ b/src/lib/libcrypto/des/Makefile.ssl
@@ -0,0 +1,316 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+
+DIR=    des
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+RANLIB=         ranlib
+DES_ENC=        des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=       dx86-elf.o yx86-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=destest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
+        des_enc.c fcrypt_b.c \
+        xcbc_enc.c \
+        str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+        read2pwd.c
+
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+        enc_read.o enc_writ.o ofb64enc.o \
+        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+        ${DES_ENC} \
+        fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
+        ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= des.h des_old.h
+HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+des: des.o cbc3_enc.o lib
+        $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
+# elf
+asm/dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s)
+
+asm/yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s)
+
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+        $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+
+asm/yx86-out.o: asm/yx86unix.cpp
+        $(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+        $(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
+
+asm/yx86bsdi.o: asm/yx86unix.cpp
+        $(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
+
+asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
+
+asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h
+cbc_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_cksm.o: cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cbc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cbc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cbc_enc.o: ../../include/openssl/ui_compat.h cbc_enc.c des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h
+cfb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64ede.o: cfb64ede.c des_locl.h
+cfb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h
+cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64enc.o: cfb64enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb_enc.o: cfb_enc.c des_locl.h
+des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c
+des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old.o: ../../include/openssl/ui_compat.h des_old.c
+des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old2.o: ../../include/openssl/opensslconf.h
+des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+des_old2.o: des_old2.c
+ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h
+ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h
+ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
+ede_cbcm_enc.o: ../../include/openssl/opensslv.h
+ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
+enc_read.o: ../../e_os.h ../../include/openssl/bio.h
+enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_read.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_read.o: ../cryptlib.h des_locl.h enc_read.c
+enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
+enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
+fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fcrypt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fcrypt.o: ../../include/openssl/ui_compat.h des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt_b.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h
+fcrypt_b.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt_b.o: des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h
+ofb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64ede.o: des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h
+ofb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64enc.o: des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ofb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ofb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ofb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h
+pcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pcbc_enc.o: des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+qud_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h
+qud_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+qud_cksm.o: des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h
+rand_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_key.o: rand_key.c
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+read2pwd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+read2pwd.o: read2pwd.c
+rpc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rpc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rpc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rpc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rpc_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h rpc_des.h
+rpc_enc.o: rpc_enc.c
+set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str2key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+str2key.o: ../../include/openssl/ui_compat.h des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+xcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h
+xcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+xcbc_enc.o: des_locl.h xcbc_enc.c
diff --git a/src/lib/libcrypto/des/asm/crypt586.pl b/src/lib/libcrypto/des/asm/crypt586.pl
new file mode 100644
index 0000000000..1d04ed6def
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/crypt586.pl
@@ -0,0 +1,208 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+# I've added the stuff needed for crypt() but I've not worried about making
+# things perfect.
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"crypt586.pl");
+
+$L="edi";
+$R="esi";
+
+&external_label("DES_SPtrans");
+&fcrypt_body("fcrypt_body");
+&asm_finish();
+
+sub fcrypt_body
+        {
+        local($name,$do_ip)=@_;
+
+        &function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
+
+        &comment("");
+        &comment("Load the 2 words");
+        $trans="ebp";
+
+        &xor(   $L,     $L);
+        &xor(   $R,     $R);
+
+        # PIC-ification:-)
+        &picmeup("edx","DES_SPtrans");
+        #if ($cpp)      { &picmeup("edx","DES_SPtrans");   }
+        #else           { &lea("edx",&DWP("DES_SPtrans")); }
+        &push("edx");   # becomes &swtmp(1)
+        #
+        &mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
+
+        &push(&DWC(25)); # add a variable
+
+        &set_label("start");
+        for ($i=0; $i<16; $i+=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
+
+                &comment("");
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
+                }
+         &mov("ebx",    &swtmp(0));
+        &mov("eax",     $L);
+         &dec("ebx");
+        &mov($L,        $R);
+         &mov($R,       "eax");
+        &mov(&swtmp(0), "ebx");
+         &jnz(&label("start"));
+
+        &comment("");
+        &comment("FP");
+        &mov("edx",&wparam(0));
+
+        &FP_new($R,$L,"eax",3);
+        &mov(&DWP(0,"edx","",0),"eax");
+        &mov(&DWP(4,"edx","",0),$L);
+
+        &add("esp",8);  # remove variables
+
+        &function_end($name);
+        }
+
+sub D_ENCRYPT
+        {
+        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
+
+        &mov(   $u,             &wparam(2));                    # 2
+        &mov(   $t,             $R);
+        &shr(   $t,             16);                            # 1
+        &mov(   $tmp2,          &wparam(3));                    # 2
+        &xor(   $t,             $R);                            # 1
+
+        &and(   $u,             $t);                            # 2
+        &and(   $t,             $tmp2);                         # 2
+
+        &mov(   $tmp1,          $u);
+        &shl(   $tmp1,          16);                            # 1
+        &mov(   $tmp2,          $t);
+        &shl(   $tmp2,          16);                            # 1
+        &xor(   $u,             $tmp1);                         # 2
+        &xor(   $t,             $tmp2);                         # 2
+        &mov(   $tmp1,          &DWP(&n2a($S*4),$trans,"",0));  # 2
+        &xor(   $u,             $tmp1);
+        &mov(   $tmp2,          &DWP(&n2a(($S+1)*4),$trans,"",0));      # 2
+        &xor(   $u,             $R);
+        &xor(   $t,             $R);
+        &xor(   $t,             $tmp2);
+
+        &and(   $u,             "0xfcfcfcfc"    );              # 2
+        &xor(   $tmp1,          $tmp1);                         # 1
+        &and(   $t,             "0xcfcfcfcf"    );              # 2
+        &xor(   $tmp2,          $tmp2); 
+        &movb(  &LB($tmp1),     &LB($u) );
+        &movb(  &LB($tmp2),     &HB($u) );
+        &rotr(  $t,             4               );
+        &mov(   $trans,         &swtmp(1));
+        &xor(   $L,             &DWP("     ",$trans,$tmp1,0));
+        &movb(  &LB($tmp1),     &LB($t) );
+        &xor(   $L,             &DWP("0x200",$trans,$tmp2,0));
+        &movb(  &LB($tmp2),     &HB($t) );
+        &shr(   $u,             16);
+        &xor(   $L,             &DWP("0x100",$trans,$tmp1,0));
+        &movb(  &LB($tmp1),     &HB($u) );
+        &shr(   $t,             16);
+        &xor(   $L,             &DWP("0x300",$trans,$tmp2,0));
+        &movb(  &LB($tmp2),     &HB($t) );
+        &and(   $u,             "0xff"  );
+        &and(   $t,             "0xff"  );
+        &mov(   $tmp1,          &DWP("0x600",$trans,$tmp1,0));
+        &xor(   $L,             $tmp1);
+        &mov(   $tmp1,          &DWP("0x700",$trans,$tmp2,0));
+        &xor(   $L,             $tmp1);
+        &mov(   $tmp1,          &DWP("0x400",$trans,$u,0));
+        &xor(   $L,             $tmp1);
+        &mov(   $tmp1,          &DWP("0x500",$trans,$t,0));
+        &xor(   $L,             $tmp1);
+        &mov(   $trans,         &wparam(1));
+        }
+
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+        {
+        local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+        &rotl(  $a,             $shift          ) if ($shift != 0);
+        &mov(   $tt,            $a              );
+        &xor(   $a,             $b              );
+        &and(   $a,             $mask           );
+        if ($notlast eq $b)
+                {
+                &xor(   $b,             $a              );
+                &xor(   $tt,            $a              );
+                }
+        else
+                {
+                &xor(   $tt,            $a              );
+                &xor(   $b,             $a              );
+                }
+        &comment("");
+        }
+
+sub IP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+
+        &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+        &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+        &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+        
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotr($tt,    3-$lr); }
+                else    { &rotl($tt,    $lr-3); }
+                }
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotr($r,     2-$lr); }
+                else    { &rotl($r,     $lr-2); }
+                }
+        }
+
+sub FP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotl($r,     2-$lr); }
+                else    { &rotr($r,     $lr-2); }
+                }
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotl($l,     3-$lr); }
+                else    { &rotr($l,     $lr-3); }
+                }
+
+        &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+        &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+        &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+        &rotr($tt       , 4);
+        }
+
diff --git a/src/lib/libcrypto/des/asm/des-586.pl b/src/lib/libcrypto/des/asm/des-586.pl
new file mode 100644
index 0000000000..60d577cc8d
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/des-586.pl
@@ -0,0 +1,255 @@
+#!/usr/local/bin/perl
+#
+# The inner loop instruction sequence and the IP/FP modifications are from
+# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+#
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+require "desboth.pl";
+
+# base code is in microsft
+# op dest, source
+# format.
+#
+
+&asm_init($ARGV[0],"des-586.pl");
+
+$L="edi";
+$R="esi";
+
+&external_label("DES_SPtrans");
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
+
+if (!$main'openbsd)
+        {
+        &DES_encrypt3("DES_encrypt3",1);
+        &DES_encrypt3("DES_decrypt3",0);
+        &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
+        &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
+        }
+
+&asm_finish();
+
+sub DES_encrypt
+        {
+        local($name,$do_ip)=@_;
+
+        &function_begin_B($name,"EXTRN   _DES_SPtrans:DWORD");
+
+        &push("esi");
+        &push("edi");
+
+        &comment("");
+        &comment("Load the 2 words");
+        $trans="ebp";
+
+        if ($do_ip)
+                {
+                &mov($R,&wparam(0));
+                 &xor(  "ecx",          "ecx"           );
+
+                &push("ebx");
+                &push("ebp");
+
+                &mov("eax",&DWP(0,$R,"",0));
+                 &mov("ebx",&wparam(2));        # get encrypt flag
+                &mov($L,&DWP(4,$R,"",0));
+                &comment("");
+                &comment("IP");
+                &IP_new("eax",$L,$R,3);
+                }
+        else
+                {
+                &mov("eax",&wparam(0));
+                 &xor(  "ecx",          "ecx"           );
+
+                &push("ebx");
+                &push("ebp");
+
+                &mov($R,&DWP(0,"eax","",0));
+                 &mov("ebx",&wparam(2));        # get encrypt flag
+                &rotl($R,3);
+                &mov($L,&DWP(4,"eax","",0));
+                &rotl($L,3);
+                }
+
+        # PIC-ification:-)
+        &picmeup($trans,"DES_SPtrans");
+        #if ($cpp)      { &picmeup($trans,"DES_SPtrans");   }
+        #else           { &lea($trans,&DWP("DES_SPtrans")); }
+
+        &mov(   "ecx",  &wparam(1)      );
+        &cmp("ebx","0");
+        &je(&label("start_decrypt"));
+
+        for ($i=0; $i<16; $i+=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
+
+                &comment("");
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
+                }
+        &jmp(&label("end"));
+
+        &set_label("start_decrypt");
+
+        for ($i=15; $i>0; $i-=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i-1));
+                &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx");
+                }
+
+        &set_label("end");
+
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("FP");
+                &mov("edx",&wparam(0));
+                &FP_new($L,$R,"eax",3);
+
+                &mov(&DWP(0,"edx","",0),"eax");
+                &mov(&DWP(4,"edx","",0),$R);
+                }
+        else
+                {
+                &comment("");
+                &comment("Fixup");
+                &rotr($L,3);            # r
+                 &mov("eax",&wparam(0));
+                &rotr($R,3);            # l
+                 &mov(&DWP(0,"eax","",0),$L);
+                 &mov(&DWP(4,"eax","",0),$R);
+                }
+
+        &pop("ebp");
+        &pop("ebx");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+
+        &function_end_B($name);
+        }
+
+sub D_ENCRYPT
+        {
+        local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
+
+         &mov(  $u,             &DWP(&n2a($S*4),$tmp2,"",0));
+        &xor(   $tmp1,          $tmp1);
+         &mov(  $t,             &DWP(&n2a(($S+1)*4),$tmp2,"",0));
+        &xor(   $u,             $R);
+        &xor(   $tmp2,          $tmp2);
+         &xor(  $t,             $R);
+        &and(   $u,             "0xfcfcfcfc"    );
+         &and(  $t,             "0xcfcfcfcf"    );
+        &movb(  &LB($tmp1),     &LB($u) );
+         &movb( &LB($tmp2),     &HB($u) );
+        &rotr(  $t,             4               );
+        &xor(   $L,             &DWP("     ",$trans,$tmp1,0));
+         &movb( &LB($tmp1),     &LB($t) );
+         &xor(  $L,             &DWP("0x200",$trans,$tmp2,0));
+         &movb( &LB($tmp2),     &HB($t) );
+        &shr(   $u,             16);
+         &xor(  $L,             &DWP("0x100",$trans,$tmp1,0));
+         &movb( &LB($tmp1),     &HB($u) );
+        &shr(   $t,             16);
+         &xor(  $L,             &DWP("0x300",$trans,$tmp2,0));
+        &movb(  &LB($tmp2),     &HB($t) );
+         &and(  $u,             "0xff"  );
+        &and(   $t,             "0xff"  );
+         &xor(  $L,             &DWP("0x600",$trans,$tmp1,0));
+         &xor(  $L,             &DWP("0x700",$trans,$tmp2,0));
+        &mov(   $tmp2,          &wparam(1)      );
+         &xor(  $L,             &DWP("0x400",$trans,$u,0));
+         &xor(  $L,             &DWP("0x500",$trans,$t,0));
+        }
+
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
+
+# now has a side affect of rotating $a by $shift
+sub R_PERM_OP
+        {
+        local($a,$b,$tt,$shift,$mask,$last)=@_;
+
+        &rotl(  $a,             $shift          ) if ($shift != 0);
+        &mov(   $tt,            $a              );
+        &xor(   $a,             $b              );
+        &and(   $a,             $mask           );
+        # This can never succeed, and besides it is difficult to see what the
+        # idea was - Ben 13 Feb 99
+        if (!$last eq $b)
+                {
+                &xor(   $b,             $a              );
+                &xor(   $tt,            $a              );
+                }
+        else
+                {
+                &xor(   $tt,            $a              );
+                &xor(   $b,             $a              );
+                }
+        &comment("");
+        }
+
+sub IP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+
+        &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
+        &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
+        &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
+        
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotr($tt,    3-$lr); }
+                else    { &rotl($tt,    $lr-3); }
+                }
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotr($r,     2-$lr); }
+                else    { &rotl($r,     $lr-2); }
+                }
+        }
+
+sub FP_new
+        {
+        local($l,$r,$tt,$lr)=@_;
+
+        if ($lr != 2)
+                {
+                if (($lr-2) < 0)
+                        { &rotl($r,     2-$lr); }
+                else    { &rotr($r,     $lr-2); }
+                }
+        if ($lr != 3)
+                {
+                if (($lr-3) < 0)
+                        { &rotl($l,     3-$lr); }
+                else    { &rotr($l,     $lr-3); }
+                }
+
+        &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
+        &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
+        &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
+        &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
+        &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
+        &rotr($tt       , 4);
+        }
+
diff --git a/src/lib/libcrypto/des/asm/desboth.pl b/src/lib/libcrypto/des/asm/desboth.pl
new file mode 100644
index 0000000000..eec00886e4
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/desboth.pl
@@ -0,0 +1,79 @@
+#!/usr/local/bin/perl
+
+$L="edi";
+$R="esi";
+
+sub DES_encrypt3
+        {
+        local($name,$enc)=@_;
+
+        &function_begin_B($name,"");
+        &push("ebx");
+        &mov("ebx",&wparam(0));
+
+        &push("ebp");
+        &push("esi");
+
+        &push("edi");
+
+        &comment("");
+        &comment("Load the data words");
+        &mov($L,&DWP(0,"ebx","",0));
+        &mov($R,&DWP(4,"ebx","",0));
+        &stack_push(3);
+
+        &comment("");
+        &comment("IP");
+        &IP_new($L,$R,"edx",0);
+
+        # put them back
+        
+        if ($enc)
+                {
+                &mov(&DWP(4,"ebx","",0),$R);
+                 &mov("eax",&wparam(1));
+                &mov(&DWP(0,"ebx","",0),"edx");
+                 &mov("edi",&wparam(2));
+                 &mov("esi",&wparam(3));
+                }
+        else
+                {
+                &mov(&DWP(4,"ebx","",0),$R);
+                 &mov("esi",&wparam(1));
+                &mov(&DWP(0,"ebx","",0),"edx");
+                 &mov("edi",&wparam(2));
+                 &mov("eax",&wparam(3));
+                }
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "eax");
+        &mov(&swtmp(0), "ebx");
+        &call("DES_encrypt2");
+        &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
+        &mov(&swtmp(1), "edi");
+        &mov(&swtmp(0), "ebx");
+        &call("DES_encrypt2");
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "esi");
+        &mov(&swtmp(0), "ebx");
+        &call("DES_encrypt2");
+
+        &stack_pop(3);
+        &mov($L,&DWP(0,"ebx","",0));
+        &mov($R,&DWP(4,"ebx","",0));
+
+        &comment("");
+        &comment("FP");
+        &FP_new($L,$R,"eax",0);
+
+        &mov(&DWP(0,"ebx","",0),"eax");
+        &mov(&DWP(4,"ebx","",0),$R);
+
+        &pop("edi");
+        &pop("esi");
+        &pop("ebp");
+        &pop("ebx");
+        &ret();
+        &function_end_B($name);
+        }
+
+
diff --git a/src/lib/libcrypto/des/cbc_cksm.c b/src/lib/libcrypto/des/cbc_cksm.c
new file mode 100644
index 0000000000..09a7ba56aa
--- /dev/null
+++ b/src/lib/libcrypto/des/cbc_cksm.c
@@ -0,0 +1,106 @@
+/* crypto/des/cbc_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec)
+        {
+        register DES_LONG tout0,tout1,tin0,tin1;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *out = &(*output)[0];
+        const unsigned char *iv = &(*ivec)[0];
+
+        c2l(iv,tout0);
+        c2l(iv,tout1);
+        for (; l>0; l-=8)
+                {
+                if (l >= 8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        }
+                else
+                        c2ln(in,tin0,tin1,l);
+                        
+                tin0^=tout0; tin[0]=tin0;
+                tin1^=tout1; tin[1]=tin1;
+                DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                /* fix 15/10/91 eay - thanks to keithr@sco.COM */
+                tout0=tin[0];
+                tout1=tin[1];
+                }
+        if (out != NULL)
+                {
+                l2c(tout0,out);
+                l2c(tout1,out);
+                }
+        tout0=tin0=tin1=tin[0]=tin[1]=0;
+        /*
+          Transform the data in tout1 so that it will
+          match the return value that the MIT Kerberos
+          mit_des_cbc_cksum API returns.
+        */
+        tout1 = ((tout1 >> 24L) & 0x000000FF)
+              | ((tout1 >> 8L)  & 0x0000FF00)
+              | ((tout1 << 8L)  & 0x00FF0000)
+              | ((tout1 << 24L) & 0xFF000000);
+        return(tout1);
+        }
diff --git a/src/lib/libcrypto/des/cbc_enc.c b/src/lib/libcrypto/des/cbc_enc.c
new file mode 100644
index 0000000000..677903ae4e
--- /dev/null
+++ b/src/lib/libcrypto/des/cbc_enc.c
@@ -0,0 +1,61 @@
+/* crypto/des/cbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define CBC_ENC_C__DONT_UPDATE_IV
+
+#include "ncbc_enc.c" /* des_cbc_encrypt */
diff --git a/src/lib/libcrypto/des/cfb64ede.c b/src/lib/libcrypto/des/cfb64ede.c
new file mode 100644
index 0000000000..f3c6018528
--- /dev/null
+++ b/src/lib/libcrypto/des/cfb64ede.c
@@ -0,0 +1,254 @@
+/* crypto/des/cfb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "e_os.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc)
+        {
+        register DES_LONG v0,v1;
+        register long l=length;
+        register int n= *num;
+        DES_LONG ti[2];
+        unsigned char *iv,c,cc;
+
+        iv=&(*ivec)[0];
+        if (enc)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+
+                                ti[0]=v0;
+                                ti[1]=v1;
+                                DES_encrypt3(ti,ks1,ks2,ks3);
+                                v0=ti[0];
+                                v1=ti[1];
+
+                                iv = &(*ivec)[0];
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                iv = &(*ivec)[0];
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+
+                                ti[0]=v0;
+                                ti[1]=v1;
+                                DES_encrypt3(ti,ks1,ks2,ks3);
+                                v0=ti[0];
+                                v1=ti[1];
+
+                                iv = &(*ivec)[0];
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                iv = &(*ivec)[0];
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=c=cc=0;
+        *num=n;
+        }
+
+#ifdef undef /* MACRO */
+void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+             DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),
+             int *num, int enc)
+        {
+        DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
+        }
+#endif
+
+/* This is compatible with the single key CFB-r for DES, even thought that's
+ * not what EVP needs.
+ */
+
+void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
+                          int numbits,long length,DES_key_schedule *ks1,
+                          DES_key_schedule *ks2,DES_key_schedule *ks3,
+                          DES_cblock *ivec,int enc)
+        {
+        register DES_LONG d0,d1,v0,v1;
+        register long l=length;
+        register int num=numbits,n=(numbits+7)/8,i;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        unsigned char ovec[16];
+
+        if (num > 64) return;
+        iv = &(*ivec)[0];
+        c2l(iv,v0);
+        c2l(iv,v1);
+        if (enc)
+                {
+                while (l >= n)
+                        {
+                        l-=n;
+                        ti[0]=v0;
+                        ti[1]=v1;
+                        DES_encrypt3(ti,ks1,ks2,ks3);
+                        c2ln(in,d0,d1,n);
+                        in+=n;
+                        d0^=ti[0];
+                        d1^=ti[1];
+                        l2cn(d0,d1,out,n);
+                        out+=n;
+                        /* 30-08-94 - eay - changed because l>>32 and
+                         * l<<32 are bad under gcc :-( */
+                        if (num == 32)
+                                { v0=v1; v1=d0; }
+                        else if (num == 64)
+                                { v0=d0; v1=d1; }
+                        else
+                                {
+                                iv=&ovec[0];
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                l2c(d0,iv);
+                                l2c(d1,iv);
+                                /* shift ovec left most of the bits... */
+                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                                /* now the remaining bits */
+                                if(num%8 != 0)
+                                        for(i=0 ; i < 8 ; ++i)
+                                                {
+                                                ovec[i]<<=num%8;
+                                                ovec[i]|=ovec[i+1]>>(8-num%8);
+                                                }
+                                iv=&ovec[0];
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+                                }
+                        }
+                }
+        else
+                {
+                while (l >= n)
+                        {
+                        l-=n;
+                        ti[0]=v0;
+                        ti[1]=v1;
+                        DES_encrypt3(ti,ks1,ks2,ks3);
+                        c2ln(in,d0,d1,n);
+                        in+=n;
+                        /* 30-08-94 - eay - changed because l>>32 and
+                         * l<<32 are bad under gcc :-( */
+                        if (num == 32)
+                                { v0=v1; v1=d0; }
+                        else if (num == 64)
+                                { v0=d0; v1=d1; }
+                        else
+                                {
+                                iv=&ovec[0];
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                l2c(d0,iv);
+                                l2c(d1,iv);
+                                /* shift ovec left most of the bits... */
+                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                                /* now the remaining bits */
+                                if(num%8 != 0)
+                                        for(i=0 ; i < 8 ; ++i)
+                                                {
+                                                ovec[i]<<=num%8;
+                                                ovec[i]|=ovec[i+1]>>(8-num%8);
+                                                }
+                                iv=&ovec[0];
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+                                }
+                        d0^=ti[0];
+                        d1^=ti[1];
+                        l2cn(d0,d1,out,n);
+                        out+=n;
+                        }
+                }
+        iv = &(*ivec)[0];
+        l2c(v0,iv);
+        l2c(v1,iv);
+        v0=v1=d0=d1=ti[0]=ti[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/des/cfb64enc.c b/src/lib/libcrypto/des/cfb64enc.c
new file mode 100644
index 0000000000..5ec8683e40
--- /dev/null
+++ b/src/lib/libcrypto/des/cfb64enc.c
@@ -0,0 +1,121 @@
+/* crypto/des/cfb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc)
+        {
+        register DES_LONG v0,v1;
+        register long l=length;
+        register int n= *num;
+        DES_LONG ti[2];
+        unsigned char *iv,c,cc;
+
+        iv = &(*ivec)[0];
+        if (enc)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                DES_encrypt1(ti,schedule,DES_ENCRYPT);
+                                iv = &(*ivec)[0];
+                                v0=ti[0]; l2c(v0,iv);
+                                v0=ti[1]; l2c(v0,iv);
+                                iv = &(*ivec)[0];
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                DES_encrypt1(ti,schedule,DES_ENCRYPT);
+                                iv = &(*ivec)[0];
+                                v0=ti[0]; l2c(v0,iv);
+                                v0=ti[1]; l2c(v0,iv);
+                                iv = &(*ivec)[0];
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=c=cc=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c
new file mode 100644
index 0000000000..03cabb223c
--- /dev/null
+++ b/src/lib/libcrypto/des/cfb_enc.c
@@ -0,0 +1,174 @@
+/* crypto/des/cfb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "e_os.h"
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben. */
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule, DES_cblock *ivec,
+                     int enc)
+        {
+        register DES_LONG d0,d1,v0,v1;
+        register unsigned long l=length,n=(numbits+7)/8;
+        register int num=numbits,i;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        unsigned char ovec[16];
+
+        if (num > 64) return;
+        iv = &(*ivec)[0];
+        c2l(iv,v0);
+        c2l(iv,v1);
+        if (enc)
+                {
+                while (l >= n)
+                        {
+                        l-=n;
+                        ti[0]=v0;
+                        ti[1]=v1;
+                        DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
+                        c2ln(in,d0,d1,n);
+                        in+=n;
+                        d0^=ti[0];
+                        d1^=ti[1];
+                        l2cn(d0,d1,out,n);
+                        out+=n;
+                        /* 30-08-94 - eay - changed because l>>32 and
+                         * l<<32 are bad under gcc :-( */
+                        if (num == 32)
+                                { v0=v1; v1=d0; }
+                        else if (num == 64)
+                                { v0=d0; v1=d1; }
+                        else
+                                {
+                                iv=&ovec[0];
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                l2c(d0,iv);
+                                l2c(d1,iv);
+                                /* shift ovec left most of the bits... */
+                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                                /* now the remaining bits */
+                                if(num%8 != 0)
+                                        for(i=0 ; i < 8 ; ++i)
+                                                {
+                                                ovec[i]<<=num%8;
+                                                ovec[i]|=ovec[i+1]>>(8-num%8);
+                                                }
+                                iv=&ovec[0];
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+                                }
+                        }
+                }
+        else
+                {
+                while (l >= n)
+                        {
+                        l-=n;
+                        ti[0]=v0;
+                        ti[1]=v1;
+                        DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
+                        c2ln(in,d0,d1,n);
+                        in+=n;
+                        /* 30-08-94 - eay - changed because l>>32 and
+                         * l<<32 are bad under gcc :-( */
+                        if (num == 32)
+                                { v0=v1; v1=d0; }
+                        else if (num == 64)
+                                { v0=d0; v1=d1; }
+                        else
+                                {
+                                iv=&ovec[0];
+                                l2c(v0,iv);
+                                l2c(v1,iv);
+                                l2c(d0,iv);
+                                l2c(d1,iv);
+                                /* shift ovec left most of the bits... */
+                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+                                /* now the remaining bits */
+                                if(num%8 != 0)
+                                        for(i=0 ; i < 8 ; ++i)
+                                                {
+                                                ovec[i]<<=num%8;
+                                                ovec[i]|=ovec[i+1]>>(8-num%8);
+                                                }
+                                iv=&ovec[0];
+                                c2l(iv,v0);
+                                c2l(iv,v1);
+                                }
+                        d0^=ti[0];
+                        d1^=ti[1];
+                        l2cn(d0,d1,out,n);
+                        out+=n;
+                        }
+                }
+        iv = &(*ivec)[0];
+        l2c(v0,iv);
+        l2c(v1,iv);
+        v0=v1=d0=d1=ti[0]=ti[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
new file mode 100644
index 0000000000..81bd874edd
--- /dev/null
+++ b/src/lib/libcrypto/des/des.h
@@ -0,0 +1,246 @@
+/* crypto/des/des.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
+
+#ifdef OPENSSL_NO_DES
+#error DES is disabled.
+#endif
+
+#include <openssl/opensslconf.h> /* DES_LONG */
+#include <openssl/e_os2.h>      /* OPENSSL_EXTERN */
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#define des_SPtrans DES_SPtrans
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
+ * and const_DES_cblock * are incompatible pointer types. */
+
+typedef struct DES_ks
+    {
+    union
+        {
+        DES_cblock cblock;
+        /* make sure things are correct size on machines with
+         * 8 byte longs */
+        DES_LONG deslong[2];
+        } ks[16];
+    } DES_key_schedule;
+
+#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
+# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
+#  define OPENSSL_ENABLE_OLD_DES_SUPPORT
+# endif
+#endif
+
+#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
+# include <openssl/des_old.h>
+#endif
+
+#define DES_KEY_SZ      (sizeof(DES_cblock))
+#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
+
+#define DES_ENCRYPT     1
+#define DES_DECRYPT     0
+
+#define DES_CBC_MODE    0
+#define DES_PCBC_MODE   1
+
+#define DES_ecb2_encrypt(i,o,k1,k2,e) \
+        DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int,DES_check_key);      /* defaults to false */
+#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);        /* defaults to DES_PCBC_MODE */
+#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output,
+                      DES_key_schedule *ks1,DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
+                       long length,DES_key_schedule *schedule,
+                       const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
+                     long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                     int enc);
+void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
+                      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                      int enc);
+void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
+                      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                      const_DES_cblock *inw,const_DES_cblock *outw,int enc);
+void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+                     long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                     int enc);
+void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
+                     DES_key_schedule *ks,int enc);
+
+/*      This is the DES encryption function that gets called by just about
+        every other DES routine in the library.  You should not use this
+        function except to implement 'modes' of DES.  I say this because the
+        functions that call this routine do the conversion from 'char *' to
+        long, and this needs to be done to make sure 'non-aligned' memory
+        access do not occur.  The characters are loaded 'little endian'.
+        Data is a pointer to 2 unsigned long's and ks is the
+        DES_key_schedule to use.  enc, is non zero specifies encryption,
+        zero if decryption. */
+void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
+
+/*      This functions is the same as DES_encrypt1() except that the DES
+        initial permutation (IP) and final permutation (FP) have been left
+        out.  As for DES_encrypt1(), you should not use this function.
+        It is used by the routines in the library that implement triple DES.
+        IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
+        as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
+void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
+                          long length,
+                          DES_key_schedule *ks1,DES_key_schedule *ks2,
+                          DES_key_schedule *ks3,DES_cblock *ivec,int enc);
+void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
+                           long length,
+                           DES_key_schedule *ks1,DES_key_schedule *ks2,
+                           DES_key_schedule *ks3,
+                           DES_cblock *ivec1,DES_cblock *ivec2,
+                           int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
+                            long length,DES_key_schedule *ks1,
+                            DES_key_schedule *ks2,DES_key_schedule *ks3,
+                            DES_cblock *ivec,int *num,int enc);
+void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
+                          int numbits,long length,DES_key_schedule *ks1,
+                          DES_key_schedule *ks2,DES_key_schedule *ks3,
+                          DES_cblock *ivec,int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
+                            long length,DES_key_schedule *ks1,
+                            DES_key_schedule *ks2,DES_key_schedule *ks3,
+                            DES_cblock *ivec,int *num);
+
+void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
+                       DES_cblock *out_white);
+
+int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
+                 DES_cblock *iv);
+int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
+                  DES_cblock *iv);
+char *DES_fcrypt(const char *buf,const char *salt, char *ret);
+char *DES_crypt(const char *buf,const char *salt);
+void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+                     long length,DES_key_schedule *schedule,DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
+                      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                      int enc);
+DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
+                        long length,int out_count,DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise. */
+int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+void DES_string_to_key(const char *str,DES_cblock *key);
+void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+                       DES_key_schedule *schedule,DES_cblock *ivec,int *num,
+                       int enc);
+void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+                       DES_key_schedule *schedule,DES_cblock *ivec,int *num);
+
+int DES_read_password(DES_cblock *key, const char *prompt, int verify);
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
+        int verify);
+
+#define DES_fixup_key_parity DES_set_odd_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c
new file mode 100644
index 0000000000..6a49ec4a55
--- /dev/null
+++ b/src/lib/libcrypto/des/des_enc.c
@@ -0,0 +1,417 @@
+/* crypto/des/des_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+#ifndef OPENSSL_FIPS
+#ifndef OPENBSD_DES_ASM
+
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+        {
+        register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+        register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+#endif
+#ifndef DES_UNROLL
+        register int i;
+#endif
+        register DES_LONG *s;
+
+        r=data[0];
+        l=data[1];
+
+        IP(r,l);
+        /* Things have been modified so that the initial rotate is
+         * done outside the loop.  This required the
+         * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
+         * One perl script later and things have a 5% speed up on a sparc2.
+         * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+         * for pointing this out. */
+        /* clear the top bits on machines with 8byte longs */
+        /* shift left by 2 */
+        r=ROTATE(r,29)&0xffffffffL;
+        l=ROTATE(l,29)&0xffffffffL;
+
+        s=ks->ks->deslong;
+        /* I don't know if it is worth the effort of loop unrolling the
+         * inner loop */
+        if (enc)
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r, 0); /*  1 */
+                D_ENCRYPT(r,l, 2); /*  2 */
+                D_ENCRYPT(l,r, 4); /*  3 */
+                D_ENCRYPT(r,l, 6); /*  4 */
+                D_ENCRYPT(l,r, 8); /*  5 */
+                D_ENCRYPT(r,l,10); /*  6 */
+                D_ENCRYPT(l,r,12); /*  7 */
+                D_ENCRYPT(r,l,14); /*  8 */
+                D_ENCRYPT(l,r,16); /*  9 */
+                D_ENCRYPT(r,l,18); /*  10 */
+                D_ENCRYPT(l,r,20); /*  11 */
+                D_ENCRYPT(r,l,22); /*  12 */
+                D_ENCRYPT(l,r,24); /*  13 */
+                D_ENCRYPT(r,l,26); /*  14 */
+                D_ENCRYPT(l,r,28); /*  15 */
+                D_ENCRYPT(r,l,30); /*  16 */
+#else
+                for (i=0; i<32; i+=8)
+                        {
+                        D_ENCRYPT(l,r,i+0); /*  1 */
+                        D_ENCRYPT(r,l,i+2); /*  2 */
+                        D_ENCRYPT(l,r,i+4); /*  3 */
+                        D_ENCRYPT(r,l,i+6); /*  4 */
+                        }
+#endif
+                }
+        else
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r,30); /* 16 */
+                D_ENCRYPT(r,l,28); /* 15 */
+                D_ENCRYPT(l,r,26); /* 14 */
+                D_ENCRYPT(r,l,24); /* 13 */
+                D_ENCRYPT(l,r,22); /* 12 */
+                D_ENCRYPT(r,l,20); /* 11 */
+                D_ENCRYPT(l,r,18); /* 10 */
+                D_ENCRYPT(r,l,16); /*  9 */
+                D_ENCRYPT(l,r,14); /*  8 */
+                D_ENCRYPT(r,l,12); /*  7 */
+                D_ENCRYPT(l,r,10); /*  6 */
+                D_ENCRYPT(r,l, 8); /*  5 */
+                D_ENCRYPT(l,r, 6); /*  4 */
+                D_ENCRYPT(r,l, 4); /*  3 */
+                D_ENCRYPT(l,r, 2); /*  2 */
+                D_ENCRYPT(r,l, 0); /*  1 */
+#else
+                for (i=30; i>0; i-=8)
+                        {
+                        D_ENCRYPT(l,r,i-0); /* 16 */
+                        D_ENCRYPT(r,l,i-2); /* 15 */
+                        D_ENCRYPT(l,r,i-4); /* 14 */
+                        D_ENCRYPT(r,l,i-6); /* 13 */
+                        }
+#endif
+                }
+
+        /* rotate and clear the top bits on machines with 8byte longs */
+        l=ROTATE(l,3)&0xffffffffL;
+        r=ROTATE(r,3)&0xffffffffL;
+
+        FP(r,l);
+        data[0]=l;
+        data[1]=r;
+        l=r=t=u=0;
+        }
+
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
+        {
+        register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+        register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+#endif
+#ifndef DES_UNROLL
+        register int i;
+#endif
+        register DES_LONG *s;
+
+        r=data[0];
+        l=data[1];
+
+        /* Things have been modified so that the initial rotate is
+         * done outside the loop.  This required the
+         * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
+         * One perl script later and things have a 5% speed up on a sparc2.
+         * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+         * for pointing this out. */
+        /* clear the top bits on machines with 8byte longs */
+        r=ROTATE(r,29)&0xffffffffL;
+        l=ROTATE(l,29)&0xffffffffL;
+
+        s=ks->ks->deslong;
+        /* I don't know if it is worth the effort of loop unrolling the
+         * inner loop */
+        if (enc)
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r, 0); /*  1 */
+                D_ENCRYPT(r,l, 2); /*  2 */
+                D_ENCRYPT(l,r, 4); /*  3 */
+                D_ENCRYPT(r,l, 6); /*  4 */
+                D_ENCRYPT(l,r, 8); /*  5 */
+                D_ENCRYPT(r,l,10); /*  6 */
+                D_ENCRYPT(l,r,12); /*  7 */
+                D_ENCRYPT(r,l,14); /*  8 */
+                D_ENCRYPT(l,r,16); /*  9 */
+                D_ENCRYPT(r,l,18); /*  10 */
+                D_ENCRYPT(l,r,20); /*  11 */
+                D_ENCRYPT(r,l,22); /*  12 */
+                D_ENCRYPT(l,r,24); /*  13 */
+                D_ENCRYPT(r,l,26); /*  14 */
+                D_ENCRYPT(l,r,28); /*  15 */
+                D_ENCRYPT(r,l,30); /*  16 */
+#else
+                for (i=0; i<32; i+=8)
+                        {
+                        D_ENCRYPT(l,r,i+0); /*  1 */
+                        D_ENCRYPT(r,l,i+2); /*  2 */
+                        D_ENCRYPT(l,r,i+4); /*  3 */
+                        D_ENCRYPT(r,l,i+6); /*  4 */
+                        }
+#endif
+                }
+        else
+                {
+#ifdef DES_UNROLL
+                D_ENCRYPT(l,r,30); /* 16 */
+                D_ENCRYPT(r,l,28); /* 15 */
+                D_ENCRYPT(l,r,26); /* 14 */
+                D_ENCRYPT(r,l,24); /* 13 */
+                D_ENCRYPT(l,r,22); /* 12 */
+                D_ENCRYPT(r,l,20); /* 11 */
+                D_ENCRYPT(l,r,18); /* 10 */
+                D_ENCRYPT(r,l,16); /*  9 */
+                D_ENCRYPT(l,r,14); /*  8 */
+                D_ENCRYPT(r,l,12); /*  7 */
+                D_ENCRYPT(l,r,10); /*  6 */
+                D_ENCRYPT(r,l, 8); /*  5 */
+                D_ENCRYPT(l,r, 6); /*  4 */
+                D_ENCRYPT(r,l, 4); /*  3 */
+                D_ENCRYPT(l,r, 2); /*  2 */
+                D_ENCRYPT(r,l, 0); /*  1 */
+#else
+                for (i=30; i>0; i-=8)
+                        {
+                        D_ENCRYPT(l,r,i-0); /* 16 */
+                        D_ENCRYPT(r,l,i-2); /* 15 */
+                        D_ENCRYPT(l,r,i-4); /* 14 */
+                        D_ENCRYPT(r,l,i-6); /* 13 */
+                        }
+#endif
+                }
+        /* rotate and clear the top bits on machines with 8byte longs */
+        data[0]=ROTATE(l,3)&0xffffffffL;
+        data[1]=ROTATE(r,3)&0xffffffffL;
+        l=r=t=u=0;
+        }
+#endif
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+        {
+        register DES_LONG l,r;
+
+        l=data[0];
+        r=data[1];
+        IP(l,r);
+        data[0]=l;
+        data[1]=r;
+        DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+        DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+        DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+        l=data[0];
+        r=data[1];
+        FP(r,l);
+        data[0]=l;
+        data[1]=r;
+        }
+
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+        {
+        register DES_LONG l,r;
+
+        l=data[0];
+        r=data[1];
+        IP(l,r);
+        data[0]=l;
+        data[1]=r;
+        DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+        DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+        DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+        l=data[0];
+        r=data[1];
+        FP(r,l);
+        data[0]=l;
+        data[1]=r;
+        }
+
+#endif /* ndef OPENSSL_FIPS */
+
+#ifndef DES_DEFAULT_OPTIONS
+
+#if !defined(OPENSSL_FIPS_DES_ASM)
+
+#undef CBC_ENC_C__DONT_UPDATE_IV
+#include "ncbc_enc.c" /* DES_ncbc_encrypt */
+
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register const unsigned char *in;
+        unsigned char *out;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+
+        in=input;
+        out=output;
+        iv = &(*ivec)[0];
+
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        }
+                iv = &(*ivec)[0];
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                register DES_LONG t0,t1;
+
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+
+                        t0=tin0;
+                        t1=tin1;
+
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+
+                        tout0^=xor0;
+                        tout1^=xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=t0;
+                        xor1=t1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        
+                        t0=tin0;
+                        t1=tin1;
+
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                
+                        tout0^=xor0;
+                        tout1^=xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=t0;
+                        xor1=t1;
+                        }
+
+                iv = &(*ivec)[0];
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
+#endif /* !defined(OPENSSL_FIPS_DES_ASM) */
+
+#endif /* DES_DEFAULT_OPTIONS */
diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h
new file mode 100644
index 0000000000..e44e8e98b2
--- /dev/null
+++ b/src/lib/libcrypto/des/des_locl.h
@@ -0,0 +1,428 @@
+/* crypto/des/des_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DES_LOCL_H
+#define HEADER_DES_LOCL_H
+
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
+#endif
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
+#ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+#else
+# include <unistd.h>
+#endif
+#include <math.h>
+#endif
+#endif
+#include <openssl/des.h>
+
+#ifdef OPENSSL_SYS_MSDOS                /* Visual C++ 2.1 (Windows NT/95) */
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <io.h>
+#endif
+
+#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
+#include <string.h>
+#endif
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+#define MAXWRITE        (1024*16)
+#define BSIZE           (MAXWRITE+4)
+
+#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+                        case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+                        case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+                        case 5: l2|=((DES_LONG)(*(--(c))));     \
+                        case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+                        case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+                        case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+                        case 1: l1|=((DES_LONG)(*(--(c))));     \
+                                } \
+                        }
+
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* replacements for htonl and ntohl since I have no idea what to do
+ * when faced with machines with 8 byte longs. */
+#define HDRSIZE 4
+
+#define n2l(c,l)        (l =((DES_LONG)(*((c)++)))<<24L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++))))
+
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+#define ROTATE(a,n)     (_lrotr(a,n))
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define ROTATE(a,n)   ({ register unsigned int ret;   \
+                                asm ("rorl %1,%0"       \
+                                        : "=r"(ret)     \
+                                        : "I"(n),"0"(a) \
+                                        : "cc");        \
+                           ret;                         \
+                        })
+# endif
+#endif
+#ifndef ROTATE
+#define ROTATE(a,n)     (((a)>>(n))+((a)<<(32-(n))))
+#endif
+
+/* Don't worry about the LOAD_DATA() stuff, that is used by
+ * fcrypt() to add it's little bit to the front */
+
+#ifdef DES_FCRYPT
+
+#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+        { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        t=R^(R>>16L); \
+        u=t&E0; t&=E1; \
+        tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+        tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+#else
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        u=R^s[S  ]; \
+        t=R^s[S+1]
+#endif
+
+/* The changes to this macro may help or hinder, depending on the
+ * compiler and the architecture.  gcc2 always seems to do well :-).
+ * Inspired by Dana How <how@isl.stanford.edu>
+ * DO NOT use the alternative version on machines with 8 byte longs.
+ * It does not seem to work on the Alpha, even when DES_LONG is 4
+ * bytes, probably an issue of accessing non-word aligned objects :-( */
+#ifdef DES_PTR
+
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
+ * is no reason to not xor all the sub items together.  This potentially
+ * saves a register since things can be xored directly into L */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) { \
+        unsigned int u1,u2,u3; \
+        LOAD_DATA(R,S,u,t,E0,E1,u1); \
+        u2=(int)u>>8L; \
+        u1=(int)u&0xfc; \
+        u2&=0xfc; \
+        t=ROTATE(t,4); \
+        u>>=16L; \
+        LL^= *(const DES_LONG *)(des_SP      +u1); \
+        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+        u3=(int)(u>>8L); \
+        u1=(int)u&0xfc; \
+        u3&=0xfc; \
+        LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
+        LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
+        u2=(int)t>>8L; \
+        u1=(int)t&0xfc; \
+        u2&=0xfc; \
+        t>>=16L; \
+        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+        u3=(int)t>>8L; \
+        u1=(int)t&0xfc; \
+        u3&=0xfc; \
+        LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
+        LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) { \
+        unsigned int u1,u2,s1,s2; \
+        LOAD_DATA(R,S,u,t,E0,E1,u1); \
+        u2=(int)u>>8L; \
+        u1=(int)u&0xfc; \
+        u2&=0xfc; \
+        t=ROTATE(t,4); \
+        LL^= *(const DES_LONG *)(des_SP      +u1); \
+        LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+        s1=(int)(u>>16L); \
+        s2=(int)(u>>24L); \
+        s1&=0xfc; \
+        s2&=0xfc; \
+        LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
+        LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
+        u2=(int)t>>8L; \
+        u1=(int)t&0xfc; \
+        u2&=0xfc; \
+        LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+        LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+        s1=(int)(t>>16L); \
+        s2=(int)(t>>24L); \
+        s1&=0xfc; \
+        s2&=0xfc; \
+        LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
+        LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
+#endif
+#else
+#define D_ENCRYPT(LL,R,S) { \
+        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+        t=ROTATE(t,4); \
+        LL^= \
+        *(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
+        *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
+        *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
+        *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
+        *(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
+        *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
+        *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
+        *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
+#endif
+
+#else /* original version */
+
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+#define D_ENCRYPT(LL,R,S) {\
+        unsigned int u1,u2,u3; \
+        LOAD_DATA(R,S,u,t,E0,E1,u1); \
+        u>>=2L; \
+        t=ROTATE(t,6); \
+        u2=(int)u>>8L; \
+        u1=(int)u&0x3f; \
+        u2&=0x3f; \
+        u>>=16L; \
+        LL^=DES_SPtrans[0][u1]; \
+        LL^=DES_SPtrans[2][u2]; \
+        u3=(int)u>>8L; \
+        u1=(int)u&0x3f; \
+        u3&=0x3f; \
+        LL^=DES_SPtrans[4][u1]; \
+        LL^=DES_SPtrans[6][u3]; \
+        u2=(int)t>>8L; \
+        u1=(int)t&0x3f; \
+        u2&=0x3f; \
+        t>>=16L; \
+        LL^=DES_SPtrans[1][u1]; \
+        LL^=DES_SPtrans[3][u2]; \
+        u3=(int)t>>8L; \
+        u1=(int)t&0x3f; \
+        u3&=0x3f; \
+        LL^=DES_SPtrans[5][u1]; \
+        LL^=DES_SPtrans[7][u3]; }
+#endif
+#ifdef DES_RISC2
+#define D_ENCRYPT(LL,R,S) {\
+        unsigned int u1,u2,s1,s2; \
+        LOAD_DATA(R,S,u,t,E0,E1,u1); \
+        u>>=2L; \
+        t=ROTATE(t,6); \
+        u2=(int)u>>8L; \
+        u1=(int)u&0x3f; \
+        u2&=0x3f; \
+        LL^=DES_SPtrans[0][u1]; \
+        LL^=DES_SPtrans[2][u2]; \
+        s1=(int)u>>16L; \
+        s2=(int)u>>24L; \
+        s1&=0x3f; \
+        s2&=0x3f; \
+        LL^=DES_SPtrans[4][s1]; \
+        LL^=DES_SPtrans[6][s2]; \
+        u2=(int)t>>8L; \
+        u1=(int)t&0x3f; \
+        u2&=0x3f; \
+        LL^=DES_SPtrans[1][u1]; \
+        LL^=DES_SPtrans[3][u2]; \
+        s1=(int)t>>16; \
+        s2=(int)t>>24L; \
+        s1&=0x3f; \
+        s2&=0x3f; \
+        LL^=DES_SPtrans[5][s1]; \
+        LL^=DES_SPtrans[7][s2]; }
+#endif
+
+#else
+
+#define D_ENCRYPT(LL,R,S) {\
+        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+        t=ROTATE(t,4); \
+        LL^=\
+                DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+                DES_SPtrans[2][(u>>10L)&0x3f]^ \
+                DES_SPtrans[4][(u>>18L)&0x3f]^ \
+                DES_SPtrans[6][(u>>26L)&0x3f]^ \
+                DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+                DES_SPtrans[3][(t>>10L)&0x3f]^ \
+                DES_SPtrans[5][(t>>18L)&0x3f]^ \
+                DES_SPtrans[7][(t>>26L)&0x3f]; }
+#endif
+#endif
+
+        /* IP and FP
+         * The problem is more of a geometric problem that random bit fiddling.
+         0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+         8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+        16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+        24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+        32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+        40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+        48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+        56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+        The output has been subject to swaps of the form
+        0 1 -> 3 1 but the odd and even bits have been put into
+        2 3    2 0
+        different words.  The main trick is to remember that
+        t=((l>>size)^r)&(mask);
+        r^=t;
+        l^=(t<<size);
+        can be used to swap and move bits between words.
+
+        So l =  0  1  2  3  r = 16 17 18 19
+                4  5  6  7      20 21 22 23
+                8  9 10 11      24 25 26 27
+               12 13 14 15      28 29 30 31
+        becomes (for size == 2 and mask == 0x3333)
+           t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
+                 6^20  7^21 -- --        4  5 20 21       6  7 22 23
+                10^24 11^25 -- --        8  9 24 25      10 11 24 25
+                14^28 15^29 -- --       12 13 28 29      14 15 28 29
+
+        Thanks for hints from Richard Outerbridge - he told me IP&FP
+        could be done in 15 xor, 10 shifts and 5 ands.
+        When I finally started to think of the problem in 2D
+        I first got ~42 operations without xors.  When I remembered
+        how to use xors :-) I got it to its final state.
+        */
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+#define IP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+        PERM_OP(l,r,tt,16,0x0000ffffL); \
+        PERM_OP(r,l,tt, 2,0x33333333L); \
+        PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+        PERM_OP(r,l,tt, 1,0x55555555L); \
+        }
+
+#define FP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(l,r,tt, 1,0x55555555L); \
+        PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+        PERM_OP(l,r,tt, 2,0x33333333L); \
+        PERM_OP(r,l,tt,16,0x0000ffffL); \
+        PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+        }
+
+OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+                 DES_LONG Eswap0, DES_LONG Eswap1);
+#endif
diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h
index 1d840b474a..1d8bf65101 100644
--- a/src/lib/libcrypto/des/des_old.h
+++ b/src/lib/libcrypto/des/des_old.h
@@ -88,14 +88,14 @@
  *
  */
 
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
+#ifndef HEADER_DES_OLD_H
+#define HEADER_DES_OLD_H
 
 #ifdef OPENSSL_NO_DES
 #error DES is disabled.
 #endif
 
-#ifndef HEADER_NEW_DES_H
+#ifndef HEADER_DES_H
 #error You must include des.h, not des_old.h directly.
 #endif
 
diff --git a/src/lib/libcrypto/des/ecb3_enc.c b/src/lib/libcrypto/des/ecb3_enc.c
new file mode 100644
index 0000000000..fa0c9c4d4f
--- /dev/null
+++ b/src/lib/libcrypto/des/ecb3_enc.c
@@ -0,0 +1,81 @@
+/* crypto/des/ecb3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3,
+             int enc)
+        {
+        register DES_LONG l0,l1;
+        DES_LONG ll[2];
+
+        c2l(in,l0);
+        c2l(in,l1);
+        ll[0]=l0;
+        ll[1]=l1;
+        if (enc)
+                DES_encrypt3(ll,ks1,ks2,ks3);
+        else
+                DES_decrypt3(ll,ks1,ks2,ks3);
+        l0=ll[0];
+        l1=ll[1];
+        l2c(l0,out);
+        l2c(l1,out);
+        }
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
new file mode 100644
index 0000000000..784aa5ba23
--- /dev/null
+++ b/src/lib/libcrypto/des/ecb_enc.c
@@ -0,0 +1,123 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "des_ver.h"
+#include "spr.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+
+OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
+
+const char *DES_options(void)
+        {
+        static int init=1;
+        static char buf[32];
+
+        if (init)
+                {
+                const char *ptr,*unroll,*risc,*size;
+
+#ifdef DES_PTR
+                ptr="ptr";
+#else
+                ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+                risc="risc1";
+#endif
+#ifdef DES_RISC2
+                risc="risc2";
+#endif
+#else
+                risc="cisc";
+#endif
+#ifdef DES_UNROLL
+                unroll="16";
+#else
+                unroll="4";
+#endif
+                if (sizeof(DES_LONG) != sizeof(long))
+                        size="int";
+                else
+                        size="long";
+                BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+                             size);
+                init=0;
+                }
+        return(buf);
+        }
+                
+
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc)
+        {
+        register DES_LONG l;
+        DES_LONG ll[2];
+        const unsigned char *in = &(*input)[0];
+        unsigned char *out = &(*output)[0];
+
+        c2l(in,l); ll[0]=l;
+        c2l(in,l); ll[1]=l;
+        DES_encrypt1(ll,ks,enc);
+        l=ll[0]; l2c(l,out);
+        l=ll[1]; l2c(l,out);
+        l=ll[0]=ll[1]=0;
+        }
diff --git a/src/lib/libcrypto/des/ede_cbcm_enc.c b/src/lib/libcrypto/des/ede_cbcm_enc.c
new file mode 100644
index 0000000000..fa45aa272b
--- /dev/null
+++ b/src/lib/libcrypto/des/ede_cbcm_enc.c
@@ -0,0 +1,197 @@
+/* ede_cbcm_enc.c */
+/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
+ * project 13 Feb 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+
+This is an implementation of Triple DES Cipher Block Chaining with Output
+Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+
+Note that there is a known attack on this by Biham and Knudsen but it takes
+a lot of work:
+
+http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
+
+*/
+
+#ifndef OPENSSL_NO_DESCBCM
+#include "des_locl.h"
+
+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+             long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+             DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
+             int enc)
+    {
+    register DES_LONG tin0,tin1;
+    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
+    register long l=length;
+    DES_LONG tin[2];
+    unsigned char *iv1,*iv2;
+
+    iv1 = &(*ivec1)[0];
+    iv2 = &(*ivec2)[0];
+
+    if (enc)
+        {
+        c2l(iv1,m0);
+        c2l(iv1,m1);
+        c2l(iv2,tout0);
+        c2l(iv2,tout1);
+        for (l-=8; l>=-7; l-=8)
+            {
+            tin[0]=m0;
+            tin[1]=m1;
+            DES_encrypt1(tin,ks3,1);
+            m0=tin[0];
+            m1=tin[1];
+
+            if(l < 0)
+                {
+                c2ln(in,tin0,tin1,l+8);
+                }
+            else
+                {
+                c2l(in,tin0);
+                c2l(in,tin1);
+                }
+            tin0^=tout0;
+            tin1^=tout1;
+
+            tin[0]=tin0;
+            tin[1]=tin1;
+            DES_encrypt1(tin,ks1,1);
+            tin[0]^=m0;
+            tin[1]^=m1;
+            DES_encrypt1(tin,ks2,0);
+            tin[0]^=m0;
+            tin[1]^=m1;
+            DES_encrypt1(tin,ks1,1);
+            tout0=tin[0];
+            tout1=tin[1];
+
+            l2c(tout0,out);
+            l2c(tout1,out);
+            }
+        iv1=&(*ivec1)[0];
+        l2c(m0,iv1);
+        l2c(m1,iv1);
+
+        iv2=&(*ivec2)[0];
+        l2c(tout0,iv2);
+        l2c(tout1,iv2);
+        }
+    else
+        {
+        register DES_LONG t0,t1;
+
+        c2l(iv1,m0);
+        c2l(iv1,m1);
+        c2l(iv2,xor0);
+        c2l(iv2,xor1);
+        for (l-=8; l>=-7; l-=8)
+            {
+            tin[0]=m0;
+            tin[1]=m1;
+            DES_encrypt1(tin,ks3,1);
+            m0=tin[0];
+            m1=tin[1];
+
+            c2l(in,tin0);
+            c2l(in,tin1);
+
+            t0=tin0;
+            t1=tin1;
+
+            tin[0]=tin0;
+            tin[1]=tin1;
+            DES_encrypt1(tin,ks1,0);
+            tin[0]^=m0;
+            tin[1]^=m1;
+            DES_encrypt1(tin,ks2,1);
+            tin[0]^=m0;
+            tin[1]^=m1;
+            DES_encrypt1(tin,ks1,0);
+            tout0=tin[0];
+            tout1=tin[1];
+
+            tout0^=xor0;
+            tout1^=xor1;
+            if(l < 0)
+                {
+                l2cn(tout0,tout1,out,l+8);
+                }
+            else
+                {
+                l2c(tout0,out);
+                l2c(tout1,out);
+                }
+            xor0=t0;
+            xor1=t1;
+            }
+
+        iv1=&(*ivec1)[0];
+        l2c(m0,iv1);
+        l2c(m1,iv1);
+
+        iv2=&(*ivec2)[0];
+        l2c(xor0,iv2);
+        l2c(xor1,iv2);
+        }
+    tin0=tin1=tout0=tout1=xor0=xor1=0;
+    tin[0]=tin[1]=0;
+    }
+#endif
diff --git a/src/lib/libcrypto/des/enc_read.c b/src/lib/libcrypto/des/enc_read.c
new file mode 100644
index 0000000000..c70fb686b8
--- /dev/null
+++ b/src/lib/libcrypto/des/enc_read.c
@@ -0,0 +1,228 @@
+/* crypto/des/enc_read.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "des_locl.h"
+
+/* This has some uglies in it but it works - even over sockets. */
+/*extern int errno;*/
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
+
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by DES_enc_write() and DES_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, DES_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ *
+ *  -  This function uses an internal state and thus cannot be
+ *     used on multiple files.
+ */
+
+
+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+                 DES_cblock *iv)
+        {
+        /* data to be unencrypted */
+        int net_num=0;
+        static unsigned char *net=NULL;
+        /* extra unencrypted data 
+         * for when a block of 100 comes in but is des_read one byte at
+         * a time. */
+        static unsigned char *unnet=NULL;
+        static int unnet_start=0;
+        static int unnet_left=0;
+        static unsigned char *tmpbuf=NULL;
+        int i;
+        long num=0,rnum;
+        unsigned char *p;
+
+        if (tmpbuf == NULL)
+                {
+                tmpbuf=OPENSSL_malloc(BSIZE);
+                if (tmpbuf == NULL) return(-1);
+                }
+        if (net == NULL)
+                {
+                net=OPENSSL_malloc(BSIZE);
+                if (net == NULL) return(-1);
+                }
+        if (unnet == NULL)
+                {
+                unnet=OPENSSL_malloc(BSIZE);
+                if (unnet == NULL) return(-1);
+                }
+        /* left over data from last decrypt */
+        if (unnet_left != 0)
+                {
+                if (unnet_left < len)
+                        {
+                        /* we still still need more data but will return
+                         * with the number of bytes we have - should always
+                         * check the return value */
+                        memcpy(buf,&(unnet[unnet_start]),
+                               unnet_left);
+                        /* eay 26/08/92 I had the next 2 lines
+                         * reversed :-( */
+                        i=unnet_left;
+                        unnet_start=unnet_left=0;
+                        }
+                else
+                        {
+                        memcpy(buf,&(unnet[unnet_start]),len);
+                        unnet_start+=len;
+                        unnet_left-=len;
+                        i=len;
+                        }
+                return(i);
+                }
+
+        /* We need to get more data. */
+        if (len > MAXWRITE) len=MAXWRITE;
+
+        /* first - get the length */
+        while (net_num < HDRSIZE) 
+                {
+                i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
+#ifdef EINTR
+                if ((i == -1) && (errno == EINTR)) continue;
+#endif
+                if (i <= 0) return(0);
+                net_num+=i;
+                }
+
+        /* we now have at net_num bytes in net */
+        p=net;
+        /* num=0;  */
+        n2l(p,num);
+        /* num should be rounded up to the next group of eight
+         * we make sure that we have read a multiple of 8 bytes from the net.
+         */
+        if ((num > MAXWRITE) || (num < 0)) /* error */
+                return(-1);
+        rnum=(num < 8)?8:((num+7)/8*8);
+
+        net_num=0;
+        while (net_num < rnum)
+                {
+                i=read(fd,(void *)&(net[net_num]),rnum-net_num);
+#ifdef EINTR
+                if ((i == -1) && (errno == EINTR)) continue;
+#endif
+                if (i <= 0) return(0);
+                net_num+=i;
+                }
+
+        /* Check if there will be data left over. */
+        if (len < num)
+                {
+                if (DES_rw_mode & DES_PCBC_MODE)
+                        DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+                else
+                        DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+                memcpy(buf,unnet,len);
+                unnet_start=len;
+                unnet_left=num-len;
+
+                /* The following line is done because we return num
+                 * as the number of bytes read. */
+                num=len;
+                }
+        else
+                {
+                /* >output is a multiple of 8 byes, if len < rnum
+                 * >we must be careful.  The user must be aware that this
+                 * >routine will write more bytes than he asked for.
+                 * >The length of the buffer must be correct.
+                 * FIXED - Should be ok now 18-9-90 - eay */
+                if (len < rnum)
+                        {
+
+                        if (DES_rw_mode & DES_PCBC_MODE)
+                                DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,
+                                                 DES_DECRYPT);
+                        else
+                                DES_cbc_encrypt(net,tmpbuf,num,sched,iv,
+                                                DES_DECRYPT);
+
+                        /* eay 26/08/92 fix a bug that returned more
+                         * bytes than you asked for (returned len bytes :-( */
+                        memcpy(buf,tmpbuf,num);
+                        }
+                else
+                        {
+                        if (DES_rw_mode & DES_PCBC_MODE)
+                                DES_pcbc_encrypt(net,buf,num,sched,iv,
+                                                 DES_DECRYPT);
+                        else
+                                DES_cbc_encrypt(net,buf,num,sched,iv,
+                                                DES_DECRYPT);
+                        }
+                }
+        return num;
+        }
+
diff --git a/src/lib/libcrypto/des/enc_writ.c b/src/lib/libcrypto/des/enc_writ.c
new file mode 100644
index 0000000000..af5b8c2349
--- /dev/null
+++ b/src/lib/libcrypto/des/enc_writ.c
@@ -0,0 +1,171 @@
+/* crypto/des/enc_writ.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <errno.h>
+#include <time.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "des_locl.h"
+#include <openssl/rand.h>
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by DES_enc_write() and DES_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, DES_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ */
+
+int DES_enc_write(int fd, const void *_buf, int len,
+                  DES_key_schedule *sched, DES_cblock *iv)
+        {
+#ifdef _LIBC
+        extern unsigned long time();
+        extern int write();
+#endif
+        const unsigned char *buf=_buf;
+        long rnum;
+        int i,j,k,outnum;
+        static unsigned char *outbuf=NULL;
+        unsigned char shortbuf[8];
+        unsigned char *p;
+        const unsigned char *cp;
+        static int start=1;
+
+        if (outbuf == NULL)
+                {
+                outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);
+                if (outbuf == NULL) return(-1);
+                }
+        /* If we are sending less than 8 bytes, the same char will look
+         * the same if we don't pad it out with random bytes */
+        if (start)
+                {
+                start=0;
+                }
+
+        /* lets recurse if we want to send the data in small chunks */
+        if (len > MAXWRITE)
+                {
+                j=0;
+                for (i=0; i<len; i+=k)
+                        {
+                        k=DES_enc_write(fd,&(buf[i]),
+                                ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
+                        if (k < 0)
+                                return(k);
+                        else
+                                j+=k;
+                        }
+                return(j);
+                }
+
+        /* write length first */
+        p=outbuf;
+        l2n(len,p);
+
+        /* pad short strings */
+        if (len < 8)
+                {
+                cp=shortbuf;
+                memcpy(shortbuf,buf,len);
+                RAND_pseudo_bytes(shortbuf+len, 8-len);
+                rnum=8;
+                }
+        else
+                {
+                cp=buf;
+                rnum=((len+7)/8*8); /* round up to nearest eight */
+                }
+
+        if (DES_rw_mode & DES_PCBC_MODE)
+                DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+                                 DES_ENCRYPT); 
+        else
+                DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+                                DES_ENCRYPT); 
+
+        /* output */
+        outnum=rnum+HDRSIZE;
+
+        for (j=0; j<outnum; j+=i)
+                {
+                /* eay 26/08/92 I was not doing writing from where we
+                 * got up to. */
+                i=write(fd,(void *)&(outbuf[j]),outnum-j);
+                if (i == -1)
+                        {
+#ifdef EINTR
+                        if (errno == EINTR)
+                                i=0;
+                        else
+#endif
+                                /* This is really a bad error - very bad
+                                 * It will stuff-up both ends. */
+                                return(-1);
+                        }
+                }
+
+        return(len);
+        }
diff --git a/src/lib/libcrypto/des/fcrypt.c b/src/lib/libcrypto/des/fcrypt.c
new file mode 100644
index 0000000000..2758c32656
--- /dev/null
+++ b/src/lib/libcrypto/des/fcrypt.c
@@ -0,0 +1,173 @@
+/* NOCW */
+#include <stdio.h>
+#ifdef _OSD_POSIX
+#ifndef CHARSET_EBCDIC
+#define CHARSET_EBCDIC 1
+#endif
+#endif
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+/* This version of crypt has been developed from my MIT compatible
+ * DES library.
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+/* Modification by Jens Kupferschmidt (Cu)
+ * I have included directive PARA for shared memory computers.
+ * I have included a directive LONGCRYPT to using this routine to cipher
+ * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
+ * definition is the maximum of length of password and can changed. I have
+ * defined 24.
+ */
+
+#include "des_locl.h"
+
+/* Added more values to handle illegal salt values the way normal
+ * crypt() implementations do.  The patch was sent by 
+ * Bjorn Gronvall <bg@sics.se>
+ */
+static unsigned const char con_salt[128]={
+0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
+0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
+0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
+0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
+0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
+0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
+0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
+0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
+0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
+0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
+0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
+0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
+0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
+0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
+0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
+0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
+};
+
+static unsigned const char cov_2char[64]={
+0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+                 DES_LONG Eswap0, DES_LONG Eswap1);
+
+char *DES_crypt(const char *buf, const char *salt)
+        {
+        static char buff[14];
+
+#ifndef CHARSET_EBCDIC
+        return(DES_fcrypt(buf,salt,buff));
+#else
+        char e_salt[2+1];
+        char e_buf[32+1];       /* replace 32 by 8 ? */
+        char *ret;
+
+        /* Copy at most 2 chars of salt */
+        if ((e_salt[0] = salt[0]) != '\0')
+            e_salt[1] = salt[1];
+
+        /* Copy at most 32 chars of password */
+        strncpy (e_buf, buf, sizeof(e_buf));
+
+        /* Make sure we have a delimiter */
+        e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
+
+        /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
+        ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+
+        /* Convert the cleartext password to ASCII */
+        ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+
+        /* Encrypt it (from/to ASCII) */
+        ret = DES_fcrypt(e_buf,e_salt,buff);
+
+        /* Convert the result back to EBCDIC */
+        ascii2ebcdic(ret, ret, strlen(ret));
+        
+        return ret;
+#endif
+        }
+
+
+char *DES_fcrypt(const char *buf, const char *salt, char *ret)
+        {
+        unsigned int i,j,x,y;
+        DES_LONG Eswap0,Eswap1;
+        DES_LONG out[2],ll;
+        DES_cblock key;
+        DES_key_schedule ks;
+        unsigned char bb[9];
+        unsigned char *b=bb;
+        unsigned char c,u;
+
+        /* eay 25/08/92
+         * If you call crypt("pwd","*") as often happens when you
+         * have * as the pwd field in /etc/passwd, the function
+         * returns *\0XXXXXXXXX
+         * The \0 makes the string look like * so the pwd "*" would
+         * crypt to "*".  This was found when replacing the crypt in
+         * our shared libraries.  People found that the disabled
+         * accounts effectively had no passwd :-(. */
+#ifndef CHARSET_EBCDIC
+        x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
+        Eswap0=con_salt[x]<<2;
+        x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
+        Eswap1=con_salt[x]<<6;
+#else
+        x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
+        Eswap0=con_salt[x]<<2;
+        x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
+        Eswap1=con_salt[x]<<6;
+#endif
+
+/* EAY
+r=strlen(buf);
+r=(r+7)/8;
+*/
+        for (i=0; i<8; i++)
+                {
+                c= *(buf++);
+                if (!c) break;
+                key[i]=(c<<1);
+                }
+        for (; i<8; i++)
+                key[i]=0;
+
+        DES_set_key_unchecked(&key,&ks);
+        fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
+
+        ll=out[0]; l2c(ll,b);
+        ll=out[1]; l2c(ll,b);
+        y=0;
+        u=0x80;
+        bb[8]=0;
+        for (i=2; i<13; i++)
+                {
+                c=0;
+                for (j=0; j<6; j++)
+                        {
+                        c<<=1;
+                        if (bb[y] & u) c|=1;
+                        u>>=1;
+                        if (!u)
+                                {
+                                y++;
+                                u=0x80;
+                                }
+                        }
+                ret[i]=cov_2char[c];
+                }
+        ret[13]='\0';
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/des/fcrypt_b.c b/src/lib/libcrypto/des/fcrypt_b.c
new file mode 100644
index 0000000000..1390138787
--- /dev/null
+++ b/src/lib/libcrypto/des/fcrypt_b.c
@@ -0,0 +1,145 @@
+/* crypto/des/fcrypt_b.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+
+/* This version of crypt has been developed from my MIT compatible
+ * DES library.
+ * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay@cryptsoft.com)
+ */
+
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
+                 DES_LONG Eswap1)
+        {
+        register DES_LONG l,r,t,u;
+#ifdef DES_PTR
+        register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+#endif
+        register DES_LONG *s;
+        register int j;
+        register DES_LONG E0,E1;
+
+        l=0;
+        r=0;
+
+        s=(DES_LONG *)ks;
+        E0=Eswap0;
+        E1=Eswap1;
+
+        for (j=0; j<25; j++)
+                {
+#ifndef DES_UNROLL
+                register int i;
+
+                for (i=0; i<32; i+=8)
+                        {
+                        D_ENCRYPT(l,r,i+0); /*  1 */
+                        D_ENCRYPT(r,l,i+2); /*  2 */
+                        D_ENCRYPT(l,r,i+4); /*  1 */
+                        D_ENCRYPT(r,l,i+6); /*  2 */
+                        }
+#else
+                D_ENCRYPT(l,r, 0); /*  1 */
+                D_ENCRYPT(r,l, 2); /*  2 */
+                D_ENCRYPT(l,r, 4); /*  3 */
+                D_ENCRYPT(r,l, 6); /*  4 */
+                D_ENCRYPT(l,r, 8); /*  5 */
+                D_ENCRYPT(r,l,10); /*  6 */
+                D_ENCRYPT(l,r,12); /*  7 */
+                D_ENCRYPT(r,l,14); /*  8 */
+                D_ENCRYPT(l,r,16); /*  9 */
+                D_ENCRYPT(r,l,18); /*  10 */
+                D_ENCRYPT(l,r,20); /*  11 */
+                D_ENCRYPT(r,l,22); /*  12 */
+                D_ENCRYPT(l,r,24); /*  13 */
+                D_ENCRYPT(r,l,26); /*  14 */
+                D_ENCRYPT(l,r,28); /*  15 */
+                D_ENCRYPT(r,l,30); /*  16 */
+#endif
+
+                t=l;
+                l=r;
+                r=t;
+                }
+        l=ROTATE(l,3)&0xffffffffL;
+        r=ROTATE(r,3)&0xffffffffL;
+
+        PERM_OP(l,r,t, 1,0x55555555L);
+        PERM_OP(r,l,t, 8,0x00ff00ffL);
+        PERM_OP(l,r,t, 2,0x33333333L);
+        PERM_OP(r,l,t,16,0x0000ffffL);
+        PERM_OP(l,r,t, 4,0x0f0f0f0fL);
+
+        out[0]=r;
+        out[1]=l;
+        }
+
diff --git a/src/lib/libcrypto/des/ncbc_enc.c b/src/lib/libcrypto/des/ncbc_enc.c
new file mode 100644
index 0000000000..fda23d522f
--- /dev/null
+++ b/src/lib/libcrypto/des/ncbc_enc.c
@@ -0,0 +1,148 @@
+/* crypto/des/ncbc_enc.c */
+/*
+ * #included by:
+ *    cbc_enc.c  (DES_cbc_encrypt)
+ *    des_enc.c  (DES_ncbc_encrypt)
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#else
+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#endif
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+
+        iv = &(*ivec)[0];
+
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0; tin[0]=tin0;
+                        tin1^=tout1; tin[1]=tin1;
+                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+                iv = &(*ivec)[0];
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+#endif
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+                        xor0=tin0;
+                        xor1=tin1;
+#endif
+                        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV 
+                iv = &(*ivec)[0];
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+#endif
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
diff --git a/src/lib/libcrypto/des/ofb64ede.c b/src/lib/libcrypto/des/ofb64ede.c
new file mode 100644
index 0000000000..26bbf9a6a7
--- /dev/null
+++ b/src/lib/libcrypto/des/ofb64ede.c
@@ -0,0 +1,125 @@
+/* crypto/des/ofb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void DES_ede3_ofb64_encrypt(register const unsigned char *in,
+                            register unsigned char *out, long length,
+                            DES_key_schedule *k1, DES_key_schedule *k2,
+                            DES_key_schedule *k3, DES_cblock *ivec,
+                            int *num)
+        {
+        register DES_LONG v0,v1;
+        register int n= *num;
+        register long l=length;
+        DES_cblock d;
+        register char *dp;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv = &(*ivec)[0];
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        /* ti[0]=v0; */
+                        /* ti[1]=v1; */
+                        DES_encrypt3(ti,k1,k2,k3);
+                        v0=ti[0];
+                        v1=ti[1];
+
+                        dp=(char *)d;
+                        l2c(v0,dp);
+                        l2c(v1,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+/*              v0=ti[0];
+                v1=ti[1];*/
+                iv = &(*ivec)[0];
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
+#ifdef undef /* MACRO */
+void DES_ede2_ofb64_encrypt(register unsigned char *in,
+             register unsigned char *out, long length, DES_key_schedule k1,
+             DES_key_schedule k2, DES_cblock (*ivec), int *num)
+        {
+        DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
+        }
+#endif
diff --git a/src/lib/libcrypto/des/ofb64enc.c b/src/lib/libcrypto/des/ofb64enc.c
new file mode 100644
index 0000000000..8ca3d49dea
--- /dev/null
+++ b/src/lib/libcrypto/des/ofb64enc.c
@@ -0,0 +1,110 @@
+/* crypto/des/ofb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void DES_ofb64_encrypt(register const unsigned char *in,
+                       register unsigned char *out, long length,
+                       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
+        {
+        register DES_LONG v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        DES_cblock d;
+        register unsigned char *dp;
+        DES_LONG ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv = &(*ivec)[0];
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        DES_encrypt1(ti,schedule,DES_ENCRYPT);
+                        dp=d;
+                        t=ti[0]; l2c(t,dp);
+                        t=ti[1]; l2c(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv = &(*ivec)[0];
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/des/ofb_enc.c b/src/lib/libcrypto/des/ofb_enc.c
new file mode 100644
index 0000000000..e887a3c6f4
--- /dev/null
+++ b/src/lib/libcrypto/des/ofb_enc.c
@@ -0,0 +1,135 @@
+/* crypto/des/ofb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* The input and output are loaded in multiples of 8 bits.
+ * What this means is that if you hame numbits=12 and length=2
+ * the first 12 bits will be retrieved from the first byte and half
+ * the second.  The second 12 bits will come from the 3rd and half the 4th
+ * byte.
+ */
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec)
+        {
+        register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
+        register DES_LONG mask0,mask1;
+        register long l=length;
+        register int num=numbits;
+        DES_LONG ti[2];
+        unsigned char *iv;
+
+        if (num > 64) return;
+        if (num > 32)
+                {
+                mask0=0xffffffffL;
+                if (num >= 64)
+                        mask1=mask0;
+                else
+                        mask1=(1L<<(num-32))-1;
+                }
+        else
+                {
+                if (num == 32)
+                        mask0=0xffffffffL;
+                else
+                        mask0=(1L<<num)-1;
+                mask1=0x00000000L;
+                }
+
+        iv = &(*ivec)[0];
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        while (l-- > 0)
+                {
+                ti[0]=v0;
+                ti[1]=v1;
+                DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
+                vv0=ti[0];
+                vv1=ti[1];
+                c2ln(in,d0,d1,n);
+                in+=n;
+                d0=(d0^vv0)&mask0;
+                d1=(d1^vv1)&mask1;
+                l2cn(d0,d1,out,n);
+                out+=n;
+
+                if (num == 32)
+                        { v0=v1; v1=vv0; }
+                else if (num == 64)
+                                { v0=vv0; v1=vv1; }
+                else if (num > 32) /* && num != 64 */
+                        {
+                        v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
+                        v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
+                        }
+                else /* num < 32 */
+                        {
+                        v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
+                        v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
+                        }
+                }
+        iv = &(*ivec)[0];
+        l2c(v0,iv);
+        l2c(v1,iv);
+        v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
+        }
+
diff --git a/src/lib/libcrypto/des/pcbc_enc.c b/src/lib/libcrypto/des/pcbc_enc.c
new file mode 100644
index 0000000000..17a40f9520
--- /dev/null
+++ b/src/lib/libcrypto/des/pcbc_enc.c
@@ -0,0 +1,123 @@
+/* crypto/des/pcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc)
+        {
+        register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
+        DES_LONG tin[2];
+        const unsigned char *in;
+        unsigned char *out,*iv;
+
+        in=input;
+        out=output;
+        iv = &(*ivec)[0];
+
+        if (enc)
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (; length>0; length-=8)
+                        {
+                        if (length >= 8)
+                                {
+                                c2l(in,sin0);
+                                c2l(in,sin1);
+                                }
+                        else
+                                c2ln(in,sin0,sin1,length);
+                        tin[0]=sin0^xor0;
+                        tin[1]=sin1^xor1;
+                        DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0];
+                        tout1=tin[1];
+                        xor0=sin0^tout0;
+                        xor1=sin1^tout1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        }
+                }
+        else
+                {
+                c2l(iv,xor0); c2l(iv,xor1);
+                for (; length>0; length-=8)
+                        {
+                        c2l(in,sin0);
+                        c2l(in,sin1);
+                        tin[0]=sin0;
+                        tin[1]=sin1;
+                        DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        if (length >= 8)
+                                {
+                                l2c(tout0,out);
+                                l2c(tout1,out);
+                                }
+                        else
+                                l2cn(tout0,tout1,out,length);
+                        xor0=tout0^sin0;
+                        xor1=tout1^sin1;
+                        }
+                }
+        tin[0]=tin[1]=0;
+        sin0=sin1=xor0=xor1=tout0=tout1=0;
+        }
diff --git a/src/lib/libcrypto/des/qud_cksm.c b/src/lib/libcrypto/des/qud_cksm.c
new file mode 100644
index 0000000000..dac201227e
--- /dev/null
+++ b/src/lib/libcrypto/des/qud_cksm.c
@@ -0,0 +1,139 @@
+/* crypto/des/qud_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
+ * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
+ * This module in only based on the code in this paper and is
+ * almost definitely not the same as the MIT implementation.
+ */
+#include "des_locl.h"
+
+/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
+#define Q_B0(a) (((DES_LONG)(a)))
+#define Q_B1(a) (((DES_LONG)(a))<<8)
+#define Q_B2(a) (((DES_LONG)(a))<<16)
+#define Q_B3(a) (((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE   ((DES_LONG)83653421L)
+
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+             long length, int out_count, DES_cblock *seed)
+        {
+        DES_LONG z0,z1,t0,t1;
+        int i;
+        long l;
+        const unsigned char *cp;
+#ifdef _CRAY
+        struct lp_st { int a:32; int b:32; } *lp;
+#else
+        DES_LONG *lp;
+#endif
+
+        if (out_count < 1) out_count=1;
+#ifdef _CRAY
+        lp = (struct lp_st *) &(output[0])[0];
+#else
+        lp = (DES_LONG *) &(output[0])[0];
+#endif
+
+        z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
+        z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
+
+        for (i=0; ((i<4)&&(i<out_count)); i++)
+                {
+                cp=input;
+                l=length;
+                while (l > 0)
+                        {
+                        if (l > 1)
+                                {
+                                t0= (DES_LONG)(*(cp++));
+                                t0|=(DES_LONG)Q_B1(*(cp++));
+                                l--;
+                                }
+                        else
+                                t0= (DES_LONG)(*(cp++));
+                        l--;
+                        /* add */
+                        t0+=z0;
+                        t0&=0xffffffffL;
+                        t1=z1;
+                        /* square, well sort of square */
+                        z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
+                                &0xffffffffL)%0x7fffffffL; 
+                        z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
+                        }
+                if (lp != NULL)
+                        {
+                        /* The MIT library assumes that the checksum is
+                         * composed of 2*out_count 32 bit ints */
+#ifdef _CRAY
+                        (*lp).a = z0;
+                        (*lp).b = z1;
+                        lp++;
+#else
+                        *lp++ = z0;
+                        *lp++ = z1;
+#endif
+                        }
+                }
+        return(z0);
+        }
+
diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c
new file mode 100644
index 0000000000..2398165568
--- /dev/null
+++ b/src/lib/libcrypto/des/rand_key.c
@@ -0,0 +1,68 @@
+/* crypto/des/rand_key.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+int DES_random_key(DES_cblock *ret)
+        {
+        do
+                {
+                if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+                        return (0);
+                } while (DES_is_weak_key(ret));
+        DES_set_odd_parity(ret);
+        return (1);
+        }
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
new file mode 100644
index 0000000000..8881d46a7a
--- /dev/null
+++ b/src/lib/libcrypto/des/set_key.c
@@ -0,0 +1,411 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "des_locl.h"
+
+#ifndef OPENSSL_FIPS
+
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);    /* defaults to false */
+
+static const unsigned char odd_parity[256]={
+  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+
+void DES_set_odd_parity(DES_cblock *key)
+        {
+        int i;
+
+        for (i=0; i<DES_KEY_SZ; i++)
+                (*key)[i]=odd_parity[(*key)[i]];
+        }
+
+int DES_check_key_parity(const_DES_cblock *key)
+        {
+        int i;
+
+        for (i=0; i<DES_KEY_SZ; i++)
+                {
+                if ((*key)[i] != odd_parity[(*key)[i]])
+                        return(0);
+                }
+        return(1);
+        }
+
+/* Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+#define NUM_WEAK_KEY    16
+static DES_cblock weak_keys[NUM_WEAK_KEY]={
+        /* weak keys */
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
+        /* semi-weak keys */
+        {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
+        {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
+        {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
+        {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
+        {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
+        {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
+        {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
+        {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
+        {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
+        {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
+
+int DES_is_weak_key(const_DES_cblock *key)
+        {
+        int i;
+
+        for (i=0; i<NUM_WEAK_KEY; i++)
+                /* Added == 0 to comparison, I obviously don't run
+                 * this section very often :-(, thanks to
+                 * engineering@MorningStar.Com for the fix
+                 * eay 93/06/29
+                 * Another problem, I was comparing only the first 4
+                 * bytes, 97/03/18 */
+                if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
+        return(0);
+        }
+
+/* NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros. 
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ *      (b)^=(t),\
+ *      (a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))
+
+static const DES_LONG des_skb[8][64]={
+        {
+        /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+        0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+        0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+        0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+        0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+        0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+        0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+        0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+        0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+        0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+        0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+        0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+        0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+        0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+        0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+        0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+        0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+        },{
+        /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+        0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+        0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+        0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+        0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+        0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+        0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+        0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+        0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+        0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+        0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+        0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+        0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+        0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+        0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+        0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+        0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+        },{
+        /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+        0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+        0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+        0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+        0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+        0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+        0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+        0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+        0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+        0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+        0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+        0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+        0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+        0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+        0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+        0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+        0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+        },{
+        /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+        0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+        0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+        0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+        0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+        0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+        0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+        0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+        0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+        0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+        0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+        0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+        0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+        0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+        0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+        0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+        0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+        },{
+        /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+        0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+        0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+        0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+        0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+        0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+        0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+        0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+        0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+        0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+        0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+        0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+        0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+        0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+        0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+        0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+        0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+        },{
+        /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+        0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+        0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+        0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+        0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+        0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+        0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+        0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+        0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+        0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+        0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+        0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+        0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+        0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+        0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+        0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+        0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+        },{
+        /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+        0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+        0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+        0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+        0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+        0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+        0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+        0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+        0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+        0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+        0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+        0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+        0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+        0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+        0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+        0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+        0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+        },{
+        /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+        0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+        0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+        0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+        0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+        0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+        0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+        0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+        0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+        0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+        0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+        0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+        0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+        0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+        0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+        0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+        0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+        }};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+        {
+        if (DES_check_key)
+                {
+                return DES_set_key_checked(key, schedule);
+                }
+        else
+                {
+                DES_set_key_unchecked(key, schedule);
+                return 0;
+                }
+        }
+
+/* return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+        {
+        if (!DES_check_key_parity(key))
+                return(-1);
+        if (DES_is_weak_key(key))
+                return(-2);
+        DES_set_key_unchecked(key, schedule);
+        return 0;
+        }
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+        {
+        static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+        register DES_LONG c,d,t,s,t2;
+        register const unsigned char *in;
+        register DES_LONG *k;
+        register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+        memcpy(schedule->key,key,sizeof schedule->key);
+        schedule->session=NULL;
+#endif
+        k = &schedule->ks->deslong[0];
+        in = &(*key)[0];
+
+        c2l(in,c);
+        c2l(in,d);
+
+        /* do PC1 in 47 simple operations :-)
+         * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+         * for the inspiration. :-) */
+        PERM_OP (d,c,t,4,0x0f0f0f0fL);
+        HPERM_OP(c,t,-2,0xcccc0000L);
+        HPERM_OP(d,t,-2,0xcccc0000L);
+        PERM_OP (d,c,t,1,0x55555555L);
+        PERM_OP (c,d,t,8,0x00ff00ffL);
+        PERM_OP (d,c,t,1,0x55555555L);
+        d=      (((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
+                 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
+        c&=0x0fffffffL;
+
+        for (i=0; i<ITERATIONS; i++)
+                {
+                if (shifts2[i])
+                        { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
+                else
+                        { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
+                c&=0x0fffffffL;
+                d&=0x0fffffffL;
+                /* could be a few less shifts but I am to lazy at this
+                 * point in time to investigate */
+                s=      des_skb[0][ (c    )&0x3f                ]|
+                        des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
+                        des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
+                        des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
+                                                  ((c>>22L)&0x38)];
+                t=      des_skb[4][ (d    )&0x3f                ]|
+                        des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
+                        des_skb[6][ (d>>15L)&0x3f                ]|
+                        des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+
+                /* table contained 0213 4657 */
+                t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
+                *(k++)=ROTATE(t2,30)&0xffffffffL;
+
+                t2=((s>>16L)|(t&0xffff0000L));
+                *(k++)=ROTATE(t2,26)&0xffffffffL;
+                }
+        }
+
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+        {
+        return(DES_set_key(key,schedule));
+        }
+/*
+#undef des_fixup_key_parity
+void des_fixup_key_parity(des_cblock *key)
+        {
+        des_set_odd_parity(key);
+        }
+*/
+
+#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/des/spr.h b/src/lib/libcrypto/des/spr.h
new file mode 100644
index 0000000000..b91936a5a5
--- /dev/null
+++ b/src/lib/libcrypto/des/spr.h
@@ -0,0 +1,204 @@
+/* crypto/des/spr.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={
+{
+/* nibble 0 */
+0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+},{
+/* nibble 1 */
+0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+},{
+/* nibble 2 */
+0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+},{
+/* nibble 3 */
+0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+},{
+/* nibble 4 */
+0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+},{
+/* nibble 5 */
+0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+},{
+/* nibble 6 */
+0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+},{
+/* nibble 7 */
+0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+}};
diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c
new file mode 100644
index 0000000000..0373db469c
--- /dev/null
+++ b/src/lib/libcrypto/des/str2key.c
@@ -0,0 +1,173 @@
+/* crypto/des/str2key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void DES_string_to_key(const char *str, DES_cblock *key)
+        {
+        DES_key_schedule ks;
+        int i,length;
+        register unsigned char j;
+
+        memset(key,0,8);
+        length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+        for (i=0; i<length; i++)
+                (*key)[i%8]^=(str[i]<<1);
+#else /* MIT COMPATIBLE */
+        for (i=0; i<length; i++)
+                {
+                j=str[i];
+                if ((i%16) < 8)
+                        (*key)[i%8]^=(j<<1);
+                else
+                        {
+                        /* Reverse the bit order 05/05/92 eay */
+                        j=((j<<4)&0xf0)|((j>>4)&0x0f);
+                        j=((j<<2)&0xcc)|((j>>2)&0x33);
+                        j=((j<<1)&0xaa)|((j>>1)&0x55);
+                        (*key)[7-(i%8)]^=j;
+                        }
+                }
+#endif
+        DES_set_odd_parity(key);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+        if(DES_is_weak_key(key))
+            (*key)[7] ^= 0xF0;
+        DES_set_key(key,&ks);
+#else
+        DES_set_key_unchecked(key,&ks);
+#endif
+        DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
+        OPENSSL_cleanse(&ks,sizeof(ks));
+        DES_set_odd_parity(key);
+        }
+
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+        {
+        DES_key_schedule ks;
+        int i,length;
+        register unsigned char j;
+
+        memset(key1,0,8);
+        memset(key2,0,8);
+        length=strlen(str);
+#ifdef OLD_STR_TO_KEY
+        if (length <= 8)
+                {
+                for (i=0; i<length; i++)
+                        {
+                        (*key2)[i]=(*key1)[i]=(str[i]<<1);
+                        }
+                }
+        else
+                {
+                for (i=0; i<length; i++)
+                        {
+                        if ((i/8)&1)
+                                (*key2)[i%8]^=(str[i]<<1);
+                        else
+                                (*key1)[i%8]^=(str[i]<<1);
+                        }
+                }
+#else /* MIT COMPATIBLE */
+        for (i=0; i<length; i++)
+                {
+                j=str[i];
+                if ((i%32) < 16)
+                        {
+                        if ((i%16) < 8)
+                                (*key1)[i%8]^=(j<<1);
+                        else
+                                (*key2)[i%8]^=(j<<1);
+                        }
+                else
+                        {
+                        j=((j<<4)&0xf0)|((j>>4)&0x0f);
+                        j=((j<<2)&0xcc)|((j>>2)&0x33);
+                        j=((j<<1)&0xaa)|((j>>1)&0x55);
+                        if ((i%16) < 8)
+                                (*key1)[7-(i%8)]^=j;
+                        else
+                                (*key2)[7-(i%8)]^=j;
+                        }
+                }
+        if (length <= 8) memcpy(key2,key1,8);
+#endif
+        DES_set_odd_parity(key1);
+        DES_set_odd_parity(key2);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+        if(DES_is_weak_key(key1))
+            (*key1)[7] ^= 0xF0;
+        DES_set_key(key1,&ks);
+#else
+        DES_set_key_unchecked(key1,&ks);
+#endif
+        DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+        if(DES_is_weak_key(key2))
+            (*key2)[7] ^= 0xF0;
+        DES_set_key(key2,&ks);
+#else
+        DES_set_key_unchecked(key2,&ks);
+#endif
+        DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
+        OPENSSL_cleanse(&ks,sizeof(ks));
+        DES_set_odd_parity(key1);
+        DES_set_odd_parity(key2);
+        }
diff --git a/src/lib/libcrypto/des/times/usparc.cc b/src/lib/libcrypto/des/times/usparc.cc
index f6ec8e8831..0864285ef6 100644
--- a/src/lib/libcrypto/des/times/usparc.cc
+++ b/src/lib/libcrypto/des/times/usparc.cc
@@ -2,7 +2,7 @@ solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
 
 For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
 gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
-I belive the difference is tied up in optimisation that the compiler
+I believe the difference is tied up in optimisation that the compiler
 is able to perform when the code is 'inlined'.  For 'speed', the DES
 routines are being linked from a library.  I'll record the higher
 speed since if performance is everything, you can always inline
diff --git a/src/lib/libcrypto/des/xcbc_enc.c b/src/lib/libcrypto/des/xcbc_enc.c
new file mode 100644
index 0000000000..47246eb466
--- /dev/null
+++ b/src/lib/libcrypto/des/xcbc_enc.c
@@ -0,0 +1,195 @@
+/* crypto/des/xcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* RSA's DESX */
+
+static unsigned char desx_white_in2out[256]={
+0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
+0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
+0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
+0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
+0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
+0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
+0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
+0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
+0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
+0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
+0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
+0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
+0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
+0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
+0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
+0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
+        };
+
+void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
+             DES_cblock *out_white)
+        {
+        int out0,out1;
+        int i;
+        const unsigned char *key = &(*des_key)[0];
+        const unsigned char *in = &(*in_white)[0];
+        unsigned char *out = &(*out_white)[0];
+
+        out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
+        out0=out1=0;
+        for (i=0; i<8; i++)
+                {
+                out[i]=key[i]^desx_white_in2out[out0^out1];
+                out0=out1;
+                out1=(int)out[i&0x07];
+                }
+
+        out0=out[0];
+        out1=out[i];
+        for (i=0; i<8; i++)
+                {
+                out[i]=in[i]^desx_white_in2out[out0^out1];
+                out0=out1;
+                out1=(int)out[i&0x07];
+                }
+        }
+
+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc)
+        {
+        register DES_LONG tin0,tin1;
+        register DES_LONG tout0,tout1,xor0,xor1;
+        register DES_LONG inW0,inW1,outW0,outW1;
+        register const unsigned char *in2;
+        register long l=length;
+        DES_LONG tin[2];
+        unsigned char *iv;
+
+        in2 = &(*inw)[0];
+        c2l(in2,inW0);
+        c2l(in2,inW1);
+        in2 = &(*outw)[0];
+        c2l(in2,outW0);
+        c2l(in2,outW1);
+
+        iv = &(*ivec)[0];
+
+        if (enc)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0^inW0; tin[0]=tin0;
+                        tin1^=tout1^inW1; tin[1]=tin1;
+                        DES_encrypt1(tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]^outW0; l2c(tout0,out);
+                        tout1=tin[1]^outW1; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0^inW0; tin[0]=tin0;
+                        tin1^=tout1^inW1; tin[1]=tin1;
+                        DES_encrypt1(tin,schedule,DES_ENCRYPT);
+                        tout0=tin[0]^outW0; l2c(tout0,out);
+                        tout1=tin[1]^outW1; l2c(tout1,out);
+                        }
+                iv = &(*ivec)[0];
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                for (l-=8; l>0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0^outW0;
+                        c2l(in,tin1); tin[1]=tin1^outW1;
+                        DES_encrypt1(tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0^inW0;
+                        tout1=tin[1]^xor1^inW1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0^outW0;
+                        c2l(in,tin1); tin[1]=tin1^outW1;
+                        DES_encrypt1(tin,schedule,DES_DECRYPT);
+                        tout0=tin[0]^xor0^inW0;
+                        tout1=tin[1]^xor1^inW1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+
+                iv = &(*ivec)[0];
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        inW0=inW1=outW0=outW1=0;
+        tin[0]=tin[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/dh/Makefile.ssl b/src/lib/libcrypto/dh/Makefile.ssl
new file mode 100644
index 0000000000..e05fc01a12
--- /dev/null
+++ b/src/lib/libcrypto/dh/Makefile.ssl
@@ -0,0 +1,133 @@
+#
+# SSLeay/crypto/dh/Makefile
+#
+
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_err.o: ../../include/openssl/symhacks.h dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dh_lib.o: ../cryptlib.h dh_lib.c
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
new file mode 100644
index 0000000000..0aff7fe21f
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh.h
@@ -0,0 +1,213 @@
+/* crypto/dh/dh.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DH_H
+#define HEADER_DH_H
+
+#ifdef OPENSSL_NO_DH
+#error DH is disabled.
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
+        
+#define DH_FLAG_CACHE_MONT_P    0x01
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct dh_st DH;
+
+typedef struct dh_method {
+        const char *name;
+        /* Methods here */
+        int (*generate_key)(DH *dh);
+        int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+        int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx); /* Can be null */
+
+        int (*init)(DH *dh);
+        int (*finish)(DH *dh);
+        int flags;
+        char *app_data;
+} DH_METHOD;
+
+struct dh_st
+        {
+        /* This first argument is used to pick up errors when
+         * a DH is passed instead of a EVP_PKEY */
+        int pad;
+        int version;
+        BIGNUM *p;
+        BIGNUM *g;
+        int length; /* optional */
+        BIGNUM *pub_key;        /* g^x */
+        BIGNUM *priv_key;       /* x */
+
+        int flags;
+        char *method_mont_p;
+        /* Place holders if we want to do X9.42 DH */
+        BIGNUM *q;
+        BIGNUM *j;
+        unsigned char *seed;
+        int seedlen;
+        BIGNUM *counter;
+
+        int references;
+        CRYPTO_EX_DATA ex_data;
+        const DH_METHOD *meth;
+        ENGINE *engine;
+        };
+
+#define DH_GENERATOR_2          2
+/* #define DH_GENERATOR_3       3 */
+#define DH_GENERATOR_5          5
+
+/* DH_check error codes */
+#define DH_CHECK_P_NOT_PRIME            0x01
+#define DH_CHECK_P_NOT_SAFE_PRIME       0x02
+#define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+#define DH_NOT_SUITABLE_GENERATOR       0x08
+
+/* DH_check_pub_key error codes */
+#define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+#define DH_CHECK_PUBKEY_TOO_LARGE       0x02
+
+/* primes p where (p-1)/2 is prime too are called "safe"; we define
+   this for backward compatibility: */
+#define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
+
+#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
+                (char *(*)())d2i_DHparams,(char *)(x))
+#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+                (unsigned char *)(x))
+#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
+                (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#ifdef  __cplusplus
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
+                (unsigned char *)(x))
+#else
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
+                (unsigned char *)(x))
+#endif
+
+const DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
+
+DH *    DH_new(void);
+void    DH_free(DH *dh);
+int     DH_up_ref(DH *dh);
+int     DH_size(const DH *dh);
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+DH *    DH_generate_parameters(int prime_len,int generator,
+                void (*callback)(int,int,void *),void *cb_arg);
+int     DH_check(const DH *dh,int *codes);
+int     DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
+int     DH_generate_key(DH *dh);
+int     DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+DH *    d2i_DHparams(DH **a,const unsigned char **pp, long length);
+int     i2d_DHparams(const DH *a,unsigned char **pp);
+#ifndef OPENSSL_NO_FP_API
+int     DHparams_print_fp(FILE *fp, const DH *x);
+#endif
+#ifndef OPENSSL_NO_BIO
+int     DHparams_print(BIO *bp, const DH *x);
+#else
+int     DHparams_print(char *bp, const DH *x);
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DH_strings(void);
+
+/* Error codes for the DH functions. */
+
+/* Function codes. */
+#define DH_F_DHPARAMS_PRINT                              100
+#define DH_F_DHPARAMS_PRINT_FP                           101
+#define DH_F_DH_COMPUTE_KEY                              102
+#define DH_F_DH_GENERATE_KEY                             103
+#define DH_F_DH_GENERATE_PARAMETERS                      104
+#define DH_F_DH_NEW_METHOD                               105
+
+/* Reason codes. */
+#define DH_R_BAD_GENERATOR                               101
+#define DH_R_NO_PRIVATE_VALUE                            100
+#define DH_R_INVALID_PUBKEY                              102
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
new file mode 100644
index 0000000000..769b5b68c5
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_asn1.c
@@ -0,0 +1,87 @@
+/* dh_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+
+/* Override the default free and new methods */
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_PRE) {
+                *pval = (ASN1_VALUE *)DH_new();
+                if(*pval) return 2;
+                return 0;
+        } else if(operation == ASN1_OP_FREE_PRE) {
+                DH_free((DH *)*pval);
+                *pval = NULL;
+                return 2;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+        ASN1_SIMPLE(DH, p, BIGNUM),
+        ASN1_SIMPLE(DH, g, BIGNUM),
+        ASN1_OPT(DH, length, ZLONG),
+} ASN1_SEQUENCE_END_cb(DH, DHparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
new file mode 100644
index 0000000000..17debff62d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -0,0 +1,146 @@
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+/* Check that p is a safe prime and
+ * if g is 2, 3 or 5, check that is is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+#ifndef OPENSSL_FIPS
+
+int DH_check(const DH *dh, int *ret)
+        {
+        int ok=0;
+        BN_CTX *ctx=NULL;
+        BN_ULONG l;
+        BIGNUM *q=NULL;
+
+        *ret=0;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        q=BN_new();
+        if (q == NULL) goto err;
+
+        if (BN_is_word(dh->g,DH_GENERATOR_2))
+                {
+                l=BN_mod_word(dh->p,24);
+                if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
+                }
+#if 0
+        else if (BN_is_word(dh->g,DH_GENERATOR_3))
+                {
+                l=BN_mod_word(dh->p,12);
+                if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
+                }
+#endif
+        else if (BN_is_word(dh->g,DH_GENERATOR_5))
+                {
+                l=BN_mod_word(dh->p,10);
+                if ((l != 3) && (l != 7))
+                        *ret|=DH_NOT_SUITABLE_GENERATOR;
+                }
+        else
+                *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+
+        if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+                *ret|=DH_CHECK_P_NOT_PRIME;
+        else
+                {
+                if (!BN_rshift1(q,dh->p)) goto err;
+                if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+                        *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
+                }
+        ok=1;
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (q != NULL) BN_free(q);
+        return(ok);
+        }
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+        {
+        int ok=0;
+        BIGNUM *q=NULL;
+
+        *ret=0;
+        q=BN_new();
+        if (q == NULL) goto err;
+        BN_set_word(q,1);
+        if (BN_cmp(pub_key,q) <= 0)
+                *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+        BN_copy(q,dh->p);
+        BN_sub_word(q,1);
+        if (BN_cmp(pub_key,q) >= 0)
+                *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+        ok = 1;
+err:
+        if (q != NULL) BN_free(q);
+        return(ok);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
new file mode 100644
index 0000000000..914b8a9c53
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -0,0 +1,101 @@
+/* crypto/dh/dh_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA DH_str_functs[]=
+        {
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0),     "DHparams_print"},
+{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0),  "DHparams_print_fp"},
+{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0),     "DH_compute_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),    "DH_generate_key"},
+{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),     "DH_generate_parameters"},
+{ERR_PACK(0,DH_F_DH_NEW_METHOD,0),      "DH_new_method"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA DH_str_reasons[]=
+        {
+{DH_R_BAD_GENERATOR                      ,"bad generator"},
+{DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
+{DH_R_INVALID_PUBKEY                     ,"invalid public key"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_DH_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_DH,DH_str_functs);
+                ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
new file mode 100644
index 0000000000..23777f5a16
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -0,0 +1,175 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+/* We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/* Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+
+#ifndef OPENSSL_FIPS
+
+DH *DH_generate_parameters(int prime_len, int generator,
+             void (*callback)(int,int,void *), void *cb_arg)
+        {
+        BIGNUM *p=NULL,*t1,*t2;
+        DH *ret=NULL;
+        int g,ok= -1;
+        BN_CTX *ctx=NULL;
+
+        ret=DH_new();
+        if (ret == NULL) goto err;
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        BN_CTX_start(ctx);
+        t1 = BN_CTX_get(ctx);
+        t2 = BN_CTX_get(ctx);
+        if (t1 == NULL || t2 == NULL) goto err;
+        
+        if (generator <= 1)
+                {
+                DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
+                goto err;
+                }
+        if (generator == DH_GENERATOR_2)
+                {
+                if (!BN_set_word(t1,24)) goto err;
+                if (!BN_set_word(t2,11)) goto err;
+                g=2;
+                }
+#if 0 /* does not work for safe primes */
+        else if (generator == DH_GENERATOR_3)
+                {
+                if (!BN_set_word(t1,12)) goto err;
+                if (!BN_set_word(t2,5)) goto err;
+                g=3;
+                }
+#endif
+        else if (generator == DH_GENERATOR_5)
+                {
+                if (!BN_set_word(t1,10)) goto err;
+                if (!BN_set_word(t2,3)) goto err;
+                /* BN_set_word(t3,7); just have to miss
+                 * out on these ones :-( */
+                g=5;
+                }
+        else
+                {
+                /* in the general case, don't worry if 'generator' is a
+                 * generator or not: since we are using safe primes,
+                 * it will generate either an order-q or an order-2q group,
+                 * which both is OK */
+                if (!BN_set_word(t1,2)) goto err;
+                if (!BN_set_word(t2,1)) goto err;
+                g=generator;
+                }
+        
+        p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+        if (p == NULL) goto err;
+        if (callback != NULL) callback(3,0,cb_arg);
+        ret->p=p;
+        ret->g=BN_new();
+        if (ret->g == NULL) goto err;
+        if (!BN_set_word(ret->g,g)) goto err;
+        ok=1;
+err:
+        if (ok == -1)
+                {
+                DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+                ok=0;
+                }
+
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        if (!ok && (ret != NULL))
+                {
+                DH_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
new file mode 100644
index 0000000000..648766a6ec
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -0,0 +1,233 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_FIPS
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                        const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+        {
+        return dh->meth->generate_key(dh);
+        }
+
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+        {
+        return dh->meth->compute_key(key, pub_key, dh);
+        }
+
+static DH_METHOD dh_ossl = {
+"OpenSSL DH Method",
+generate_key,
+compute_key,
+dh_bn_mod_exp,
+dh_init,
+dh_finish,
+0,
+NULL
+};
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+        return &dh_ossl;
+}
+
+static int generate_key(DH *dh)
+        {
+        int ok=0;
+        int generate_new_key=0;
+        unsigned l;
+        BN_CTX *ctx;
+        BN_MONT_CTX *mont;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+        ctx = BN_CTX_new();
+        if (ctx == NULL) goto err;
+
+        if (dh->priv_key == NULL)
+                {
+                priv_key=BN_new();
+                if (priv_key == NULL) goto err;
+                generate_new_key=1;
+                }
+        else
+                priv_key=dh->priv_key;
+
+        if (dh->pub_key == NULL)
+                {
+                pub_key=BN_new();
+                if (pub_key == NULL) goto err;
+                }
+        else
+                pub_key=dh->pub_key;
+
+        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+                {
+                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+                                dh->p,ctx)) goto err;
+                }
+        mont=(BN_MONT_CTX *)dh->method_mont_p;
+
+        if (generate_new_key)
+                {
+                l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+                if (!BN_rand(priv_key, l, 0, 0)) goto err;
+                }
+        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
+                goto err;
+                
+        dh->pub_key=pub_key;
+        dh->priv_key=priv_key;
+        ok=1;
+err:
+        if (ok != 1)
+                DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+
+        if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
+        if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
+        BN_CTX_free(ctx);
+        return(ok);
+        }
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+        {
+        BN_CTX *ctx;
+        BN_MONT_CTX *mont;
+        BIGNUM *tmp;
+        int ret= -1;
+        int check_result;
+
+        ctx = BN_CTX_new();
+        if (ctx == NULL) goto err;
+        BN_CTX_start(ctx);
+        tmp = BN_CTX_get(ctx);
+        
+        if (dh->priv_key == NULL)
+                {
+                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+                goto err;
+                }
+        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+                {
+                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+                                dh->p,ctx)) goto err;
+                }
+
+        mont=(BN_MONT_CTX *)dh->method_mont_p;
+
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+                {
+                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+                goto err;
+                }
+        if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
+                {
+                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+                goto err;
+                }
+
+        ret=BN_bn2bin(tmp,key);
+err:
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return(ret);
+        }
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                        const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *m_ctx)
+        {
+        if (a->top == 1)
+                {
+                BN_ULONG A = a->d[0];
+                return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
+                }
+        else
+                return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
+        }
+
+
+static int dh_init(DH *dh)
+        {
+        dh->flags |= DH_FLAG_CACHE_MONT_P;
+        return(1);
+        }
+
+static int dh_finish(DH *dh)
+        {
+        if(dh->method_mont_p)
+                BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
+        return(1);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
new file mode 100644
index 0000000000..09965ee2ea
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -0,0 +1,247 @@
+/* crypto/dh/dh_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+
+static const DH_METHOD *default_DH_method = NULL;
+
+void DH_set_default_method(const DH_METHOD *meth)
+        {
+        default_DH_method = meth;
+        }
+
+const DH_METHOD *DH_get_default_method(void)
+        {
+        if(!default_DH_method)
+                default_DH_method = DH_OpenSSL();
+        return default_DH_method;
+        }
+
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const DH_METHOD *mtmp;
+        mtmp = dh->meth;
+        if (mtmp->finish) mtmp->finish(dh);
+#ifndef OPENSSL_NO_ENGINE
+        if (dh->engine)
+                {
+                ENGINE_finish(dh->engine);
+                dh->engine = NULL;
+                }
+#endif
+        dh->meth = meth;
+        if (meth->init) meth->init(dh);
+        return 1;
+        }
+
+DH *DH_new(void)
+        {
+        return DH_new_method(NULL);
+        }
+
+DH *DH_new_method(ENGINE *engine)
+        {
+        DH *ret;
+
+        ret=(DH *)OPENSSL_malloc(sizeof(DH));
+        if (ret == NULL)
+                {
+                DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+
+        ret->meth = DH_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_DH();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_DH(ret->engine);
+                if(!ret->meth)
+                        {
+                        DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+
+        ret->pad=0;
+        ret->version=0;
+        ret->p=NULL;
+        ret->g=NULL;
+        ret->length=0;
+        ret->pub_key=NULL;
+        ret->priv_key=NULL;
+        ret->q=NULL;
+        ret->j=NULL;
+        ret->seed = NULL;
+        ret->seedlen = 0;
+        ret->counter = NULL;
+        ret->method_mont_p=NULL;
+        ret->references = 1;
+        ret->flags=ret->meth->flags;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+void DH_free(DH *r)
+        {
+        int i;
+        if(r == NULL) return;
+        i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+        REF_PRINT("DH",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"DH_free, bad reference count\n");
+                abort();
+        }
+#endif
+
+        if (r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if (r->engine)
+                ENGINE_finish(r->engine);
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->j != NULL) BN_clear_free(r->j);
+        if (r->seed) OPENSSL_free(r->seed);
+        if (r->counter != NULL) BN_clear_free(r->counter);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        OPENSSL_free(r);
+        }
+
+int DH_up_ref(DH *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+        REF_PRINT("DH",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "DH_up, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int DH_set_ex_data(DH *d, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
+        }
+
+void *DH_get_ex_data(DH *d, int idx)
+        {
+        return(CRYPTO_get_ex_data(&d->ex_data,idx));
+        }
+
+int DH_size(const DH *dh)
+        {
+        return(BN_num_bytes(dh->p));
+        }
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
index b76dede771..d75077f9fa 100644
--- a/src/lib/libcrypto/dh/dhtest.c
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -136,10 +136,6 @@ int main(int argc, char *argv[])
         b->g=BN_dup(a->g);
         if ((b->p == NULL) || (b->g == NULL)) goto err;
 
-        /* Set a to run with normal modexp and b to use constant time */
-        a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
-        b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-
         if (!DH_generate_key(a)) goto err;
         BIO_puts(out,"pri 1=");
         BN_print(out,a->priv_key);
diff --git a/src/lib/libcrypto/doc/DH_generate_key.pod b/src/lib/libcrypto/doc/DH_generate_key.pod
new file mode 100644
index 0000000000..81f09fdf45
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_generate_key.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_generate_key(DH *dh);
+
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+=head1 DESCRIPTION
+
+DH_generate_key() performs the first step of a Diffie-Hellman key
+exchange by generating private and public DH values. By calling
+DH_compute_key(), these are combined with the other party's public
+value to compute the shared key.
+
+DH_generate_key() expects B<dh> to contain the shared parameters
+B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
+unless B<dh-E<gt>priv_key> is already set, and computes the
+corresponding public value B<dh-E<gt>pub_key>, which can then be
+published.
+
+DH_compute_key() computes the shared secret from the private DH value
+in B<dh> and the other party's public value in B<pub_key> and stores
+it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+
+=head1 RETURN VALUES
+
+DH_generate_key() returns 1 on success, 0 otherwise.
+
+DH_compute_key() returns the size of the shared secret on success, -1
+on error.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+
+=head1 HISTORY
+
+DH_generate_key() and DH_compute_key() are available in all versions
+of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod
new file mode 100644
index 0000000000..9081e9ea7c
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_generate_parameters.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH *DH_generate_parameters(int prime_len, int generator,
+     void (*callback)(int, int, void *), void *cb_arg);
+
+ int DH_check(DH *dh, int *codes);
+
+=head1 DESCRIPTION
+
+DH_generate_parameters() generates Diffie-Hellman parameters that can
+be shared among a group of users, and returns them in a newly
+allocated B<DH> structure. The pseudo-random number generator must be
+seeded prior to calling DH_generate_parameters().
+
+B<prime_len> is the length in bits of the safe prime to be generated.
+B<generator> is a small number E<gt> 1, typically 2 or 5. 
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
+number is generated, and when a prime has been found, B<callback(3,
+0, cb_arg)> is called.
+
+DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
+a safe prime, and that B<g> is a suitable generator. In the case of an
+error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
+DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
+DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
+checked, i.e. it does not equal 2 or 5.
+
+=head1 RETURN VALUES
+
+DH_generate_parameters() returns a pointer to the DH structure, or
+NULL if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+DH_check() returns 1 if the check could be performed, 0 otherwise.
+
+=head1 NOTES
+
+DH_generate_parameters() may run for several hours before finding a
+suitable prime.
+
+The parameters generated by DH_generate_parameters() are not to be
+used in signature schemes.
+
+=head1 BUGS
+
+If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
+a usable generator.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DH_free(3)|DH_free(3)>
+
+=head1 HISTORY
+
+DH_check() is available in all versions of SSLeay and OpenSSL.
+The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
+
+In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
+instead of DH_CHECK_P_NOT_SAFE_PRIME.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod b/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
new file mode 100644
index 0000000000..fa5eab2650
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int DH_set_ex_data(DH *d, int idx, void *arg);
+
+ char *DH_get_ex_data(DH *d, int idx);
+
+=head1 DESCRIPTION
+
+These functions handle application specific data in DH
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
+
+=head1 HISTORY
+
+DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
+available since OpenSSL 0.9.5.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DH_new.pod b/src/lib/libcrypto/doc/DH_new.pod
new file mode 100644
index 0000000000..60c930093e
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_new.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+DH_new, DH_free - allocate and free DH objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH* DH_new(void);
+
+ void DH_free(DH *dh);
+
+=head1 DESCRIPTION
+
+DH_new() allocates and initializes a B<DH> structure.
+
+DH_free() frees the B<DH> structure and its components. The values are
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DH_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+DH_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_generate_key(3)|DH_generate_key(3)>
+
+=head1 HISTORY
+
+DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod
new file mode 100644
index 0000000000..73261fc467
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_set_method.pod
@@ -0,0 +1,129 @@
+=pod
+
+=head1 NAME
+
+DH_set_default_method, DH_get_default_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+ #include <openssl/engine.h>
+
+ void DH_set_default_method(const DH_METHOD *meth);
+
+ const DH_METHOD *DH_get_default_method(void);
+
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+
+ DH *DH_new_method(ENGINE *engine);
+
+ const DH_METHOD *DH_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later. B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
+
+=head1 THE DH_METHOD STRUCTURE
+
+ typedef struct dh_meth_st
+ {
+     /* name of the implementation */
+        const char *name;
+
+     /* generate private and public DH values for key agreement */
+        int (*generate_key)(DH *dh);
+
+     /* compute shared secret */
+        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+
+     /* called at DH_new */
+        int (*init)(DH *dh);
+
+     /* called at DH_free */
+        int (*finish)(DH *dh);
+
+        int flags;
+
+        char *app_data; /* ?? */
+
+ } DH_METHOD;
+
+=head1 RETURN VALUES
+
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+B<DH_METHOD>s.
+
+DH_set_default_method() returns no value.
+
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, DH_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DH functionality using an ENGINE API function,
+that will override any DH defaults set using the DH API (ie.
+DH_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DH and other cryptographic
+algorithms.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
+
+=head1 HISTORY
+
+DH_set_default_method(), DH_get_default_method(), DH_set_method(),
+DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
+
+DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
+DH_set_default_method() and DH_get_default_method() respectively, and
+DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
+B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DH API without
+requiring changing these function prototypes.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DH_size.pod b/src/lib/libcrypto/doc/DH_size.pod
new file mode 100644
index 0000000000..97f26fda78
--- /dev/null
+++ b/src/lib/libcrypto/doc/DH_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+DH_size - get Diffie-Hellman prime size
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_size(DH *dh);
+
+=head1 DESCRIPTION
+
+This function returns the Diffie-Hellman size in bytes. It can be used
+to determine how much memory must be allocated for the shared secret
+computed by DH_compute_key().
+
+B<dh-E<gt>p> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
+
+=head1 HISTORY
+
+DH_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_SIG_new.pod b/src/lib/libcrypto/doc/DSA_SIG_new.pod
new file mode 100644
index 0000000000..3ac6140038
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_SIG_new.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_SIG_new(void);
+
+ void   DSA_SIG_free(DSA_SIG *a);
+
+=head1 DESCRIPTION
+
+DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
+
+DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
+values are erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
+error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_SIG_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
+
+=head1 HISTORY
+
+DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_do_sign.pod b/src/lib/libcrypto/doc/DSA_do_sign.pod
new file mode 100644
index 0000000000..5dfc733b20
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_do_sign.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+DSA_do_sign, DSA_do_verify - raw DSA signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+             DSA_SIG *sig, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_do_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and returns it in a
+newly allocated B<DSA_SIG> structure.
+
+L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
+of the signing operation in case signature generation is
+time-critical.
+
+DSA_do_verify() verifies that the signature B<sig> matches a given
+message digest B<dgst> of size B<len>.  B<dsa> is the signer's public
+key.
+
+=head1 RETURN VALUES
+
+DSA_do_sign() returns the signature, NULL on error.  DSA_do_verify()
+returns 1 for a valid signature, 0 for an incorrect signature and -1
+on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+L<DSA_sign(3)|DSA_sign(3)>
+
+=head1 HISTORY
+
+DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_dup_DH.pod b/src/lib/libcrypto/doc/DSA_dup_DH.pod
new file mode 100644
index 0000000000..7f6f0d1115
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_dup_DH.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DSA_dup_DH - create a DH structure out of DSA structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DH * DSA_dup_DH(const DSA *r);
+
+=head1 DESCRIPTION
+
+DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
+is lost during that conversion, but the resulting DH parameters
+contain its length.
+
+=head1 RETURN VALUE
+
+DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTE
+
+Be careful to avoid small subgroup attacks when using this.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+DSA_dup_DH() was added in OpenSSL 0.9.4.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_key.pod b/src/lib/libcrypto/doc/DSA_generate_key.pod
new file mode 100644
index 0000000000..af83ccfaa1
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_generate_key.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_key - generate DSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_generate_key(DSA *a);
+
+=head1 DESCRIPTION
+
+DSA_generate_key() expects B<a> to contain DSA parameters. It generates
+a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
+
+The PRNG must be seeded prior to calling DSA_generate_key().
+
+=head1 RETURN VALUE
+
+DSA_generate_key() returns 1 on success, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+
+=head1 HISTORY
+
+DSA_generate_key() is available since SSLeay 0.8.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_generate_parameters.pod b/src/lib/libcrypto/doc/DSA_generate_parameters.pod
new file mode 100644
index 0000000000..be7c924ff8
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_generate_parameters.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_parameters - generate DSA parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed,
+                int seed_len, int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *), void *cb_arg);
+
+=head1 DESCRIPTION
+
+DSA_generate_parameters() generates primes p and q and a generator g
+for use in the DSA.
+
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.
+
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.
+
+DSA_generate_parameters() places the iteration count in
+*B<counter_ret> and a counter used for finding a generator in
+*B<h_ret>, unless these are B<NULL>.
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as follows:
+
+=over 4
+
+=item *
+
+When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
+(m is 0 for the first candidate).
+
+=item *
+
+When a candidate for q has passed a test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
+
+=item *
+
+When a prime q has been found, B<callback(2, 0, cb_arg)> and
+B<callback(3, 0, cb_arg)> are called.
+
+=item *
+
+Before a candidate for p (other than the first) is generated and tested,
+B<callback(0, counter, cb_arg)> is called.
+
+=item *
+
+When a candidate for p has passed the test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While it is tested by the Miller-Rabin primality test,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
+
+=item *
+
+When p has been found, B<callback(2, 1, cb_arg)> is called.
+
+=item *
+
+When the generator has been found, B<callback(3, 1, cb_arg)> is called.
+
+=back
+
+=head1 RETURN VALUE
+
+DSA_generate_parameters() returns a pointer to the DSA structure, or
+B<NULL> if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+Seed lengths E<gt> 20 are not supported.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_free(3)|DSA_free(3)>
+
+=head1 HISTORY
+
+DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
+argument was added in SSLeay 0.9.0.
+In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
+in the inner loop of the Miller-Rabin test whenever it reached the
+squaring step (the parameters to B<callback> did not reveal how many
+witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
+is called as in BN_is_prime(3), i.e. once for each witness.
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
new file mode 100644
index 0000000000..4612e708ec
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/DSA.h>
+
+ int DSA_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int DSA_set_ex_data(DSA *d, int idx, void *arg);
+
+ char *DSA_get_ex_data(DSA *d, int idx);
+
+=head1 DESCRIPTION
+
+These functions handle application specific data in DSA
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
+
+=head1 HISTORY
+
+DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
+available since OpenSSL 0.9.5.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_new.pod b/src/lib/libcrypto/doc/DSA_new.pod
new file mode 100644
index 0000000000..48e9b82a09
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_new.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+DSA_new, DSA_free - allocate and free DSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA* DSA_new(void);
+
+ void DSA_free(DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
+
+DSA_free() frees the B<DSA> structure and its components. The values are
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_new() returns B<NULL> and sets an error
+code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>
+
+=head1 HISTORY
+
+DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
new file mode 100644
index 0000000000..bc3cfb1f0a
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -0,0 +1,143 @@
+=pod
+
+=head1 NAME
+
+DSA_set_default_method, DSA_get_default_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+ #include <openssl/engine.h>
+
+ void DSA_set_default_method(const DSA_METHOD *meth);
+
+ const DSA_METHOD *DSA_get_default_method(void);
+
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+
+ DSA *DSA_new_method(ENGINE *engine);
+
+ DSA_METHOD *DSA_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
+
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
+
+DSA_get_default_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
+
+=head1 THE DSA_METHOD STRUCTURE
+
+struct
+ {
+     /* name of the implementation */
+        const char *name;
+
+     /* sign */
+        DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
+                                 DSA *dsa);
+
+     /* pre-compute k^-1 and r */
+        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                 BIGNUM **rp);
+
+     /* verify */
+        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+                                 DSA_SIG *sig, DSA *dsa);
+
+     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
+                                          implementations) */
+        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                                 const BIGNUM *p, const BIGNUM *m,
+                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+     /* called at DSA_new */
+        int (*init)(DSA *DSA);
+
+     /* called at DSA_free */
+        int (*finish)(DSA *DSA);
+
+        int flags;
+
+        char *app_data; /* ?? */
+
+ } DSA_METHOD;
+
+=head1 RETURN VALUES
+
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
+
+DSA_set_default_method() returns no value.
+
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+
+DSA_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
+fails. Otherwise it returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
+
+=head1 HISTORY
+
+DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
+DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
+
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
+DSA_set_default_method() and DSA_get_default_method() respectively, and
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_sign.pod b/src/lib/libcrypto/doc/DSA_sign.pod
new file mode 100644
index 0000000000..97389e8ec8
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_sign.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int    DSA_sign(int type, const unsigned char *dgst, int len,
+                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+
+ int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+                BIGNUM **rp);
+
+ int    DSA_verify(int type, const unsigned char *dgst, int len,
+                unsigned char *sigbuf, int siglen, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
+encoding at B<sigret>. The length of the signature is places in
+*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
+
+DSA_sign_setup() may be used to precompute part of the signing
+operation in case signature generation is time-critical. It expects
+B<dsa> to contain DSA parameters. It places the precomputed values
+in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
+the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
+be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
+B<ctx> is a pre-allocated B<BN_CTX> or NULL.
+
+DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<dgst> of size B<len>.
+B<dsa> is the signer's public key.
+
+The B<type> parameter is ignored.
+
+The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
+is called.
+
+=head1 RETURN VALUES
+
+DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
+DSA_verify() returns 1 for a valid signature, 0 for an incorrect
+signature and -1 on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
+
+=head1 HISTORY
+
+DSA_sign() and DSA_verify() are available in all versions of SSLeay.
+DSA_sign_setup() was added in SSLeay 0.8.
+
+=cut
diff --git a/src/lib/libcrypto/doc/DSA_size.pod b/src/lib/libcrypto/doc/DSA_size.pod
new file mode 100644
index 0000000000..ba4f650361
--- /dev/null
+++ b/src/lib/libcrypto/doc/DSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+DSA_size - get DSA signature size
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_size(const DSA *dsa);
+
+=head1 DESCRIPTION
+
+This function returns the size of an ASN.1 encoded DSA signature in
+bytes. It can be used to determine how much memory must be allocated
+for a DSA signature.
+
+B<dsa-E<gt>q> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
+
+=head1 HISTORY
+
+DSA_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_GET_LIB.pod b/src/lib/libcrypto/doc/ERR_GET_LIB.pod
new file mode 100644
index 0000000000..2a129da036
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_GET_LIB.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
+reason code
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ int ERR_GET_LIB(unsigned long e);
+
+ int ERR_GET_FUNC(unsigned long e);
+
+ int ERR_GET_REASON(unsigned long e);
+
+=head1 DESCRIPTION
+
+The error code returned by ERR_get_error() consists of a library
+number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
+and ERR_GET_REASON() can be used to extract these.
+
+The library number and function code describe where the error
+occurred, the reason code is the information about what went wrong.
+
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library.  Note that different
+libraries may use the same value to signal different functions and
+reasons.
+
+B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
+unique. However, when checking for sub-library specific reason codes,
+be sure to also compare the library number.
+
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
+
+=head1 RETURN VALUES
+
+The library number, function code and reason code respectively.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_clear_error.pod b/src/lib/libcrypto/doc/ERR_clear_error.pod
new file mode 100644
index 0000000000..566e1f4e31
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_clear_error.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+ERR_clear_error - clear the error queue
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_clear_error(void);
+
+=head1 DESCRIPTION
+
+ERR_clear_error() empties the current thread's error queue.
+
+=head1 RETURN VALUES
+
+ERR_clear_error() has no return value.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod
new file mode 100644
index 0000000000..cdfa7fe1fe
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_error_string.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+ERR_func_error_string, ERR_reason_error_string - obtain human-readable
+error message
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ char *ERR_error_string(unsigned long e, char *buf);
+ void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+
+=head1 DESCRIPTION
+
+ERR_error_string() generates a human-readable string representing the
+error code I<e>, and places it at I<buf>. I<buf> must be at least 120
+bytes long. If I<buf> is B<NULL>, the error string is placed in a
+static buffer.
+ERR_error_string_n() is a variant of ERR_error_string() that writes
+at most I<len> characters (including the terminating 0)
+and truncates the string if necessary.
+For ERR_error_string_n(), I<buf> may not be B<NULL>.
+
+The string will have the following format:
+
+ error:[error code]:[library name]:[function name]:[reason string]
+
+I<error code> is an 8 digit hexadecimal number, I<library name>,
+I<function name> and I<reason string> are ASCII text.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the library name, function
+name and reason string respectively.
+
+The OpenSSL error strings should be loaded by calling
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
+applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+first.
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
+all error codes currently in the queue.
+
+=head1 RETURN VALUES
+
+ERR_error_string() returns a pointer to a static buffer containing the
+string if I<buf> B<== NULL>, I<buf> otherwise.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the strings, and B<NULL> if
+none is registered for the error code.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+L<ERR_print_errors(3)|ERR_print_errors(3)>
+
+=head1 HISTORY
+
+ERR_error_string() is available in all versions of SSLeay and OpenSSL.
+ERR_error_string_n() was added in OpenSSL 0.9.6.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
new file mode 100644
index 0000000000..34443045fc
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_get_error.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
+ERR_get_error_line_data, ERR_peek_error_line_data,
+ERR_peek_last_error_line_data - obtain error code and data
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_peek_last_error(void);
+
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_peek_last_error_line(const char **file, int *line);
+
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+
+=head1 DESCRIPTION
+
+ERR_get_error() returns the earliest error code from the thread's error
+queue and removes the entry. This function can be called repeatedly
+until there are no more error codes to return.
+
+ERR_peek_error() returns the earliest error code from the thread's
+error queue without modifying it.
+
+ERR_peek_last_error() returns the latest error code from the thread's
+error queue without modifying it.
+
+See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
+location and reason of the error, and
+L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
+messages.
+
+ERR_get_error_line(), ERR_peek_error_line() and
+ERR_peek_last_error_line() are the same as the above, but they
+additionally store the file name and line number where
+the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
+
+ERR_get_error_line_data(), ERR_peek_error_line_data() and
+ERR_get_last_error_line_data() store additional data and flags
+associated with the error code in *B<data>
+and *B<flags>, unless these are B<NULL>. *B<data> contains a string
+if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
+*B<flags>&B<ERR_TXT_MALLOCED> is true.
+
+=head1 RETURN VALUES
+
+The error code, or 0 if there is no error in the queue.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
+
+=head1 HISTORY
+
+ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
+ERR_peek_error_line() are available in all versions of SSLeay and
+OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
+were added in SSLeay 0.9.0.
+ERR_peek_last_error(), ERR_peek_last_error_line() and
+ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod b/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
new file mode 100644
index 0000000000..9bdec75a46
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
+load and free error strings
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+
+ #include <openssl/ssl.h>
+
+ void SSL_load_error_strings(void);
+
+=head1 DESCRIPTION
+
+ERR_load_crypto_strings() registers the error strings for all
+B<libcrypto> functions. SSL_load_error_strings() does the same,
+but also registers the B<libssl> error strings.
+
+One of these functions should be called before generating
+textual error messages. However, this is not required when memory
+usage is an issue.
+
+ERR_free_strings() frees all previously loaded error strings.
+
+=head1 RETURN VALUES
+
+ERR_load_crypto_strings(), SSL_load_error_strings() and
+ERR_free_strings() return no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
+
+=head1 HISTORY
+
+ERR_load_error_strings(), SSL_load_error_strings() and
+ERR_free_strings() are available in all versions of SSLeay and
+OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_load_strings.pod b/src/lib/libcrypto/doc/ERR_load_strings.pod
new file mode 100644
index 0000000000..5acdd0edbc
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_load_strings.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
+arbitrary error strings
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+
+ int ERR_get_next_error_library(void);
+
+ unsigned long ERR_PACK(int lib, int func, int reason);
+
+=head1 DESCRIPTION
+
+ERR_load_strings() registers error strings for library number B<lib>.
+
+B<str> is an array of error string data:
+
+ typedef struct ERR_string_data_st
+ {
+        unsigned long error;
+        char *string;
+ } ERR_STRING_DATA;
+
+The error code is generated from the library number and a function and
+reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
+ERR_PACK() is a macro.
+
+The last entry in the array is {0,0}.
+
+ERR_get_next_error_library() can be used to assign library numbers
+to user libraries at runtime.
+
+=head1 RETURN VALUE
+
+ERR_load_strings() returns no value. ERR_PACK() return the error code.
+ERR_get_next_error_library() returns a new library number.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+=head1 HISTORY
+
+ERR_load_error_strings() and ERR_PACK() are available in all versions
+of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
+SSLeay 0.9.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_print_errors.pod b/src/lib/libcrypto/doc/ERR_print_errors.pod
new file mode 100644
index 0000000000..b100a5fa2b
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_print_errors.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+ERR_print_errors, ERR_print_errors_fp - print error messages
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+
+=head1 DESCRIPTION
+
+ERR_print_errors() is a convenience function that prints the error
+strings for all errors that OpenSSL has recorded to B<bp>, thus
+emptying the error queue.
+
+ERR_print_errors_fp() is the same, except that the output goes to a
+B<FILE>.
+
+
+The error strings will have the following format:
+
+ [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+
+I<error code> is an 8 digit hexadecimal number. I<library name>,
+I<function name> and I<reason string> are ASCII text, as is I<optional
+text message> if one was set for the respective error code.
+
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+=head1 RETURN VALUES
+
+ERR_print_errors() and ERR_print_errors_fp() return no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+
+=head1 HISTORY
+
+ERR_print_errors() and ERR_print_errors_fp()
+are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_put_error.pod b/src/lib/libcrypto/doc/ERR_put_error.pod
new file mode 100644
index 0000000000..acd241fbe4
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_put_error.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+ERR_put_error, ERR_add_error_data - record an error
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+         int line);
+
+ void ERR_add_error_data(int num, ...);
+
+=head1 DESCRIPTION
+
+ERR_put_error() adds an error code to the thread's error queue. It
+signals that the error of reason code B<reason> occurred in function
+B<func> of library B<lib>, in line number B<line> of B<file>.
+This function is usually called by a macro.
+
+ERR_add_error_data() associates the concatenation of its B<num> string
+arguments with the error code added last.
+
+L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
+error strings so that the application can a generate human-readable
+error messages for the error code.
+
+=head1 RETURN VALUES
+
+ERR_put_error() and ERR_add_error_data() return
+no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+=head1 HISTORY
+
+ERR_put_error() is available in all versions of SSLeay and OpenSSL.
+ERR_add_error_data() was added in SSLeay 0.9.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/ERR_remove_state.pod b/src/lib/libcrypto/doc/ERR_remove_state.pod
new file mode 100644
index 0000000000..72925fb9f4
--- /dev/null
+++ b/src/lib/libcrypto/doc/ERR_remove_state.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+ERR_remove_state - free a thread's error queue
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_remove_state(unsigned long pid);
+
+=head1 DESCRIPTION
+
+ERR_remove_state() frees the error queue associated with thread B<pid>.
+If B<pid> == 0, the current thread will have its error queue removed.
+
+Since error queue data structures are allocated automatically for new
+threads, they must be freed when threads are terminated in order to
+avoid memory leaks.
+
+=head1 RETURN VALUE
+
+ERR_remove_state() returns no value.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>
+
+=head1 HISTORY
+
+ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
new file mode 100644
index 0000000000..016381f3e9
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+EVP_BytesToKey - password based encryption routine
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+                       const unsigned char *salt,
+                       const unsigned char *data, int datal, int count,
+                       unsigned char *key,unsigned char *iv);
+
+=head1 DESCRIPTION
+
+EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
+the cipher to derive the key and IV for. B<md> is the message digest to use.
+The B<salt> paramter is used as a salt in the derivation: it should point to
+an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
+B<datal> bytes which is used to derive the keying data. B<count> is the
+iteration count to use. The derived key and IV will be written to B<key>
+and B<iv> respectively.
+
+=head1 NOTES
+
+A typical application of this function is to derive keying material for an
+encryption algorithm from a password in the B<data> parameter.
+
+Increasing the B<count> parameter slows down the algorithm which makes it
+harder for an attacker to peform a brute force attack using a large number
+of candidate passwords.
+
+If the total key and IV length is less than the digest length and
+B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
+otherwise a non standard extension is used to derive the extra data.
+
+Newer applications should use more standard algorithms such as PKCS#5
+v2.0 for key derivation.
+
+=head1 KEY DERIVATION ALGORITHM
+
+The key and IV is derived by concatenating D_1, D_2, etc until
+enough data is available for the key and IV. D_i is defined as:
+
+        D_i = HASH^count(D_(i-1) || data || salt)
+
+where || denotes concatentaion, D_0 is empty, HASH is the digest
+algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
+is HASH(HASH(data)) and so on.
+
+The initial bytes are used for the key and the subsequent bytes for
+the IV.
+
+=head1 RETURN VALUES
+
+EVP_BytesToKey() returns the size of the derived key in bytes.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+
+=head1 HISTORY
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
new file mode 100644
index 0000000000..faa992286b
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -0,0 +1,256 @@
+=pod
+
+=head1 NAME
+
+EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
+EVP digest routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
+
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+
+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+
+ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+
+ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+
+
+ #define EVP_MD_type(e)                 ((e)->type)
+ #define EVP_MD_pkey_type(e)            ((e)->pkey_type)
+ #define EVP_MD_size(e)                 ((e)->md_size)
+ #define EVP_MD_block_size(e)           ((e)->block_size)
+
+ #define EVP_MD_CTX_md(e)               (e)->digest)
+ #define EVP_MD_CTX_size(e)             EVP_MD_size((e)->digest)
+ #define EVP_MD_CTX_block_size(e)       EVP_MD_block_size((e)->digest)
+ #define EVP_MD_CTX_type(e)             EVP_MD_type((e)->digest)
+
+ const EVP_MD *EVP_md_null(void);
+ const EVP_MD *EVP_md2(void);
+ const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_sha(void);
+ const EVP_MD *EVP_sha1(void);
+ const EVP_MD *EVP_dss(void);
+ const EVP_MD *EVP_dss1(void);
+ const EVP_MD *EVP_mdc2(void);
+ const EVP_MD *EVP_ripemd160(void);
+
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+ #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+
+=head1 DESCRIPTION
+
+The EVP digest routines are a high level interface to message digests.
+
+EVP_MD_CTX_init() initializes digest contet B<ctx>.
+
+EVP_MD_CTX_create() allocates, initializes and returns a digest contet.
+
+EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
+If B<impl> is NULL then the default implementation of digest B<type> is used.
+
+EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+digest context B<ctx>. This function can be called several times on the
+same B<ctx> to hash additional data.
+
+EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places
+it in B<md>. If the B<s> parameter is not NULL then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
+After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate()
+can be made, but EVP_DigestInit_ex() can be called to initialize a new
+digest operation.
+
+EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called
+after a digest context is no longer needed.
+
+EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the
+space allocated to it, it should be called only on a context created
+using EVP_MD_CTX_create().
+
+EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
+B<in> to B<out>. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes. B<out> must be initialized
+before calling this function.
+
+EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
+the passed context B<ctx> does not have to be initialized, and it always
+uses the default digest implementation.
+
+EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
+contet B<ctx> is automatically cleaned up.
+
+EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
+B<out> does not have to be initialized.
+
+EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
+when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
+hash.
+
+EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
+message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
+
+EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
+representing the given message digest when passed an B<EVP_MD> structure.
+For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
+normally used when setting ASN1 OIDs.
+
+EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
+B<EVP_MD_CTX>.
+
+EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
+with this digest. For example EVP_sha1() is associated with RSA so this will
+return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
+algorithms may not be retained in future versions of OpenSSL.
+
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
+algorithms respectively. The associated signature algorithm is RSA in each case.
+
+EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
+algorithms but using DSS (DSA) for the signature algorithm.
+
+EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return an B<EVP_MD> structure when passed a digest name, a digest NID or
+an ASN1_OBJECT structure respectively. The digest table must be initialized
+using, for example, OpenSSL_add_all_digests() for these functions to work.
+
+=head1 RETURN VALUES
+
+EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for
+success and 0 for failure.
+
+EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
+
+EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
+size in bytes.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+corresponding EVP_MD structures.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return either an B<EVP_MD> structure or NULL if an error occurs.
+
+=head1 NOTES
+
+The B<EVP> interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+
+SHA1 is the digest of choice for new applications. The other digest algorithms
+are still in common use.
+
+For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
+set to NULL to use the default digest implementation.
+
+The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 
+obsolete but are retained to maintain compatibility with existing code. New
+applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 
+EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
+instead of initializing and cleaning it up on each call and allow non default
+implementations of digests to be specified.
+
+In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
+memory leaks will occur. 
+
+=head1 EXAMPLE
+
+This example digests the data "Test Message\n" and "Hello World\n", using the
+digest name passed on the command line.
+
+ #include <stdio.h>
+ #include <openssl/evp.h>
+
+ main(int argc, char *argv[])
+ {
+ EVP_MD_CTX mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+
+ OpenSSL_add_all_digests();
+
+ if(!argv[1]) {
+        printf("Usage: mdtest digestname\n");
+        exit(1);
+ }
+
+ md = EVP_get_digestbyname(argv[1]);
+
+ if(!md) {
+        printf("Unknown message digest %s\n", argv[1]);
+        exit(1);
+ }
+
+ EVP_MD_CTX_init(&mdctx);
+ EVP_DigestInit_ex(&mdctx, md, NULL);
+ EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+ EVP_MD_CTX_cleanup(&mdctx);
+
+ printf("Digest is: ");
+ for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
+ printf("\n");
+ }
+
+=head1 BUGS
+
+The link between digests and signing algorithms results in a situation where
+EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
+even though they are identical digests.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
+L<SHA1(3)|SHA1(3)>
+
+=head1 HISTORY
+
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
+available in all versions of SSLeay and OpenSSL.
+
+EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
+EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
+and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
new file mode 100644
index 0000000000..40e525dd56
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -0,0 +1,511 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
+EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
+EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
+EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
+EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
+EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
+EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
+EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
+EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
+EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
+EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
+EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
+EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
+EVP_CIPHER_CTX_set_padding - EVP cipher routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+
+ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv);
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv);
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+ int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+ #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+ #define EVP_CIPHER_nid(e)              ((e)->nid)
+ #define EVP_CIPHER_block_size(e)       ((e)->block_size)
+ #define EVP_CIPHER_key_length(e)       ((e)->key_len)
+ #define EVP_CIPHER_iv_length(e)                ((e)->iv_len)
+ #define EVP_CIPHER_flags(e)            ((e)->flags)
+ #define EVP_CIPHER_mode(e)             ((e)->flags) & EVP_CIPH_MODE)
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+ #define EVP_CIPHER_CTX_cipher(e)       ((e)->cipher)
+ #define EVP_CIPHER_CTX_nid(e)          ((e)->cipher->nid)
+ #define EVP_CIPHER_CTX_block_size(e)   ((e)->cipher->block_size)
+ #define EVP_CIPHER_CTX_key_length(e)   ((e)->key_len)
+ #define EVP_CIPHER_CTX_iv_length(e)    ((e)->cipher->iv_len)
+ #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
+ #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+ #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+ #define EVP_CIPHER_CTX_flags(e)                ((e)->cipher->flags)
+ #define EVP_CIPHER_CTX_mode(e)         ((e)->cipher->flags & EVP_CIPH_MODE)
+
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+=head1 DESCRIPTION
+
+The EVP cipher routines are a high level interface to certain
+symmetric ciphers.
+
+EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
+
+EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
+with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
+before calling this function. B<type> is normally supplied
+by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+default implementation is used. B<key> is the symmetric key to use
+and B<iv> is the IV to use (if necessary), the actual number of bytes
+used for the key and IV depends on the cipher. It is possible to set
+all parameters to NULL except B<type> in an initial call and supply
+the remaining parameters in subsequent calls, all of which have B<type>
+set to NULL. This is done when the default cipher parameters are not
+appropriate.
+
+EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
+writes the encrypted version to B<out>. This function can be called
+multiple times to encrypt successive blocks of data. The amount
+of data written depends on the block alignment of the encrypted data:
+as a result the amount of data written may be anything from zero bytes
+to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
+room. The actual number of bytes written is placed in B<outl>.
+
+If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
+the "final" data, that is any data that remains in a partial block.
+It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted
+final data is written to B<out> which should have sufficient space for
+one cipher block. The number of bytes written is placed in B<outl>. After
+this function is called the encryption operation is finished and no further
+calls to EVP_EncryptUpdate() should be made.
+
+If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
+data and it will return an error if any data remains in a partial block:
+that is if the total data length is not a multiple of the block size. 
+
+EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
+corresponding decryption operations. EVP_DecryptFinal() will return an
+error code if padding is enabled and the final block is not correctly
+formatted. The parameters and restrictions are identical to the encryption
+operations except that if padding is enabled the decrypted data buffer B<out>
+passed to EVP_DecryptUpdate() should have sufficient room for
+(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in
+which case B<inl> bytes is sufficient.
+
+EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
+functions that can be used for decryption or encryption. The operation
+performed depends on the value of the B<enc> parameter. It should be set
+to 1 for encryption, 0 for decryption and -1 to leave the value unchanged
+(the actual value of 'enc' being supplied in a previous call).
+
+EVP_CIPHER_CTX_cleanup() clears all information from a cipher context
+and free up any allocated memory associate with it. It should be called
+after all operations using a cipher are complete so sensitive information
+does not remain in memory.
+
+EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
+similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
+EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+initialized and they always use the default cipher implementation.
+
+EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
+similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
+EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up 
+after the call.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an EVP_CIPHER structure when passed a cipher name, a NID or an
+ASN1_OBJECT structure.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
+passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
+value is an internal value which may not have a corresponding OBJECT
+IDENTIFIER.
+
+EVP_CIPHER_CTX_set_padding() enables or disables padding. By default
+encryption operations are padded using standard block padding and the
+padding is checked and removed when decrypting. If the B<pad> parameter
+is zero then no padding is performed, the total amount of data encrypted
+or decrypted must then be a multiple of the block size or an error will
+occur.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
+for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
+given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
+for variable key length ciphers.
+
+EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
+If the cipher is a fixed length cipher then attempting to set the key
+length to any value other than the fixed value is an error.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
+It will return zero if the cipher does not use an IV.  The constant
+B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
+length for all ciphers.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
+cipher or context. This "type" is the actual NID of the cipher OBJECT
+IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
+128 bit RC2 have the same NID. If the cipher does not have an object
+identifier or does not have ASN1 support this function will return
+B<NID_undef>.
+
+EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
+an B<EVP_CIPHER_CTX> structure.
+
+EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
+EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
+EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
+EVP_CIPH_STREAM_CIPHER is returned.
+
+EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
+on the passed cipher. This will typically include any parameters and an
+IV. The cipher IV (if any) must be set when this call is made. This call
+should be made before the cipher is actually "used" (before any
+EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
+may fail if the cipher does not have any ASN1 support.
+
+EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
+AlgorithmIdentifier "parameter". The precise effect depends on the cipher
+In the case of RC2, for example, it will set the IV and effective key length.
+This function should be called after the base cipher type is set but before
+the key is set. For example EVP_CipherInit() will be called with the IV and
+key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
+EVP_CipherInit() again with all parameters except the key set to NULL. It is
+possible for this function to fail if the cipher does not have any ASN1 support
+or the parameters cannot be set (for example the RC2 effective key length
+is not supported.
+
+EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
+and set. Currently only the RC2 effective key length and the number of rounds of
+RC5 can be set.
+
+=head1 RETURN VALUES
+
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and
+EVP_EncryptFinal_ex() return 1 for success and 0 for failure.
+
+EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
+EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
+
+EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
+
+EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an B<EVP_CIPHER> structure or NULL on error.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length.
+
+EVP_CIPHER_CTX_set_padding() always returns 1.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length or zero if the cipher does not use an IV.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
+OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
+
+EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
+
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
+success or zero for failure.
+
+=head1 CIPHER LISTING
+
+All algorithms have a fixed key length unless otherwise stated.
+
+=over 4
+
+=item EVP_enc_null()
+
+Null cipher: does nothing.
+
+=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
+
+DES in CBC, ECB, CFB and OFB modes respectively. 
+
+=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),  EVP_des_ede_cfb(void)
+
+Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void),  EVP_des_ede3_cfb(void)
+
+Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_desx_cbc(void)
+
+DESX algorithm in CBC mode.
+
+=item EVP_rc4(void)
+
+RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
+
+=item EVP_rc4_40(void)
+
+RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4()
+and the EVP_CIPHER_CTX_set_key_length() function.
+
+=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)
+
+IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)
+
+RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher with an additional parameter called "effective key bits" or "effective key length".
+By default both are set to 128 bits.
+
+=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)
+
+RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.
+These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
+EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
+
+=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);
+
+Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)
+
+CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)
+
+RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length
+cipher with an additional "number of rounds" parameter. By default the key length is set to 128
+bits and 12 rounds.
+
+=back
+
+=head1 NOTES
+
+Where possible the B<EVP> interface to symmetric ciphers should be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the cipher used and much more flexible.
+
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 
+length of the encrypted data a multiple of the block size. Padding is always
+added so if the data is already a multiple of the block size B<n> will equal
+the block size. For example if the block size is 8 and 11 bytes are to be
+encrypted then 5 padding bytes of value 5 will be added.
+
+When decrypting the final block is checked to see if it has the correct form.
+
+Although the decryption operation can produce an error if padding is enabled,
+it is not a strong test that the input data or key is correct. A random block
+has better than 1 in 256 chance of being of the correct format and problems with
+the input data earlier on will not produce a final decrypt error.
+
+If padding is disabled then the decryption operation will always succeed if
+the total amount of data decrypted is a multiple of the block size.
+
+The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
+EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for
+compatibility with existing code. New code should use EVP_EncryptInit_ex(),
+EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
+EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
+existing context without allocating and freeing it up on each call.
+
+=head1 BUGS
+
+For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
+a limitation of the current RC5 code rather than the EVP interface.
+
+EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
+default key lengths. If custom ciphers exceed these values the results are
+unpredictable. This is because it has become standard practice to define a 
+generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
+
+The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
+for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
+
+=head1 EXAMPLES
+
+Get the number of rounds used in RC5:
+
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
+
+Get the RC2 effective key length:
+
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
+
+Set the number of rounds used in RC5:
+
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
+
+Set the effective key length used in RC2:
+
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+
+Encrypt a string using blowfish:
+
+ int do_crypt(char *outfile)
+        {
+        unsigned char outbuf[1024];
+        int outlen, tmplen;
+        /* Bogus key and IV: we'd normally set these from
+         * another source.
+         */
+        unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+        unsigned char iv[] = {1,2,3,4,5,6,7,8};
+        char intext[] = "Some Crypto Text";
+        EVP_CIPHER_CTX ctx;
+        FILE *out;
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
+
+        if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
+                {
+                /* Error */
+                return 0;
+                }
+        /* Buffer passed to EVP_EncryptFinal() must be after data just
+         * encrypted to avoid overwriting it.
+         */
+        if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
+                {
+                /* Error */
+                return 0;
+                }
+        outlen += tmplen;
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        /* Need binary mode for fopen because encrypted data is
+         * binary data. Also cannot use strlen() on it because
+         * it wont be null terminated and may contain embedded
+         * nulls.
+         */
+        out = fopen(outfile, "wb");
+        fwrite(outbuf, 1, outlen, out);
+        fclose(out);
+        return 1;
+        }
+
+The ciphertext from the above example can be decrypted using the B<openssl>
+utility with the command line:
+ 
+ S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
+
+General encryption, decryption function example using FILE I/O and RC2 with an
+80 bit key:
+
+ int do_crypt(FILE *in, FILE *out, int do_encrypt)
+        {
+        /* Allow enough space in output buffer for additional block */
+        inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+        int inlen, outlen;
+        /* Bogus key and IV: we'd normally set these from
+         * another source.
+         */
+        unsigned char key[] = "0123456789";
+        unsigned char iv[] = "12345678";
+        /* Don't set key or IV because we will modify the parameters */
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
+        EVP_CIPHER_CTX_set_key_length(&ctx, 10);
+        /* We finished modifying parameters so now we can set key and IV */
+        EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
+
+        for(;;) 
+                {
+                inlen = fread(inbuf, 1, 1024, in);
+                if(inlen <= 0) break;
+                if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
+                        {
+                        /* Error */
+                        EVP_CIPHER_CTX_cleanup(&ctx);
+                        return 0;
+                        }
+                fwrite(outbuf, 1, outlen, out);
+                }
+        if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
+                {
+                /* Error */
+                EVP_CIPHER_CTX_cleanup(&ctx);
+                return 0;
+                }
+        fwrite(outbuf, 1, outlen, out);
+
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        return 1;
+        }
+
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>
+
+=head1 HISTORY
+
+EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
+EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
+EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
+OpenSSL 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod
new file mode 100644
index 0000000000..2e710da945
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_OpenInit.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+                int ekl,unsigned char *iv,EVP_PKEY *priv);
+ int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+=head1 DESCRIPTION
+
+The EVP envelope routines are a high level interface to envelope
+decryption. They decrypt a public key encrypted symmetric key and
+then decrypt data using it.
+
+EVP_OpenInit() initializes a cipher context B<ctx> for decryption
+with cipher B<type>. It decrypts the encrypted symmetric key of length
+B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
+The IV is supplied in the B<iv> parameter.
+
+EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page.
+
+=head1 NOTES
+
+It is possible to call EVP_OpenInit() twice in the same way as
+EVP_DecryptInit(). The first call should have B<priv> set to NULL
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
+If the cipher passed in the B<type> parameter is a variable length
+cipher then the key length will be set to the value of the recovered
+key length. If the cipher is a fixed length cipher then the recovered
+key length must match the fixed cipher length.
+
+=head1 RETURN VALUES
+
+EVP_OpenInit() returns 0 on error or a non zero integer (actually the
+recovered secret key size) if successful.
+
+EVP_OpenUpdate() returns 1 for success or 0 for failure.
+
+EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_new.pod b/src/lib/libcrypto/doc/EVP_PKEY_new.pod
new file mode 100644
index 0000000000..10687e458d
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_new.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *EVP_PKEY_new(void);
+ void EVP_PKEY_free(EVP_PKEY *key);
+
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> 
+structure which is used by OpenSSL to store private keys.
+
+EVP_PKEY_free() frees up the private key B<key>.
+
+=head1 NOTES
+
+The B<EVP_PKEY> structure is used by various OpenSSL functions
+which require a general private key without reference to any
+particular algorithm.
+
+The structure returned by EVP_PKEY_new() is empty. To add a
+private key to this empty structure the functions described in
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY>
+structure of B<NULL> if an error occurred.
+
+EVP_PKEY_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod b/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
new file mode 100644
index 0000000000..2db692e271
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_PKEY_set1_RSA.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
+EVP_PKEY_type - EVP_PKEY assignment functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+
+ RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+
+ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+
+ int EVP_PKEY_type(int type);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
+B<NULL> if the key is not of the correct type.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+however these use the supplied B<key> internally and so B<key>
+will be freed when the parent B<pkey> is freed.
+
+EVP_PKEY_type() returns the type of key corresponding to the value
+B<type>. The type of a key can be obtained with
+EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA,
+EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding
+key types or NID_undef if the key type is unassigned.
+
+=head1 NOTES
+
+In accordance with the OpenSSL naming convention the key obtained
+from or assigned to the B<pkey> using the B<1> functions must be
+freed as well as B<pkey>.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+EVP_PKEY_assign_EC_KEY() are implemented as macros.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if 
+an error occurred.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
new file mode 100644
index 0000000000..48a0e29954
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 
+                unsigned char **ek, int *ekl, unsigned char *iv,
+                EVP_PKEY **pubk, int npubk);
+ int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+=head1 DESCRIPTION
+
+The EVP envelope routines are a high level interface to envelope
+encryption. They generate a random key and IV (if required) then
+"envelope" it by using public key encryption. Data can then be
+encrypted using this key.
+
+EVP_SealInit() initializes a cipher context B<ctx> for encryption
+with cipher B<type> using a random secret key and IV. B<type> is normally
+supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+using one or more public keys, this allows the same encrypted data to be
+decrypted using any of the corresponding private keys. B<ek> is an array of
+buffers where the public key encrypted secret key will be written, each buffer
+must contain enough room for the corresponding encrypted key: that is
+B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+an array of B<npubk> public keys.
+
+The B<iv> parameter is a buffer where the generated IV is written to. It must
+contain enough room for the corresponding cipher's IV, as determined by (for
+example) EVP_CIPHER_iv_length(type).
+
+If the cipher does not require an IV then the B<iv> parameter is ignored
+and can be B<NULL>.
+
+EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page. 
+
+=head1 RETURN VALUES
+
+EVP_SealInit() returns 0 on error or B<npubk> if successful.
+
+EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+failure.
+
+=head1 NOTES
+
+Because a random secret key is generated the random number generator
+must be seeded before calling EVP_SealInit().
+
+The public key must be RSA because it is the only OpenSSL public key
+algorithm that supports key transport.
+
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data, this is because public key encryption is slow
+but symmetric encryption is fast. So symmetric encryption is used for
+bulk encryption and the small random symmetric key used is transferred
+using public key encryption.
+
+It is possible to call EVP_SealInit() twice in the same way as
+EVP_EncryptInit(). The first call should have B<npubk> set to 0
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>
+
+=head1 HISTORY
+
+EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
new file mode 100644
index 0000000000..0bace24938
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -0,0 +1,95 @@
+=pod
+
+=head1 NAME
+
+EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
+
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+ int EVP_PKEY_size(EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+The EVP signature routines are a high level interface to digital
+signatures.
+
+EVP_SignInit_ex() sets up signing context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized with
+EVP_MD_CTX_init() before calling this function.
+
+EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
+places the signature in B<sig>. The number of bytes of data written (i.e. the
+length of the signature) will be written to the integer at B<s>, at most
+EVP_PKEY_size(pkey) bytes will be written. 
+
+EVP_SignInit() initializes a signing context B<ctx> to use the default
+implementation of digest B<type>.
+
+EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
+signature returned by EVP_SignFinal() may be smaller.
+
+=head1 RETURN VALUES
+
+EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
+for success and 0 for failure.
+
+EVP_PKEY_size() returns the maximum size of a signature in bytes.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+
+When signing with DSA private keys the random number generator must be seeded
+or the operation will fail. The random number generator does not need to be
+seeded for RSA signatures.
+
+The call to EVP_SignFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
+later to digest and sign additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 BUGS
+
+Older versions of this documentation wrongly stated that calls to 
+EVP_SignUpdate() could not be made after calling EVP_SignFinal().
+
+=head1 SEE ALSO
+
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
+L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
+
+=head1 HISTORY
+
+EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
+available in all versions of SSLeay and OpenSSL.
+
+EVP_SignInit_ex() was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
new file mode 100644
index 0000000000..b6afaedee5
--- /dev/null
+++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod
@@ -0,0 +1,86 @@
+=pod
+
+=head1 NAME
+
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
+
+ int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+=head1 DESCRIPTION
+
+The EVP signature verification routines are a high level interface to digital
+signatures.
+
+EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
+EVP_MD_CTX_init() before calling this function.
+
+EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+
+EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
+and against the B<siglen> bytes at B<sigbuf>.
+
+EVP_VerifyInit() initializes verification context B<ctx> to use the default
+implementation of digest B<type>.
+
+=head1 RETURN VALUES
+
+EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
+failure.
+
+EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
+other error occurred.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+
+The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
+later to digest and verify additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 BUGS
+
+Older versions of this documentation wrongly stated that calls to 
+EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+
+=head1 HISTORY
+
+EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
+available in all versions of SSLeay and OpenSSL.
+
+EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
+
+=cut
diff --git a/src/lib/libcrypto/doc/OBJ_nid2obj.pod b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
new file mode 100644
index 0000000000..7dcc07923f
--- /dev/null
+++ b/src/lib/libcrypto/doc/OBJ_nid2obj.pod
@@ -0,0 +1,149 @@
+=pod
+
+=head1 NAME
+
+OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
+functions
+
+=head1 SYNOPSIS
+
+ ASN1_OBJECT * OBJ_nid2obj(int n);
+ const char *  OBJ_nid2ln(int n);
+ const char *  OBJ_nid2sn(int n);
+
+ int OBJ_obj2nid(const ASN1_OBJECT *o);
+ int OBJ_ln2nid(const char *ln);
+ int OBJ_sn2nid(const char *sn);
+
+ int OBJ_txt2nid(const char *s);
+
+ ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
+ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+
+ int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+ ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
+
+ int OBJ_create(const char *oid,const char *sn,const char *ln);
+ void OBJ_cleanup(void);
+
+=head1 DESCRIPTION
+
+The ASN1 object utility functions process ASN1_OBJECT structures which are
+a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
+
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to 
+an ASN1_OBJECT structure, its long name and its short name respectively,
+or B<NULL> is an error occurred.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
+for the object B<o>, the long name <ln> or the short name <sn> respectively
+or NID_undef if an error occurred.
+
+OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
+a long name, a short name or the numerical respresentation of an object.
+
+OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
+If B<no_name> is 0 then long names and short names will be interpreted
+as well as numerical forms. If B<no_name> is 1 only the numerical form
+is acceptable.
+
+OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
+The representation is written as a null terminated string to B<buf>
+at most B<buf_len> bytes are written, truncating the result if necessary.
+The total amount of space required is returned. If B<no_name> is 0 then
+if the object has a long or short name then that will be used, otherwise
+the numerical form will be used. If B<no_name> is 1 then the numerical
+form will always be used.
+
+OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
+
+OBJ_dup() returns a copy of B<o>.
+
+OBJ_create() adds a new object to the internal table. B<oid> is the 
+numerical form of the object, B<sn> the short name and B<ln> the
+long name. A new NID is returned for the created object.
+
+OBJ_cleanup() cleans up OpenSSLs internal object table: this should
+be called before an application exits if any new objects were added
+using OBJ_create().
+
+=head1 NOTES
+
+Objects in OpenSSL can have a short name, a long name and a numerical
+identifier (NID) associated with them. A standard set of objects is
+represented in an internal table. The appropriate values are defined
+in the header file B<objects.h>.
+
+For example the OID for commonName has the following definitions:
+
+ #define SN_commonName                   "CN"
+ #define LN_commonName                   "commonName"
+ #define NID_commonName                  13
+
+New objects can be added by calling OBJ_create().
+
+Table objects have certain advantages over other objects: for example
+their NIDs can be used in a C language switch statement. They are
+also static constant structures which are shared: that is there
+is only a single constant structure for each table object.
+
+Objects which are not in the table have the NID value NID_undef.
+
+Objects do not need to be in the internal tables to be processed,
+the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
+form of an OID.
+
+=head1 EXAMPLES
+
+Create an object for B<commonName>:
+
+ ASN1_OBJECT *o;
+ o = OBJ_nid2obj(NID_commonName);
+
+Check if an object is B<commonName>
+
+ if (OBJ_obj2nid(obj) == NID_commonName)
+        /* Do something */
+
+Create a new NID and initialize an object from it:
+
+ int new_nid;
+ ASN1_OBJECT *obj;
+ new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+
+ obj = OBJ_nid2obj(new_nid);
+ 
+Create a new object directly:
+
+ obj = OBJ_txt2obj("1.2.3.4", 1);
+
+=head1 BUGS
+
+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the 
+convention of other OpenSSL functions where the buffer can be set
+to B<NULL> to determine the amount of data that should be written.
+Instead B<buf> must point to a valid buffer and B<buf_len> should
+be set to a positive value. A buffer length of 80 should be more
+than enough to handle any OID encountered in practice.
+
+=head1 RETURN VALUES
+
+OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
+error occurred.
+
+OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
+on error.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
+a NID or B<NID_undef> on error.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
new file mode 100644
index 0000000000..c39ac35e78
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod
@@ -0,0 +1,101 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
+
+=head1 SYNOPSIS
+
+ #include <openssl/opensslv.h>
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+
+ #include <openssl/crypto.h>
+ long SSLeay(void);
+ const char *SSLeay_version(int t);
+
+=head1 DESCRIPTION
+
+OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+
+ MMNNFFPPS: major minor fix patch status
+
+The status nibble has one of the values 0 for development, 1 to e for betas
+1 to 14, and f for release.
+
+for example
+
+ 0x000906000 == 0.9.6 dev
+ 0x000906023 == 0.9.6b beta 3
+ 0x00090605f == 0.9.6e release
+
+Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+Versions between 0.9.3 and 0.9.5 had a version identifier with this
+interpretation:
+
+ MMNNFFRBB major minor fix final beta/patch
+
+for example
+
+ 0x000904100 == 0.9.4 release
+ 0x000905000 == 0.9.5 dev
+
+Version 0.9.5a had an interim interpretation that is like the current one,
+except the patch level got the highest bit set, to keep continuity.  The
+number was therefore 0x0090581f.
+
+
+For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
+
+SSLeay() returns this number. The return value can be compared to the
+macro to make sure that the correct version of the library has been
+loaded, especially when using DLLs on Windows systems.
+
+SSLeay_version() returns different strings depending on B<t>:
+
+=over 4
+
+=item SSLEAY_VERSION
+
+The text variant of the version number and the release date.  For example,
+"OpenSSL 0.9.5a 1 Apr 2000".
+
+=item SSLEAY_CFLAGS
+
+The compiler flags set for the compilation process in the form
+"compiler: ..."  if available or "compiler: information not available"
+otherwise.
+
+=item SSLEAY_BUILT_ON
+
+The date of the build process in the form "built on: ..." if available
+or "built on: date not available" otherwise.
+
+=item SSLEAY_PLATFORM
+
+The "Configure" target of the library build in the form "platform: ..."
+if available or "platform: information not available" otherwise.
+
+=item SSLEAY_DIR
+
+The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
+if available or "OPENSSLDIR: N/A" otherwise.
+
+=back
+
+For an unknown B<t>, the text "not available" is returned.
+
+=head1 RETURN VALUE
+
+The version number.
+
+=head1 SEE ALSO
+
+L<crypto(3)|crypto(3)>
+
+=head1 HISTORY
+
+SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
+OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
+B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_config.pod b/src/lib/libcrypto/doc/OPENSSL_config.pod
new file mode 100644
index 0000000000..16600620cc
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_config.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ void OPENSSL_config(const char *config_name);
+ void OPENSSL_no_config(void);
+
+=head1 DESCRIPTION
+
+OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
+configuration file name using B<config_name>. If B<config_name> is NULL then
+the default name B<openssl_conf> will be used. Any errors are ignored. Further
+calls to OPENSSL_config() will have no effect. The configuration file format
+is documented in the L<conf(5)|conf(5)> manual page.
+
+OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
+no configuration takes place.
+
+=head1 NOTES
+
+It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
+or the more sophisticated functions such as CONF_modules_load() during
+initialization (that is before starting any threads). By doing this
+an application does not need to keep track of all configuration options
+and some new functionality can be supported automatically.
+
+It is also possible to automatically call OPENSSL_config() when an application
+calls OPENSSL_add_all_algorithms() by compiling an application with the
+preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
+can be added without source changes.
+
+The environment variable B<OPENSSL_CONFIG> can be set to specify the location
+of the configuration file.
+ 
+Currently ASN1 OBJECTs and ENGINE configuration can be performed future
+versions of OpenSSL will add new configuration options.
+
+There are several reasons why calling the OpenSSL configuration routines is
+advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
+In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
+used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
+However very few applications currently support the control interface and so
+very few can load and use dynamic ENGINEs. Equally in future more sophisticated
+ENGINEs will require certain control operations to customize them. If an
+application calls OPENSSL_config() it doesn't need to know or care about
+ENGINE control operations because they can be performed by editing a
+configuration file.
+
+Applications should free up configuration at application closedown by calling
+CONF_modules_free().
+
+=head1 RESTRICTIONS
+
+The OPENSSL_config() function is designed to be a very simple "call it and
+forget it" function. As a result its behaviour is somewhat limited. It ignores
+all errors silently and it can only load from the standard configuration file
+location for example.
+
+It is however B<much> better than nothing. Applications which need finer
+control over their configuration functionality should use the configuration
+functions such as CONF_load_modules() directly.
+
+=head1 RETURN VALUES
+
+Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
+
+=head1 SEE ALSO
+
+L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
+L<CONF_modules_free(3),CONF_modules_free(3)>
+
+=head1 HISTORY
+
+OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7
+
+=cut
diff --git a/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
new file mode 100644
index 0000000000..f14dfaf005
--- /dev/null
+++ b/src/lib/libcrypto/doc/OPENSSL_load_builtin_modules.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_load_builtin_modules - add standard configuration modules
+
+=head1 SYNOPSIS
+
+ #include <openssl/conf.h>
+
+ void OPENSSL_load_builtin_modules(void);
+ void ASN1_add_oid_module(void);
+ ENGINE_add_conf_module();
+
+=head1 DESCRIPTION
+
+The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL
+configuration modules to the internal list. They can then be used by the
+OpenSSL configuration code.
+
+ASN1_add_oid_module() adds just the ASN1 OBJECT module.
+
+ENGINE_add_conf_module() adds just the ENGINE configuration module.
+
+=head1 NOTES
+
+If the simple configuration function OPENSSL_config() is called then 
+OPENSSL_load_builtin_modules() is called automatically.
+
+Applications which use the configuration functions directly will need to
+call OPENSSL_load_builtin_modules() themselves I<before> any other 
+configuration code.
+
+Applications should call OPENSSL_load_builtin_modules() to load all
+configuration modules instead of adding modules selectively: otherwise 
+functionality may be missing from the application if an when new
+modules are added.
+
+=head1 RETURN VALUE
+
+None of the functions return a value.
+
+=head1 SEE ALSO
+
+L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)>
+
+=head1 HISTORY
+
+These functions first appeared in OpenSSL 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
new file mode 100644
index 0000000000..e63411b5bb
--- /dev/null
+++ b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests -
+add algorithms to internal table
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+
+ void EVP_cleanup(void);
+
+=head1 DESCRIPTION
+
+OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
+this table to lookup ciphers via functions such as EVP_get_cipher_byname().
+
+OpenSSL_add_all_digests() adds all digest algorithms to the table.
+
+OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
+ciphers).
+
+OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
+password based encryption algorithms.
+
+EVP_cleanup() removes all ciphers and digests from the table.
+
+=head1 RETURN VALUES
+
+None of the functions return a value.
+
+=head1 NOTES
+
+A typical application will call OpenSSL_add_all_algorithms() initially and
+EVP_cleanup() before exiting.
+
+An application does not need to add algorithms to use them explicitly, for example
+by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
+needs to lookup algorithms.
+
+The cipher and digest lookup functions are used in many parts of the library. If
+the table is not initialized several functions will misbehave and complain they
+cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
+This is a common query in the OpenSSL mailing lists.
+
+Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
+statically linked executable can be quite large. If this is important it is possible
+to just add the required ciphers and digests.
+
+=head1 BUGS
+
+Although the functions do not return error codes it is possible for them to fail.
+This will only happen as a result of a memory allocation failure so this is not
+too much of a problem in practice.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_create.pod b/src/lib/libcrypto/doc/PKCS12_create.pod
new file mode 100644
index 0000000000..48f3bb8cb8
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS12_create.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+PKCS12_create - create a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
+                                int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+
+=head1 DESCRIPTION
+
+PKCS12_create() creates a PKCS#12 structure.
+
+B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
+the supplied certifictate and key. B<pkey> is the private key to include in
+the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
+is an optional set of certificates to also include in the structure.
+
+B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
+for the key and certificate respectively. B<iter> is the encryption algorithm
+iteration count to use and B<mac_iter> is the MAC iteration count to use.
+B<keytype> is the type of key.
+
+=head1 NOTES
+
+The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
+can all be set to zero and sensible defaults will be used.
+
+These defaults are: 40 bit RC2 encryption for certificates, triple DES
+encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
+(currently 2048) and a MAC iteration count of 1.
+
+The default MAC iteration count is 1 in order to retain compatibility with
+old software which did not interpret MAC iteration counts. If such compatibility
+is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
+
+B<keytype> adds a flag to the store private key. This is a non standard extension
+that is only currently interpreted by MSIE. If set to zero the flag is omitted,
+if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
+it can be used for signing and encryption. This option was useful for old
+export grade software which could use signing only keys of arbitrary size but
+had restrictions on the permissible sizes of keys which could be used for
+encryption.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+
+=head1 HISTORY
+
+PKCS12_create was added in OpenSSL 0.9.3
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS12_parse.pod b/src/lib/libcrypto/doc/PKCS12_parse.pod
new file mode 100644
index 0000000000..51344f883a
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS12_parse.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+PKCS12_parse - parse a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+=head1 DESCRIPTION
+
+PKCS12_parse() parses a PKCS12 structure.
+
+B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
+If successful the private key will be written to B<*pkey>, the corresponding
+certificate to B<*cert> and any additional certificates to B<*ca>.
+
+=head1 NOTES
+
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
+in which case additional certificates will be discarded. B<*ca> can also
+be a valid STACK in which case additional certificates are appended to
+B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
+
+The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
+will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
+
+=head1 BUGS
+
+Only a single private key and corresponding certificate is returned by this function.
+More complex PKCS#12 files with multiple private keys will only return the first
+match.
+
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
+Other attributes are discarded.
+
+Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+
+=head1 HISTORY
+
+PKCS12_parse was added in OpenSSL 0.9.3
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_decrypt.pod b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
new file mode 100644
index 0000000000..b0ca067b89
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_decrypt.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
+structure. B<pkey> is the private key of the recipient, B<cert> is the
+recipients certificate, B<data> is a BIO to write the content to and
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
+function or errors about unknown algorithms will occur.
+
+Although the recipients certificate is not needed to decrypt the data it is needed
+to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+=head1 RETURN VALUES
+
+PKCS7_decrypt() returns either 1 for success or 0 for failure.
+The error can be obtained from ERR_get_error(3)
+
+=head1 BUGS
+
+PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
+be better if it could look up the correct key and certificate from a database.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+
+=head1 HISTORY
+
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_encrypt.pod b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
new file mode 100644
index 0000000000..1a507b22a2
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_encrypt.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+PKCS7_encrypt - create a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
+is a list of recipient certificates. B<in> is the content to be encrypted.
+B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
+supplied to this function must all contain RSA public keys, though they do not have to
+be signed using the RSA algorithm.
+
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
+most clients will support it.
+
+Some old "export grade" clients may only support weak encryption using 40 or 64 bit
+RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
+
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
+parameters. 
+
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+PKCS7_encrypt().
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+Normally the supplied content is translated into MIME canonical format (as required
+by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
+
+=head1 RETURN VALUES
+
+PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+
+=head1 BUGS
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_sign.pod b/src/lib/libcrypto/doc/PKCS7_sign.pod
new file mode 100644
index 0000000000..fc7e649b34
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_sign.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+PKCS7_sign - create a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
+is the certificate to sign with, B<pkey> is the corresponsding private key.
+B<certs> is an optional additional set of certificates to include in the
+PKCS#7 structure (for example any intermediate CAs in the chain). 
+
+The data to be signed is read from BIO B<data>.
+
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Any of the following flags (ored together) can be passed in the B<flags> parameter.
+
+Many S/MIME clients expect the signed content to include valid MIME headers. If
+the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
+parameter though. This can reduce the size of the signature if the signers certificate
+can be obtained by other means: for example a previously signed message.
+
+The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> 
+is set in which case it is omitted. This is used for PKCS7 detached signatures
+which are used in S/MIME plaintext signed messages for example.
+
+Normally the supplied content is translated into MIME canonical format (as required
+by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it.
+
+The signedData structure includes several PKCS#7 autenticatedAttributes including
+the signing time, the PKCS#7 content type and the supported list of ciphers in
+an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
+will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
+omitted.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
+of these algorithms is disabled then it will not be included.
+
+=head1 BUGS
+
+PKCS7_sign() is somewhat limited. It does not support multiple signers, some
+advanced attributes such as counter signatures are not supported.
+
+The SHA1 digest algorithm is currently always used.
+
+When the signed data is not detached it will be stored in memory within the
+B<PKCS7> structure. This effectively limits the size of messages which can be
+signed due to memory restraints. There should be a way to sign data without
+having to hold it all in memory, this would however require fairly major
+revisions of the OpenSSL ASN1 code.
+
+Clear text signing does not store the content in memory but the way PKCS7_sign()
+operates means that two passes of the data must typically be made: one to compute
+the signatures and a second to output the data along with the signature. There
+should be a way to process the data with only a single pass.
+
+=head1 RETURN VALUES
+
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
+
+=head1 HISTORY
+
+PKCS7_sign() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/src/lib/libcrypto/doc/PKCS7_verify.pod b/src/lib/libcrypto/doc/PKCS7_verify.pod
new file mode 100644
index 0000000000..07c9fdad40
--- /dev/null
+++ b/src/lib/libcrypto/doc/PKCS7_verify.pod
@@ -0,0 +1,116 @@
+=pod
+
+=head1 NAME
+
+PKCS7_verify - verify a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
+structure to verify. B<certs> is a set of certificates in which to search for
+the signer's certificate. B<store> is a trusted certficate store (used for
+chain verification). B<indata> is the signed data if the content is not
+present in B<p7> (that is it is detached). The content is written to B<out>
+if it is not NULL.
+
+B<flags> is an optional set of flags, which can be used to modify the verify
+operation.
+
+PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
+B<not> check their validity or whether any signatures are valid. The B<certs>
+and B<flags> parameters have the same meanings as in PKCS7_verify().
+
+=head1 VERIFY PROCESS
+
+Normally the verify process proceeds as follows.
+
+Initially some sanity checks are performed on B<p7>. The type of B<p7> must
+be signedData. There must be at least one signature on the data and if
+the content is detached B<indata> cannot be B<NULL>.
+
+An attempt is made to locate all the signer's certificates, first looking in
+the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
+contained in the B<p7> structure itself. If any signer's certificates cannot be
+located the operation fails.
+
+Each signer's certificate is chain verified using the B<smimesign> purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If any chain verify fails an error code is returned.
+
+Finally the signed content is read (and written to B<out> is it is not NULL) and
+the signature's checked.
+
+If all signature's verify correctly then the function is successful.
+
+Any of the following flags (ored together) can be passed in the B<flags> parameter
+to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
+meaningful to PKCS7_get0_signers().
+
+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 
+searched when locating the signer's certificate. This means that all the signers
+certificates must be in the B<certs> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
+
+If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
+not used as untrusted CAs. This means that the whole verify chain (apart from
+the signer's certificate) must be contained in the trusted store.
+
+If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
+
+=head1 NOTES
+
+One application of B<PKCS7_NOINTERN> is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the B<certs> parameter. In this case if the signer is not one of the
+certificates supplied in B<certs> then the verify will fail because the
+signer cannot be found.
+
+Care should be taken when modifying the default verify behaviour, for example
+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification 
+and any signed message will be considered valid. This combination is however
+useful if one merely wishes to write the content to B<out> and its validity
+is not considered important.
+
+Chain verification should arguably be performed  using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+
+=head1 RETURN VALUES
+
+PKCS7_verify() returns 1 for a successful verification and zero or a negative
+value if an error occurs.
+
+PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
+
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 BUGS
+
+The trusted certificate store is not searched for the signers certificate,
+this is primarily due to the inadequacies of the current B<X509_STORE>
+functionality.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
+
+=head1 HISTORY
+
+PKCS7_verify() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod
new file mode 100644
index 0000000000..67c66f3e0c
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_add.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
+entropy to the PRNG
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_seed(const void *buf, int num);
+
+ void RAND_add(const void *buf, int num, double entropy);
+
+ int  RAND_status(void);
+
+ int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
+
+=head1 DESCRIPTION
+
+RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
+if the data at B<buf> are unpredictable to an adversary, this
+increases the uncertainty about the state and makes the PRNG output
+less predictable. Suitable input comes from user interaction (random
+key presses, mouse movements) and certain hardware events. The
+B<entropy> argument is (the lower bound of) an estimate of how much
+randomness is contained in B<buf>, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. RFC 1750.
+
+RAND_add() may be called with sensitive data such as user entered
+passwords. The seed values cannot be recovered from the PRNG output.
+
+OpenSSL makes sure that the PRNG state is unique for each thread. On
+systems that provide C</dev/urandom>, the randomness device is used
+to seed the PRNG transparently. However, on all other systems, the
+application is responsible for seeding the PRNG by calling RAND_add(),
+L<RAND_egd(3)|RAND_egd(3)>
+or L<RAND_load_file(3)|RAND_load_file(3)>.
+
+RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+
+RAND_event() collects the entropy from Windows events such as mouse
+movements and other user interaction. It should be called with the
+B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
+the window procedure. It will estimate the entropy contained in the
+event message (if any), and add it to the PRNG. The program can then
+process the messages as usual.
+
+The RAND_screen() function is available for the convenience of Windows
+programmers. It adds the current contents of the screen to the PRNG.
+For applications that can catch Windows events, seeding the PRNG by
+calling RAND_event() is a significantly better source of
+randomness. It should be noted that both methods cannot be used on
+servers that run without user interaction.
+
+=head1 RETURN VALUES
+
+RAND_status() and RAND_event() return 1 if the PRNG has been seeded
+with enough data, 0 otherwise.
+
+The other functions do not return values.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_seed() and RAND_screen() are available in all versions of SSLeay
+and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
+0.9.5, RAND_event() in OpenSSL 0.9.5a.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_bytes.pod b/src/lib/libcrypto/doc/RAND_bytes.pod
new file mode 100644
index 0000000000..ce6329ce54
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_bytes.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+RAND_bytes, RAND_pseudo_bytes - generate random data
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_bytes(unsigned char *buf, int num);
+
+ int RAND_pseudo_bytes(unsigned char *buf, int num);
+
+=head1 DESCRIPTION
+
+RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
+into B<buf>. An error occurs if the PRNG has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+
+RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
+Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
+
+=head1 RETURN VALUES
+
+RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
+bytes generated are cryptographically strong, 0 otherwise. Both
+functions return -1 if they are not supported by the current RAND
+method.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<RAND_add(3)|RAND_add(3)>
+
+=head1 HISTORY
+
+RAND_bytes() is available in all versions of SSLeay and OpenSSL.  It
+has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
+in OpenSSL 0.9.5.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_cleanup.pod b/src/lib/libcrypto/doc/RAND_cleanup.pod
new file mode 100644
index 0000000000..3a8f0749a8
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_cleanup.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+RAND_cleanup - erase the PRNG state
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_cleanup(void);
+
+=head1 DESCRIPTION
+
+RAND_cleanup() erases the memory used by the PRNG.
+
+=head1 RETURN VALUE
+
+RAND_cleanup() returns no value.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod
new file mode 100644
index 0000000000..d8c134e621
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_load_file.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ const char *RAND_file_name(char *buf, size_t num);
+
+ int RAND_load_file(const char *filename, long max_bytes);
+
+ int RAND_write_file(const char *filename);
+
+=head1 DESCRIPTION
+
+RAND_file_name() generates a default path for the random seed
+file. B<buf> points to a buffer of size B<num> in which to store the
+filename. The seed file is $RANDFILE if that environment variable is
+set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
+too small for the path name, an error occurs.
+
+RAND_load_file() reads a number of bytes from file B<filename> and
+adds them to the PRNG. If B<max_bytes> is non-negative,
+up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
+if B<max_bytes> is -1, the complete file is read.
+
+RAND_write_file() writes a number of random bytes (currently 1024) to
+file B<filename> which can be used to initialize the PRNG by calling
+RAND_load_file() in a later session.
+
+=head1 RETURN VALUES
+
+RAND_load_file() returns the number of bytes read.
+
+RAND_write_file() returns the number of bytes written, and -1 if the
+bytes written were generated without appropriate seed.
+
+RAND_file_name() returns a pointer to B<buf> on success, and NULL on
+error.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
new file mode 100644
index 0000000000..c9bb6d9f27
--- /dev/null
+++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -0,0 +1,83 @@
+=pod
+
+=head1 NAME
+
+RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_set_rand_method(const RAND_METHOD *meth);
+
+ const RAND_METHOD *RAND_get_rand_method(void);
+
+ RAND_METHOD *RAND_SSLeay(void);
+
+=head1 DESCRIPTION
+
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
+
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_SSLeay().
+
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+=head1 THE RAND_METHOD STRUCTURE
+
+ typedef struct rand_meth_st
+ {
+        void (*seed)(const void *buf, int num);
+        int (*bytes)(unsigned char *buf, int num);
+        void (*cleanup)(void);
+        void (*add)(const void *buf, int num, int entropy);
+        int (*pseudorand)(unsigned char *buf, int num);
+        int (*status)(void);
+ } RAND_METHOD;
+
+The components point to the implementation of RAND_seed(),
+RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
+and RAND_status().
+Each component may be NULL if the function is not implemented.
+
+=head1 RETURN VALUES
+
+RAND_set_rand_method() returns no value. RAND_get_rand_method() and
+RAND_SSLeay() return pointers to the respective methods.
+
+=head1 NOTES
+
+As of version 0.9.7, RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
+
+=head1 HISTORY
+
+RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
+available in all versions of OpenSSL.
+
+In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
+take an ENGINE pointer as its argument. As of version 0.9.7, that has been
+reverted as the ENGINE API transparently overrides RAND defaults if used,
+otherwise RAND API functions work as before. RAND_set_rand_engine() was also
+introduced in version 0.9.7.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_blinding_on.pod b/src/lib/libcrypto/doc/RSA_blinding_on.pod
new file mode 100644
index 0000000000..fd2c69abd8
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_blinding_on.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+
+ void RSA_blinding_off(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA is vulnerable to timing attacks. In a setup where attackers can
+measure the time of RSA decryption or signature operations, blinding
+must be used to protect the RSA operation from that attack.
+
+RSA_blinding_on() turns blinding on for key B<rsa> and generates a
+random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
+initialized B<BN_CTX>. The random number generator must be seeded
+prior to calling RSA_blinding_on().
+
+RSA_blinding_off() turns blinding off and frees the memory used for
+the blinding factor.
+
+=head1 RETURN VALUES
+
+RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
+
+RSA_blinding_off() returns no value.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_check_key.pod b/src/lib/libcrypto/doc/RSA_check_key.pod
new file mode 100644
index 0000000000..a5198f3db5
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_check_key.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+RSA_check_key - validate private RSA keys
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_check_key(RSA *rsa);
+
+=head1 DESCRIPTION
+
+This function validates RSA keys. It checks that B<p> and B<q> are
+in fact prime, and that B<n = p*q>.
+
+It also checks that B<d*e = 1 mod (p-1*q-1)>,
+and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+
+As such, this function can not be used with any arbitrary RSA key object,
+even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
+information.
+
+=head1 RETURN VALUE
+
+RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
+-1 is returned if an error occurs while checking the key.
+
+If the key is invalid or an error occurred, the reason code can be
+obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+This function does not work on RSA public keys that have only the modulus
+and public exponent elements populated. It performs integrity checks on all
+the RSA key material, so the RSA key structure must contain all the private
+key data too.
+
+Unlike most other RSA functions, this function does B<not> work
+transparently with any underlying ENGINE implementation because it uses the
+key data in the RSA structure directly. An ENGINE implementation can
+override the way key data is stored and handled, and can even provide
+support for HSM keys - in which case the RSA structure may contain B<no>
+key data at all! If the ENGINE in question is only being used for
+acceleration or analysis purposes, then in all likelihood the RSA key data
+is complete and untouched, but this can't be assumed in the general case.
+
+=head1 BUGS
+
+A method of verifying the RSA key using opaque RSA API functions might need
+to be considered. Right now RSA_check_key() simply uses the RSA structure
+elements directly, bypassing the RSA_METHOD table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a "check_key()" handler to the
+RSA_METHOD function table so that alternative implementations can also
+provide their own verifiers.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+RSA_check_key() appeared in OpenSSL 0.9.4.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod
new file mode 100644
index 0000000000..52dbb14a53
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_generate_key.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+RSA_generate_key - generate RSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA *RSA_generate_key(int num, unsigned long e,
+    void (*callback)(int,int,void *), void *cb_arg);
+
+=head1 DESCRIPTION
+
+RSA_generate_key() generates a key pair and returns it in a newly
+allocated B<RSA> structure. The pseudo-random number generator must
+be seeded prior to calling RSA_generate_key().
+
+The modulus size will be B<num> bits, and the public exponent will be
+B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+The exponent is an odd number, typically 3, 17 or 65537.
+
+A callback function may be used to provide feedback about the
+progress of the key generation. If B<callback> is not B<NULL>, it
+will be called as follows:
+
+=over 4
+
+=item *
+
+While a random prime number is generated, it is called as
+described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
+
+=item *
+
+When the n-th randomly generated prime is rejected as not
+suitable for the key, B<callback(2, n, cb_arg)> is called.
+
+=item *
+
+When a random p has been found with p-1 relatively prime to B<e>,
+it is called as B<callback(3, 0, cb_arg)>.
+
+=back
+
+The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
+
+=head1 RETURN VALUE
+
+If key generation fails, RSA_generate_key() returns B<NULL>; the
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+B<callback(2, x, cb_arg)> is used with two different meanings.
+
+RSA_generate_key() goes into an infinite loop for illegal input values.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_free(3)|RSA_free(3)>
+
+=head1 HISTORY
+
+The B<cb_arg> argument was added in SSLeay 0.9.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
new file mode 100644
index 0000000000..46cc8f5359
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
@@ -0,0 +1,120 @@
+=pod
+
+=head1 NAME
+
+RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int RSA_set_ex_data(RSA *r, int idx, void *arg);
+
+ void *RSA_get_ex_data(RSA *r, int idx);
+
+ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+                int idx, long argl, void *argp);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+This has several potential uses, it can be used to cache data associated with
+a structure (for example the hash of some part of the structure) or some
+additional data (for example a handle to the data in an external library).
+
+Since the application data can be anything at all it is passed and retrieved
+as a B<void *> type.
+
+The B<RSA_get_ex_new_index()> function is initially called to "register" some
+new application specific data. It takes three optional function pointers which
+are called when the parent structure (in this case an RSA structure) is
+initially created, when it is copied and when it is freed up. If any or all of
+these function pointer arguments are not used they should be set to NULL. The
+precise manner in which these function pointers are called is described in more
+detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
+parameters which will be passed to the supplied functions but which otherwise
+have no special meaning. It returns an B<index> which should be stored
+(typically in a static variable) and passed used in the B<idx> parameter in
+the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
+will return an index greater than any previously returned, this is important
+because the optional functions are called in order of increasing index value.
+
+B<RSA_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+application.
+
+B<RSA_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<RSA_set_ex_data()> call.
+
+B<new_func()> is called when a structure is initially allocated (for example
+with B<RSA_new()>. The parent structure members will not have any meaningful
+values at this point. This function will typically be used to allocate any
+application specific structure.
+
+B<free_func()> is called when a structure is being freed up. The dynamic parent
+structure members should not be accessed because they will be freed up when
+this function is called.
+
+B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
+pointer to the parent RSA structure. B<ptr> is a the application specific data
+(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
+B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
+B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
+it. The B<idx> parameter is the index: this will be the same value returned by
+B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
+the B<argl> and B<argp> parameters are the values originally passed to the same
+corresponding parameters when B<RSA_get_ex_new_index()> was called.
+
+B<dup_func()> is called when a structure is being copied. Pointers to the
+destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
+B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
+the source application data when the function is called, when the function returns
+the value is copied to the destination: the application can thus modify the data
+pointed to by B<from_d> and have different values in the source and destination.
+The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
+and B<free_func()>.
+
+=head1 RETURN VALUES
+
+B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
+index value).
+
+B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
+
+B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+parameter.
+
+B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
+
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+B<dup_func()> is currently never called.
+
+The return value of B<new_func()> is ignored.
+
+The B<new_func()> function isn't very useful because no meaningful values are
+present in the parent RSA structure when it is called.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+
+=head1 HISTORY
+
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
+available since SSLeay 0.9.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_new.pod b/src/lib/libcrypto/doc/RSA_new.pod
new file mode 100644
index 0000000000..3d15b92824
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_new.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+RSA_new, RSA_free - allocate and free RSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA * RSA_new(void);
+
+ void RSA_free(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
+
+RSA_free() frees the B<RSA> structure and its components. The key is
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, RSA_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+RSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
+
+=head1 HISTORY
+
+RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
new file mode 100644
index 0000000000..b8f678fe72
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod
@@ -0,0 +1,124 @@
+=pod
+
+=head1 NAME
+
+RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
+padding
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, unsigned char *p, int pl);
+
+ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+
+ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+=head1 DESCRIPTION
+
+The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
+decrypt, sign and verify functions. Normally they should not be called
+from application programs.
+
+However, they can also be called directly to implement padding for other
+asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
+RSA_padding_check_PKCS1_OAEP() may be used in an application combined
+with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
+parameter.
+
+RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
+B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
+does not meet the size requirements of the encoding method.
+
+The following encoding methods are implemented:
+
+=over 4
+
+=item PKCS1_type_1
+
+PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
+
+=item PKCS1_type_2
+
+PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
+
+=item PKCS1_OAEP
+
+PKCS #1 v2.0 EME-OAEP
+
+=item SSLv23
+
+PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
+
+=item none
+
+simply copy the data
+
+=back
+
+The random number generator must be seeded prior to calling
+RSA_padding_add_xxx().
+
+RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
+a valid encoding for a B<rsa_len> byte RSA key in the respective
+encoding method and stores the recovered data of at most B<tlen> bytes
+(for B<RSA_NO_PADDING>: of size B<tlen>)
+at B<to>.
+
+For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
+of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
+
+=head1 RETURN VALUES
+
+The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
+The RSA_padding_check_xxx() functions return the length of the
+recovered data, -1 on error. Error codes can be obtained by calling
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
+RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
+RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
+RSA_padding_add_none() and RSA_padding_check_none() appeared in
+SSLeay 0.9.0.
+
+RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
+added in OpenSSL 0.9.2b.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod
new file mode 100644
index 0000000000..c971e91f4d
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_print.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp - print cryptographic parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+ #include <openssl/dsa.h>
+
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
+
+ #include <openssl/dh.h>
+
+ int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
+
+=head1 DESCRIPTION
+
+A human-readable hexadecimal output of the components of the RSA
+key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
+
+The output lines are indented by B<offset> spaces.
+
+=head1 RETURN VALUES
+
+These functions return 1 on success, 0 on error.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+
+=head1 HISTORY
+
+RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
+DH_print_fp() are available in all versions of SSLeay and OpenSSL.
+DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_private_encrypt.pod b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
new file mode 100644
index 0000000000..746a80c79e
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_private_encrypt.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+These functions handle RSA signatures at a low level.
+
+RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
+message digest with an algorithm identifier) using the private key
+B<rsa> and stores the signature in B<to>. B<to> must point to
+B<RSA_size(rsa)> bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This function does not handle the
+B<algorithmIdentifier> specified in PKCS #1. When generating or
+verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
+used.
+
+=item RSA_NO_PADDING
+
+Raw RSA signature. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Signing user data directly with RSA is insecure.
+
+=back
+
+RSA_public_decrypt() recovers the message digest from the B<flen>
+bytes long signature at B<from> using the signer's public key
+B<rsa>. B<to> must point to a memory section large enough to hold the
+message digest (which is smaller than B<RSA_size(rsa) -
+11>). B<padding> is the padding mode that was used to sign the data.
+
+=head1 RETURN VALUES
+
+RSA_private_encrypt() returns the size of the signature (i.e.,
+RSA_size(rsa)). RSA_public_decrypt() returns the size of the
+recovered message digest.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
new file mode 100644
index 0000000000..ab0fe3b2cd
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_public_encrypt.pod
@@ -0,0 +1,84 @@
+=pod
+
+=head1 NAME
+
+RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_public_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_private_decrypt(int flen, unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
+session key) using the public key B<rsa> and stores the ciphertext in
+B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This currently is the most widely used mode.
+
+=item RSA_PKCS1_OAEP_PADDING
+
+EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
+encoding parameter. This mode is recommended for all new applications.
+
+=item RSA_SSLV23_PADDING
+
+PKCS #1 v1.5 padding with an SSL-specific modification that denotes
+that the server is SSL3 capable.
+
+=item RSA_NO_PADDING
+
+Raw RSA encryption. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Encrypting user data directly with RSA is insecure.
+
+=back
+
+B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
+based padding modes, less than RSA_size(B<rsa>) - 41 for
+RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
+The random number generator must be seeded prior to calling
+RSA_public_encrypt().
+
+RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
+private key B<rsa> and stores the plaintext in B<to>. B<to> must point
+to a memory section large enough to hold the decrypted data (which is
+smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
+was used to encrypt the data.
+
+=head1 RETURN VALUES
+
+RSA_public_encrypt() returns the size of the encrypted data (i.e.,
+RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
+recovered plaintext.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_size(3)|RSA_size(3)>
+
+=head1 HISTORY
+
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
new file mode 100644
index 0000000000..0a305f6b14
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_set_method.pod
@@ -0,0 +1,202 @@
+=pod
+
+=head1 NAME
+
+RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
+RSA_new_method - select RSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ void RSA_set_default_method(const RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_default_method(void);
+
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
+
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+
+ RSA_METHOD *RSA_null_method(void);
+
+ int RSA_flags(const RSA *rsa);
+
+ RSA *RSA_new_method(RSA_METHOD *method);
+
+=head1 DESCRIPTION
+
+An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
+
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
+
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+
+RSA_new_method() allocates and initializes an B<RSA> structure so that
+B<method> will be used for the RSA operations. If B<method> is B<NULL>,
+the default method is used.
+
+=head1 THE RSA_METHOD STRUCTURE
+
+ typedef struct rsa_meth_st
+ {
+     /* name of the implementation */
+        const char *name;
+
+     /* encrypt */
+        int (*rsa_pub_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* verify arbitrary data */
+        int (*rsa_pub_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* sign arbitrary data */
+        int (*rsa_priv_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* decrypt */
+        int (*rsa_priv_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
+                                        implementations) */
+        int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+     /* called at RSA_new */
+        int (*init)(RSA *rsa);
+
+     /* called at RSA_free */
+        int (*finish)(RSA *rsa);
+
+     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+      *                            operations, even if p,q,dmp1,dmq1,iqmp
+      *                            are NULL
+      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify
+      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+      */
+        int flags;
+
+        char *app_data; /* ?? */
+
+     /* sign. For backward compatibility, this is used only
+      * if (flags & RSA_FLAG_SIGN_VER)
+      */
+        int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+     /* verify. For backward compatibility, this is used only
+      * if (flags & RSA_FLAG_SIGN_VER)
+      */
+        int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
+           unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+ } RSA_METHOD;
+
+=head1 RETURN VALUES
+
+RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
+and RSA_get_method() return pointers to the respective RSA_METHODs.
+
+RSA_set_default_method() returns no value.
+
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
+
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, RSA_METHOD implementations are grouped together with
+other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
+modules. If a default ENGINE is specified for RSA functionality using an
+ENGINE API function, that will override any RSA defaults set using the RSA
+API (ie.  RSA_set_default_method()). For this reason, the ENGINE API is the
+recommended way to control default implementations for use in RSA and other
+cryptographic algorithms.
+
+=head1 BUGS
+
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
+
+=head1 HISTORY
+
+RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
+RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
+well as the rsa_sign and rsa_verify components of RSA_METHOD were
+added in OpenSSL 0.9.4.
+
+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method()
+respectively, and RSA_set_method() and RSA_new_method() were altered to use
+B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
+API was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the ENGINE API now transparently overrides the
+behaviour of defaults in the RSA API without requiring changing these
+function prototypes.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign.pod b/src/lib/libcrypto/doc/RSA_sign.pod
new file mode 100644
index 0000000000..71688a665e
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_sign.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+RSA_sign, RSA_verify - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign() signs the message digest B<m> of size B<m_len> using the
+private key B<rsa> as specified in PKCS #1 v2.0. It stores the
+signature in B<sigret> and the signature size in B<siglen>. B<sigret>
+must point to RSA_size(B<rsa>) bytes of memory.
+
+B<type> denotes the message digest algorithm that was used to generate
+B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
+see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
+an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
+and no algorithm identifier) is created.
+
+RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<m> of size B<m_len>. B<type> denotes
+the message digest algorithm that was used to generate the signature.
+B<rsa> is the signer's public key.
+
+=head1 RETURN VALUES
+
+RSA_sign() returns 1 on success, 0 otherwise.  RSA_verify() returns 1
+on successful verification, 0 otherwise.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+Certain signatures with an improper algorithm identifier are accepted
+for compatibility with SSLeay 0.4.5 :-)
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+
+=head1 HISTORY
+
+RSA_sign() and RSA_verify() are available in all versions of SSLeay
+and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
new file mode 100644
index 0000000000..e70380bbfc
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+    RSA *rsa);
+
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+    RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
+B<m_len> using the private key B<rsa> represented in DER using PKCS #1
+padding. It stores the signature in B<sigret> and the signature size
+in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
+memory.
+
+B<dummy> is ignored.
+
+The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
+
+RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
+of size B<siglen> is the DER representation of a given octet string
+B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
+public key.
+
+=head1 RETURN VALUES
+
+RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
+RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
+otherwise.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+These functions serve no recognizable purpose.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
+added in SSLeay 0.8.
+
+=cut
diff --git a/src/lib/libcrypto/doc/RSA_size.pod b/src/lib/libcrypto/doc/RSA_size.pod
new file mode 100644
index 0000000000..5b7f835f95
--- /dev/null
+++ b/src/lib/libcrypto/doc/RSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+RSA_size - get RSA modulus size
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_size(const RSA *rsa);
+
+=head1 DESCRIPTION
+
+This function returns the RSA modulus size in bytes. It can be used to
+determine how much memory must be allocated for an RSA encrypted
+value.
+
+B<rsa-E<gt>n> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>
+
+=head1 HISTORY
+
+RSA_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
new file mode 100644
index 0000000000..ffafa37887
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_read_PKCS7.pod
@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
+SMIME_read_PKCS7 - parse S/MIME message.
+
+=head1 SYNOPSIS
+
+PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+
+=head1 DESCRIPTION
+
+SMIME_read_PKCS7() parses a message in S/MIME format.
+
+B<in> is a BIO to read the message from.
+
+If cleartext signing is used then the content is saved in
+a memory bio which is written to B<*bcont>, otherwise
+B<*bcont> is set to B<NULL>.
+
+The parsed PKCS#7 structure is returned or B<NULL> if an
+error occurred.
+
+=head1 NOTES
+
+If B<*bcont> is not B<NULL> then the message is clear text
+signed. B<*bcont> can then be passed to PKCS7_verify() with
+the B<PKCS7_DETACHED> flag set.
+
+Otherwise the type of the returned structure can be determined
+using PKCS7_type().
+
+To support future functionality if B<bcont> is not B<NULL>
+B<*bcont> should be initialized to B<NULL>. For example:
+
+ BIO *cont = NULL;
+ PKCS7 *p7;
+
+ p7 = SMIME_read_PKCS7(in, &cont);
+
+=head1 BUGS
+
+The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
+While it will handle most S/MIME messages more complex compound
+formats may not work.
+
+The parser assumes that the PKCS7 structure is always base64
+encoded and will not handle the case where it is in binary format
+or uses quoted printable format.
+
+The use of a memory BIO to hold the signed content limits the size
+of message which can be processed due to memory restraints: a
+streaming single pass option should be available.
+
+=head1 RETURN VALUES
+
+SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
+is an error occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)>
+L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_read_PKCS7() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
new file mode 100644
index 0000000000..2cfad2e049
--- /dev/null
+++ b/src/lib/libcrypto/doc/SMIME_write_PKCS7.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
+
+=head1 SYNOPSIS
+
+int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
+structure to produce an S/MIME message.
+
+B<out> is the BIO to write the data to. B<p7> is the appropriate
+B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
+being used then the signed data must be supplied in the B<data> 
+argument. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+The following flags can be passed in the B<flags> parameter.
+
+If B<PKCS7_DETACHED> is set then cleartext signing will be used,
+this option only makes sense for signedData where B<PKCS7_DETACHED>
+is also set when PKCS7_sign() is also called.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
+are added to the content, this only makes sense if B<PKCS7_DETACHED>
+is also set.
+
+If cleartext signing is being used then the data must be read twice:
+once to compute the signature in PKCS7_sign() and once to output the
+S/MIME message.
+
+=head1 BUGS
+
+SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
+should be an option to disable this.
+
+There should really be a way to produce cleartext signing using only
+a single pass of the data.
+
+=head1 RETURN VALUES
+
+SMIME_write_PKCS7() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_write_PKCS7() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
new file mode 100644
index 0000000000..11b35f6fd3
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
+X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
+X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
+
+=head1 SYNOPSIS
+
+ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
+
+=head1 DESCRIPTION
+
+X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
+and B<ASN1_OBJECT> structure.
+
+X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
+and B<ASN1_STRING> structure.
+
+X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
+
+X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
+B<type> and value determined by B<bytes> and B<len>.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+B<X509_NAME_ENTRY> structure.
+
+=head1 NOTES
+
+X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
+used to examine an B<X509_NAME_ENTRY> function as returned by 
+X509_NAME_get_entry() for example.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
+X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
+are seldom used in practice because B<X509_NAME_ENTRY> structures
+are almost always part of B<X509_NAME> structures and the
+corresponding B<X509_NAME> functions are typically used to
+create and add new entries in a single operation.
+
+The arguments of these functions support similar options to the similarly
+named ones of the corresponding B<X509_NAME> functions such as
+X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
+B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
+set first so the relevant field information can be looked up internally.
+
+=head1 RETURN VALUES
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
+L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
new file mode 100644
index 0000000000..e2ab4b0d2b
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
@@ -0,0 +1,114 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
+
+=head1 SYNOPSIS
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+
+int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+
+=head1 DESCRIPTION
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
+X509_NAME_add_entry_by_NID() add a field whose name is defined
+by a string B<field>, an object B<obj> or a NID B<nid> respectively.
+The field value to be added is in B<bytes> of length B<len>. If
+B<len> is -1 then the field length is calculated internally using
+strlen(bytes).
+
+The type of field is determined by B<type> which can either be a
+definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
+standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
+added to a position determined by B<loc> and B<set>.
+
+X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
+to B<name>. The new entry is added to a position determined by B<loc>
+and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
+the call.
+
+X509_NAME_delete_entry() deletes an entry from B<name> at position
+B<loc>. The deleted entry is returned and must be freed up.
+
+=head1 NOTES
+
+The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
+is strongly recommened for the B<type> parameter. This allows the
+internal code to correctly determine the type of the field and to
+apply length checks according to the relevant standards. This is
+done using ASN1_STRING_set_by_NID().
+
+If instead an ASN1 type is used no checks are performed and the
+supplied data in B<bytes> is used directly.
+
+In X509_NAME_add_entry_by_txt() the B<field> string represents
+the field name using OBJ_txt2obj(field, 0).
+
+The B<loc> and B<set> parameters determine where a new entry should
+be added. For almost all applications B<loc> can be set to -1 and B<set>
+to 0. This adds a new entry to the end of B<name> as a single valued
+RelativeDistinguishedName (RDN).
+
+B<loc> actually determines the index where the new entry is inserted:
+if it is -1 it is appended. 
+
+B<set> determines how the new type is added. If it is zero a
+new RDN is created.
+
+If B<set> is -1 or 1 it is added to the previous or next RDN
+structure respectively. This will then be a multivalued RDN:
+since multivalues RDNs are very seldom used B<set> is almost
+always set to zero.
+
+=head1 EXAMPLES
+
+Create an B<X509_NAME> structure:
+
+"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
+
+ X509_NAME *nm;
+ nm = X509_NAME_new();
+ if (nm == NULL)
+        /* Some error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+                        "C", "UK", -1, -1, 0))
+        /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+                        "O", "Disorganized Organization", -1, -1, 0))
+        /* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+                        "CN", "Joe Bloggs", -1, -1, 0))
+        /* Error */
+
+=head1 RETURN VALUES
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
+X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
+success of 0 if an error occurred.
+
+X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
+structure of B<NULL> if an error occurred.
+
+=head1 BUGS
+
+B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
+different algorithm to determine field types. Since this form does
+not understand multicharacter types, performs no length checks and
+can result in invalid field types its use is strongly discouraged.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
new file mode 100644
index 0000000000..333323d734
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
@@ -0,0 +1,106 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
+X509_NAME lookup and enumeration functions
+
+=head1 SYNOPSIS
+
+int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
+
+int X509_NAME_entry_count(X509_NAME *name);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+
+=head1 DESCRIPTION
+
+These functions allow an B<X509_NAME> structure to be examined. The
+B<X509_NAME> structure is the same as the B<Name> type defined in
+RFC2459 (and elsewhere) and used for example in certificate subject
+and issuer names.
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
+the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
+should initially be set to -1. If there are no more entries -1 is returned.
+
+X509_NAME_entry_count() returns the total number of entries in B<name>.
+
+X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
+corresponding to index B<loc>. Acceptable values for B<loc> run from
+0 to (X509_NAME_entry_count(name) - 1). The value returned is an
+internal pointer which must not be freed.
+
+X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
+the "text" from the first entry in B<name> which matches B<nid> or
+B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
+will be written and the text written to B<buf> will be null
+terminated. The length of the output string written is returned
+excluding the terminating null. If B<buf> is <NULL> then the amount
+of space needed in B<buf> (excluding the final null) is returned. 
+
+=head1 NOTES
+
+X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
+legacy functions which have various limitations which make them
+of minimal use in practice. They can only find the first matching
+entry and will copy the contents of the field verbatim: this can
+be highly confusing if the target is a muticharacter string type
+like a BMPString or a UTF8String.
+
+For a more general solution X509_NAME_get_index_by_NID() or
+X509_NAME_get_index_by_OBJ() should be used followed by
+X509_NAME_get_entry() on any matching indices and then the
+various B<X509_NAME_ENTRY> utility functions on the result.
+
+=head1 EXAMPLES
+
+Process all entries:
+
+ int i;
+ X509_NAME_ENTRY *e;
+
+ for (i = 0; i < X509_NAME_entry_count(nm); i++)
+        {
+        e = X509_NAME_get_entry(nm, i);
+        /* Do something with e */
+        }
+
+Process all commonName entries:
+
+ int loc;
+ X509_NAME_ENTRY *e;
+
+ loc = -1;
+ for (;;)
+        {
+        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+        if (lastpos == -1)
+                break;
+        e = X509_NAME_get_entry(nm, lastpos);
+        /* Do something with e */
+        }
+
+=head1 RETURN VALUES
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
+return the index of the next matching entry or -1 if not found.
+
+X509_NAME_entry_count() returns the total number of entries.
+
+X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
+requested entry or B<NULL> if the index is invalid.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
new file mode 100644
index 0000000000..919b908919
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+X509_NAME_oneline - X509_NAME printing routines.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+
+=head1 DESCRIPTION
+
+X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
+line (for multiline formats) is indented by B<indent> spaces. The output format
+can be extensively customised by use of the B<flags> parameter.
+
+X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
+written to FILE pointer B<fp>.
+
+X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
+bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
+and returned, otherwise B<buf> is returned.
+
+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> 
+characters. Multiple lines are used if the output (including indent) exceeds
+80 characters.
+
+=head1 NOTES
+
+The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
+produce a non standard output form, they don't handle multi character fields and
+have various quirks and inconsistencies. Their use is strongly discouraged in new
+applications.
+
+Although there are a large number of possible flags for most purposes
+B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
+As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
+for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example
+B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used.
+
+The complete set of the flags supported by X509_NAME_print_ex() is listed below.
+
+Several options can be ored together.
+
+The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
+B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
+to use. Two distinct separators are used between distinct RelativeDistinguishedName
+components and separate values in the same RDN for a multi-valued RDN. Multi-valued
+RDNs are currently very rare so the second separator will hardly ever be used.
+
+B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
+uses comma and plus with spaces: this is more readable that plain comma and plus.
+B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
+spaced newline and plus respectively.
+
+If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
+
+The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
+B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
+use the short name (e.g. CN) the long name (e.g. commonName) always
+use OID numerical form (normally OIDs are only used if the field name is not
+recognised) and no field name respectively.
+
+If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
+separating field names and values.
+
+If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
+printed instead of the values.
+
+If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
+is only of use for multiline format.
+
+Additionally all the options supported by ASN1_STRING_print_ex() can be used to 
+control how each field value is displayed.
+
+In addition a number options can be set for commonly used formats.
+
+B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
+is equivalent to:
+ B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
+
+
+B<XN_FLAG_ONELINE> is a more readable one line format it is the same as:
+ B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
+
+B<XN_FLAG_MULTILINE> is a multiline format is is the same as:
+ B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
+
+B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
+
+=head1 SEE ALSO
+
+L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/X509_new.pod b/src/lib/libcrypto/doc/X509_new.pod
new file mode 100644
index 0000000000..fd5fc65ce1
--- /dev/null
+++ b/src/lib/libcrypto/doc/X509_new.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+X509_new, X509_free - X509 certificate ASN1 allocation functions
+
+=head1 SYNOPSIS
+
+ X509 *X509_new(void);
+ void X509_free(X509 *a);
+
+=head1 DESCRIPTION
+
+The X509 ASN1 allocation routines, allocate and free an
+X509 structure, which represents an X509 certificate.
+
+X509_new() allocates and initializes a X509 structure.
+
+X509_free() frees up the B<X509> structure B<a>.
+
+=head1 RETURN VALUES
+
+If the allocation fails, X509_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+
+X509_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod
new file mode 100644
index 0000000000..210dfeac08
--- /dev/null
+++ b/src/lib/libcrypto/doc/bn.pod
@@ -0,0 +1,158 @@
+=pod
+
+=head1 NAME
+
+bn - multiprecision integer arithmetics
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_new(void);
+ void BN_free(BIGNUM *a);
+ void BN_init(BIGNUM *);
+ void BN_clear(BIGNUM *a);
+ void BN_clear_free(BIGNUM *a);
+
+ BN_CTX *BN_CTX_new(void);
+ void BN_CTX_init(BN_CTX *c);
+ void BN_CTX_free(BN_CTX *c);
+
+ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+ BIGNUM *BN_dup(const BIGNUM *a);
+
+ BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
+
+ int BN_num_bytes(const BIGNUM *a);
+ int BN_num_bits(const BIGNUM *a);
+ int BN_num_bits_word(BN_ULONG w);
+
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+         BN_CTX *ctx);
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+         const BIGNUM *m, BN_CTX *ctx);
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+ const BIGNUM *BN_value_one(void);
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+         BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+ int BN_is_prime(const BIGNUM *p, int nchecks,
+         void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+ int BN_is_bit_set(const BIGNUM *a, int n);
+ int BN_mask_bits(BIGNUM *a, int n);
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+     BN_CTX *ctx);
+
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+        BN_RECP_CTX *recp, BN_CTX *ctx);
+
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+         BN_MONT_CTX *mont, BN_CTX *ctx);
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+
+
+=head1 DESCRIPTION
+
+This library performs arithmetic operations on integers of arbitrary
+size. It was written for use in public key cryptography, such as RSA
+and Diffie-Hellman.
+
+It uses dynamic memory allocation for storing its data structures.
+That means that there is no limit on the size of the numbers
+manipulated by these functions, but return values must always be
+checked in case a memory allocation error has occurred.
+
+The basic object in this library is a B<BIGNUM>. It is used to hold a
+single large integer. This type should be considered opaque and fields
+should not be modified or accessed directly.
+
+The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
+L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
+Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
+describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
+random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
+numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
+of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
+
+=head1 SEE ALSO
+
+L<bn_internal(3)|bn_internal(3)>,
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
+L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
+L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
+L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
+L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
+L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> 
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod b/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod
new file mode 100644
index 0000000000..45bb18492c
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_ASN1_OBJECT.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/objects.h>
+
+ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
+ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an ASN1 OBJECT IDENTIFIER.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_DHparams.pod b/src/lib/libcrypto/doc/d2i_DHparams.pod
new file mode 100644
index 0000000000..1e98aebeca
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_DHparams.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode PKCS#3 DH parameters using the
+DHparameter structure described in PKCS#3.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
new file mode 100644
index 0000000000..22c1b50f22
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_DSAPublicKey.pod
@@ -0,0 +1,83 @@
+=pod
+
+=head1 NAME
+
+d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding
+and parsing functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+ #include <openssl/x509.h>
+
+ DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
+
+ int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
+components structure.
+
+d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
+
+d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
+components.
+
+d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
+a B<Dss-Parms> structure as defined in RFC2459.
+
+d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
+B<Dss-Sig-Value> structure as defined in RFC2459.
+
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 NOTES
+
+The B<DSA> structure passed to the private key encoding functions should have
+all the private key components present.
+
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security.
+
+The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
+functions when encoding public keys because they use a standard format.
+
+The B<DSAPublicKey> functions use an non standard format the actual data encoded
+depends on the value of the B<write_params> field of the B<a> key parameter.
+If B<write_params> is zero then only the B<pub_key> field is encoded as an
+B<INTEGER>. If B<write_params> is 1 then a B<SEQUENCE> consisting of the
+B<p>, B<q>, B<g> and B<pub_key> respectively fields are encoded.
+
+The B<DSAPrivateKey> functions also use a non standard structure consiting
+consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
+B<priv_key> fields respectively.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
new file mode 100644
index 0000000000..279b29c873
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,
+d2i_Netscape_RSA - RSA public and private key encoding functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+ #include <openssl/x509.h>
+
+ RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+
+ RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+
+ RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+
+ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+
+ RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+
+=head1 DESCRIPTION
+
+d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
+structure.
+
+d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
+a SubjectPublicKeyInfo (certificate public key) structure.
+
+d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
+structure.
+
+d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
+NET format.
+
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 NOTES
+
+The B<RSA> structure passed to the private key encoding functions should have
+all the PKCS#1 private key components present.
+
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security. 
+
+The NET format functions are present to provide compatibility with certain very
+old software. This format has some severe security weaknesses and should be
+avoided if possible.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod
new file mode 100644
index 0000000000..5e3c3d0985
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509.pod
@@ -0,0 +1,231 @@
+=pod
+
+=head1 NAME
+
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+i2d_X509_fp - X509 encode and decode functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509 *d2i_X509(X509 **px, unsigned char **in, int len);
+ int i2d_X509(X509 *x, unsigned char **out);
+
+ X509 *d2i_X509_bio(BIO *bp, X509 **x);
+ X509 *d2i_X509_fp(FILE *fp, X509 **x);
+
+ int i2d_X509_bio(X509 *x, BIO *bp);
+ int i2d_X509_fp(X509 *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+The X509 encode and decode routines encode and parse an
+B<X509> structure, which represents an X509 certificate.
+
+d2i_X509() attempts to decode B<len> bytes at B<*out>. If 
+successful a pointer to the B<X509> structure is returned. If an error
+occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
+returned structure is written to B<*px>. If B<*px> is not B<NULL>
+then it is assumed that B<*px> contains a valid B<X509>
+structure and an attempt is made to reuse it. If the call is
+successful B<*out> is incremented to the byte following the
+parsed data.
+
+i2d_X509() encodes the structure pointed to by B<x> into DER format.
+If B<out> is not B<NULL> is writes the DER encoded data to the buffer
+at B<*out>, and increments it to point after the data just written.
+If the return value is negative an error occurred, otherwise it
+returns the length of the encoded data. 
+
+For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
+allocated for a buffer and the encoded data written to it. In this
+case B<*out> is not incremented and it points to the start of the
+data just written.
+
+d2i_X509_bio() is similar to d2i_X509() except it attempts
+to parse data from BIO B<bp>.
+
+d2i_X509_fp() is similar to d2i_X509() except it attempts
+to parse data from FILE pointer B<fp>.
+
+i2d_X509_bio() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+i2d_X509_fp() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+=head1 NOTES
+
+The letters B<i> and B<d> in for example B<i2d_X509> stand for
+"internal" (that is an internal C structure) and "DER". So that
+B<i2d_X509> converts from internal to DER.
+
+The functions can also understand B<BER> forms.
+
+The actual X509 structure passed to i2d_X509() must be a valid
+populated B<X509> structure it can B<not> simply be fed with an
+empty structure such as that returned by X509_new().
+
+The encoded data is in binary form and may contain embedded zeroes.
+Therefore any FILE pointers or BIOs should be opened in binary mode.
+Functions such as B<strlen()> will B<not> return the correct length
+of the encoded structure.
+
+The ways that B<*in> and B<*out> are incremented after the operation
+can trap the unwary. See the B<WARNINGS> section for some common
+errors.
+
+The reason for the auto increment behaviour is to reflect a typical
+usage of ASN1 functions: after one structure is encoded or decoded
+another will processed after it.
+
+=head1 EXAMPLES
+
+Allocate and encode the DER encoding of an X509 structure:
+
+ int len;
+ unsigned char *buf, *p;
+
+ len = i2d_X509(x, NULL);
+
+ buf = OPENSSL_malloc(len);
+
+ if (buf == NULL)
+        /* error */
+
+ p = buf;
+
+ i2d_X509(x, &p);
+
+If you are using OpenSSL 0.9.7 or later then this can be
+simplified to:
+
+
+ int len;
+ unsigned char *buf;
+
+ buf = NULL;
+
+ len = i2d_X509(x, &buf);
+
+ if (len < 0)
+        /* error */
+
+Attempt to decode a buffer:
+
+ X509 *x;
+
+ unsigned char *buf, *p;
+
+ int len;
+
+ /* Something to setup buf and len */
+
+ p = buf;
+
+ x = d2i_X509(NULL, &p, len);
+
+ if (x == NULL)
+    /* Some error */
+
+Alternative technique:
+
+ X509 *x;
+
+ unsigned char *buf, *p;
+
+ int len;
+
+ /* Something to setup buf and len */
+
+ p = buf;
+
+ x = NULL;
+
+ if(!d2i_X509(&x, &p, len))
+    /* Some error */
+
+
+=head1 WARNINGS
+
+The use of temporary variable is mandatory. A common
+mistake is to attempt to use a buffer directly as follows:
+
+ int len;
+ unsigned char *buf;
+
+ len = i2d_X509(x, NULL);
+
+ buf = OPENSSL_malloc(len);
+
+ if (buf == NULL)
+        /* error */
+
+ i2d_X509(x, &buf);
+
+ /* Other stuff ... */
+
+ OPENSSL_free(buf);
+
+This code will result in B<buf> apparently containing garbage because
+it was incremented after the call to point after the data just written.
+Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
+and the subsequent call to B<OPENSSL_free()> may well crash.
+
+The auto allocation feature (setting buf to NULL) only works on OpenSSL
+0.9.7 and later. Attempts to use it on earlier versions will typically
+cause a segmentation violation.
+
+Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
+
+ X509 *x;
+
+ if (!d2i_X509(&x, &p, len))
+        /* Some error */
+
+This will probably crash somewhere in B<d2i_X509()>. The reason for this
+is that the variable B<x> is uninitialized and an attempt will be made to
+interpret its (invalid) value as an B<X509> structure, typically causing
+a segmentation violation. If B<x> is set to NULL first then this will not
+happen.
+
+=head1 BUGS
+
+In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when 
+B<*px> is valid is broken and some parts of the reused structure may
+persist if they are not present in the new one. As a result the use
+of this "reuse" behaviour is strongly discouraged.
+
+i2d_X509() will not return an error in many versions of OpenSSL,
+if mandatory fields are not initialized due to a programming error
+then the encoded structure may contain invalid data or omit the
+fields entirely and will not be parsed by d2i_X509(). This may be
+fixed in future so code should not assume that i2d_X509() will
+always succeed.
+
+=head1 RETURN VALUES
+
+d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+or B<NULL> if an error occurs. The error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
+successfully encoded or a negative value if an error occurs. The error code
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error 
+occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
+are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod b/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
new file mode 100644
index 0000000000..9e5cd92ca7
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
+ int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an B<X509_ALGOR> structure which is
+equivalent to the B<AlgorithmIdentifier> structure.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_CRL.pod b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
new file mode 100644
index 0000000000..06c5b23c09
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length);
+ int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
+
+ X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
+ X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
+
+ int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
+ int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an X509 CRL (certificate revocation
+list).
+
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_NAME.pod b/src/lib/libcrypto/doc/d2i_X509_NAME.pod
new file mode 100644
index 0000000000..343ffe1519
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_NAME.pod
@@ -0,0 +1,31 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
+ int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an B<X509_NAME> structure which is the
+the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
+for example in certificate subject and issuer names.
+
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_REQ.pod b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
new file mode 100644
index 0000000000..be4ad68257
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length);
+ int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
+
+ X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
+ X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
+
+ int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
+ int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode a PKCS#10 certificate request.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_SIG.pod b/src/lib/libcrypto/doc/d2i_X509_SIG.pod
new file mode 100644
index 0000000000..e48fd79a51
--- /dev/null
+++ b/src/lib/libcrypto/doc/d2i_X509_SIG.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
+ int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an X509_SIG structure which is
+equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod
new file mode 100644
index 0000000000..c3ccd06207
--- /dev/null
+++ b/src/lib/libcrypto/doc/dh.pod
@@ -0,0 +1,78 @@
+=pod
+
+=head1 NAME
+
+dh - Diffie-Hellman key agreement
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+ #include <openssl/engine.h>
+
+ DH *   DH_new(void);
+ void   DH_free(DH *dh);
+
+ int    DH_size(const DH *dh);
+
+ DH *   DH_generate_parameters(int prime_len, int generator,
+                void (*callback)(int, int, void *), void *cb_arg);
+ int    DH_check(const DH *dh, int *codes);
+
+ int    DH_generate_key(DH *dh);
+ int    DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
+ const DH_METHOD *DH_OpenSSL(void);
+
+ int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+             int (*dup_func)(), void (*free_func)());
+ int DH_set_ex_data(DH *d, int idx, char *arg);
+ char *DH_get_ex_data(DH *d, int idx);
+
+ DH *   d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int    i2d_DHparams(const DH *a, unsigned char **pp);
+
+ int    DHparams_print_fp(FILE *fp, const DH *x);
+ int    DHparams_print(BIO *bp, const DH *x);
+
+=head1 DESCRIPTION
+
+These functions implement the Diffie-Hellman key agreement protocol.
+The generation of shared DH parameters is described in
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
+to perform a key agreement.
+
+The B<DH> structure consists of several BIGNUM components.
+
+ struct
+        {
+        BIGNUM *p;              // prime number (shared)
+        BIGNUM *g;              // generator of Z_p (shared)
+        BIGNUM *priv_key;       // private DH value x
+        BIGNUM *pub_key;        // public DH value g^x
+        // ...
+        };
+ DH
+
+Note that DH keys may use non-standard B<DH_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DH
+structure elements directly and instead use API functions to query or
+modify keys.
+
+=head1 SEE ALSO
+
+L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
+L<RSA_print(3)|RSA_print(3)> 
+
+=cut
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
new file mode 100644
index 0000000000..ae2e5d81f9
--- /dev/null
+++ b/src/lib/libcrypto/doc/dsa.pod
@@ -0,0 +1,113 @@
+=pod
+
+=head1 NAME
+
+dsa - Digital Signature Algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+ #include <openssl/engine.h>
+
+ DSA *  DSA_new(void);
+ void   DSA_free(DSA *dsa);
+
+ int    DSA_size(const DSA *dsa);
+
+ DSA *  DSA_generate_parameters(int bits, unsigned char *seed,
+                int seed_len, int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *), void *cb_arg);
+
+ DH *   DSA_dup_DH(const DSA *r);
+
+ int    DSA_generate_key(DSA *dsa);
+
+ int    DSA_sign(int dummy, const unsigned char *dgst, int len,
+                unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int    DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+                BIGNUM **rp);
+ int    DSA_verify(int dummy, const unsigned char *dgst, int len,
+                const unsigned char *sigbuf, int siglen, DSA *dsa);
+
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
+ const DSA_METHOD *DSA_OpenSSL(void);
+
+ int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+             int (*dup_func)(), void (*free_func)());
+ int DSA_set_ex_data(DSA *d, int idx, char *arg);
+ char *DSA_get_ex_data(DSA *d, int idx);
+
+ DSA_SIG *DSA_SIG_new(void);
+ void   DSA_SIG_free(DSA_SIG *a);
+ int    i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+ DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ int    DSA_do_verify(const unsigned char *dgst, int dgst_len,
+             DSA_SIG *sig, DSA *dsa);
+
+ DSA *  d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+ DSA *  d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+ DSA *  d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+ int    i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ int    i2d_DSAparams(const DSA *a,unsigned char **pp);
+
+ int    DSAparams_print(BIO *bp, const DSA *x);
+ int    DSAparams_print_fp(FILE *fp, const DSA *x);
+ int    DSA_print(BIO *bp, const DSA *x, int off);
+ int    DSA_print_fp(FILE *bp, const DSA *x, int off);
+
+=head1 DESCRIPTION
+
+These functions implement the Digital Signature Algorithm (DSA).  The
+generation of shared DSA parameters is described in
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>;
+L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
+generate a signature key. Signature generation and verification are
+described in L<DSA_sign(3)|DSA_sign(3)>.
+
+The B<DSA> structure consists of several BIGNUM components.
+
+ struct
+        {
+        BIGNUM *p;              // prime number (public)
+        BIGNUM *q;              // 160-bit subprime, q | p-1 (public)
+        BIGNUM *g;              // generator of subgroup (public)
+        BIGNUM *priv_key;       // private key x
+        BIGNUM *pub_key;        // public key y = g^x
+        // ...
+        }
+ DSA;
+
+In public keys, B<priv_key> is NULL.
+
+Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<DSA_size(3)|DSA_size(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>,
+L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
+L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
+L<RSA_print(3)|RSA_print(3)>
+
+=cut
diff --git a/src/lib/libcrypto/doc/engine.pod b/src/lib/libcrypto/doc/engine.pod
new file mode 100644
index 0000000000..c77dad5562
--- /dev/null
+++ b/src/lib/libcrypto/doc/engine.pod
@@ -0,0 +1,621 @@
+=pod
+
+=head1 NAME
+
+engine - ENGINE cryptographic module support
+
+=head1 SYNOPSIS
+
+ #include <openssl/engine.h>
+
+ ENGINE *ENGINE_get_first(void);
+ ENGINE *ENGINE_get_last(void);
+ ENGINE *ENGINE_get_next(ENGINE *e);
+ ENGINE *ENGINE_get_prev(ENGINE *e);
+
+ int ENGINE_add(ENGINE *e);
+ int ENGINE_remove(ENGINE *e);
+
+ ENGINE *ENGINE_by_id(const char *id);
+
+ int ENGINE_init(ENGINE *e);
+ int ENGINE_finish(ENGINE *e);
+
+ void ENGINE_load_openssl(void);
+ void ENGINE_load_dynamic(void);
+ void ENGINE_load_cswift(void);
+ void ENGINE_load_chil(void);
+ void ENGINE_load_atalla(void);
+ void ENGINE_load_nuron(void);
+ void ENGINE_load_ubsec(void);
+ void ENGINE_load_aep(void);
+ void ENGINE_load_sureware(void);
+ void ENGINE_load_4758cca(void);
+ void ENGINE_load_openbsd_dev_crypto(void);
+ void ENGINE_load_builtin_engines(void);
+
+ void ENGINE_cleanup(void);
+
+ ENGINE *ENGINE_get_default_RSA(void);
+ ENGINE *ENGINE_get_default_DSA(void);
+ ENGINE *ENGINE_get_default_DH(void);
+ ENGINE *ENGINE_get_default_RAND(void);
+ ENGINE *ENGINE_get_cipher_engine(int nid);
+ ENGINE *ENGINE_get_digest_engine(int nid);
+
+ int ENGINE_set_default_RSA(ENGINE *e);
+ int ENGINE_set_default_DSA(ENGINE *e);
+ int ENGINE_set_default_DH(ENGINE *e);
+ int ENGINE_set_default_RAND(ENGINE *e);
+ int ENGINE_set_default_ciphers(ENGINE *e);
+ int ENGINE_set_default_digests(ENGINE *e);
+ int ENGINE_set_default_string(ENGINE *e, const char *list);
+
+ int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+ unsigned int ENGINE_get_table_flags(void);
+ void ENGINE_set_table_flags(unsigned int flags);
+
+ int ENGINE_register_RSA(ENGINE *e);
+ void ENGINE_unregister_RSA(ENGINE *e);
+ void ENGINE_register_all_RSA(void);
+ int ENGINE_register_DSA(ENGINE *e);
+ void ENGINE_unregister_DSA(ENGINE *e);
+ void ENGINE_register_all_DSA(void);
+ int ENGINE_register_DH(ENGINE *e);
+ void ENGINE_unregister_DH(ENGINE *e);
+ void ENGINE_register_all_DH(void);
+ int ENGINE_register_RAND(ENGINE *e);
+ void ENGINE_unregister_RAND(ENGINE *e);
+ void ENGINE_register_all_RAND(void);
+ int ENGINE_register_ciphers(ENGINE *e);
+ void ENGINE_unregister_ciphers(ENGINE *e);
+ void ENGINE_register_all_ciphers(void);
+ int ENGINE_register_digests(ENGINE *e);
+ void ENGINE_unregister_digests(ENGINE *e);
+ void ENGINE_register_all_digests(void);
+ int ENGINE_register_complete(ENGINE *e);
+ int ENGINE_register_all_complete(void);
+
+ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+         long i, void *p, void (*f)(), int cmd_optional);
+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                 int cmd_optional);
+
+ int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+ void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+ int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+
+ int ENGINE_set_id(ENGINE *e, const char *id);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+ int ENGINE_set_flags(ENGINE *e, int flags);
+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+
+ const char *ENGINE_get_id(const ENGINE *e);
+ const char *ENGINE_get_name(const ENGINE *e);
+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+ int ENGINE_get_flags(const ENGINE *e);
+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+
+ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+
+ void ENGINE_add_conf_module(void);
+
+=head1 DESCRIPTION
+
+These functions create, manipulate, and use cryptographic modules in the
+form of B<ENGINE> objects. These objects act as containers for
+implementations of cryptographic algorithms, and support a
+reference-counted mechanism to allow them to be dynamically loaded in and
+out of the running application.
+
+The cryptographic functionality that can be provided by an B<ENGINE>
+implementation includes the following abstractions;
+
+ RSA_METHOD - for providing alternative RSA implementations
+ DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND
+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+ key-loading - loading public and/or private EVP_PKEY keys
+
+=head2 Reference counting and handles
+
+Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
+treated as handles - ie. not only as pointers, but also as references to
+the underlying ENGINE object. Ie. you should obtain a new reference when
+making copies of an ENGINE pointer if the copies will be used (and
+released) independantly.
+
+ENGINE objects have two levels of reference-counting to match the way in
+which the objects are used. At the most basic level, each ENGINE pointer is
+inherently a B<structural> reference - you need a structural reference
+simply to refer to the pointer value at all, as this kind of reference is
+your guarantee that the structure can not be deallocated until you release
+your reference.
+
+However, a structural reference provides no guarantee that the ENGINE has
+been initiliased to be usable to perform any of its cryptographic
+implementations - and indeed it's quite possible that most ENGINEs will not
+initialised at all on standard setups, as ENGINEs are typically used to
+support specialised hardware. To use an ENGINE's functionality, you need a
+B<functional> reference. This kind of reference can be considered a
+specialised form of structural reference, because each functional reference
+implicitly contains a structural reference as well - however to avoid
+difficult-to-find programming bugs, it is recommended to treat the two
+kinds of reference independantly. If you have a functional reference to an
+ENGINE, you have a guarantee that the ENGINE has been initialised ready to
+perform cryptographic operations and will not be uninitialised or cleaned
+up until after you have released your reference.
+
+We will discuss the two kinds of reference separately, including how to
+tell which one you are dealing with at any given point in time (after all
+they are both simply (ENGINE *) pointers, the difference is in the way they
+are used).
+
+I<Structural references>
+
+This basic type of reference is typically used for creating new ENGINEs
+dynamically, iterating across OpenSSL's internal linked-list of loaded
+ENGINEs, reading information about an ENGINE, etc. Essentially a structural
+reference is sufficient if you only need to query or manipulate the data of
+an ENGINE implementation rather than use its functionality.
+
+The ENGINE_new() function returns a structural reference to a new (empty)
+ENGINE object. Other than that, structural references come from return
+values to various ENGINE API functions such as; ENGINE_by_id(),
+ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(),
+ENGINE_get_prev(). All structural references should be released by a
+corresponding to call to the ENGINE_free() function - the ENGINE object
+itself will only actually be cleaned up and deallocated when the last
+structural reference is released.
+
+It should also be noted that many ENGINE API function calls that accept a
+structural reference will internally obtain another reference - typically
+this happens whenever the supplied ENGINE will be needed by OpenSSL after
+the function has returned. Eg. the function to add a new ENGINE to
+OpenSSL's internal list is ENGINE_add() - if this function returns success,
+then OpenSSL will have stored a new structural reference internally so the
+caller is still responsible for freeing their own reference with
+ENGINE_free() when they are finished with it. In a similar way, some
+functions will automatically release the structural reference passed to it
+if part of the function's job is to do so. Eg. the ENGINE_get_next() and
+ENGINE_get_prev() functions are used for iterating across the internal
+ENGINE list - they will return a new structural reference to the next (or
+previous) ENGINE in the list or NULL if at the end (or beginning) of the
+list, but in either case the structural reference passed to the function is
+released on behalf of the caller.
+
+To clarify a particular function's handling of references, one should
+always consult that function's documentation "man" page, or failing that
+the openssl/engine.h header file includes some hints.
+
+I<Functional references>
+
+As mentioned, functional references exist when the cryptographic
+functionality of an ENGINE is required to be available. A functional
+reference can be obtained in one of two ways; from an existing structural
+reference to the required ENGINE, or by asking OpenSSL for the default
+operational ENGINE for a given cryptographic purpose.
+
+To obtain a functional reference from an existing structural reference,
+call the ENGINE_init() function. This returns zero if the ENGINE was not
+already operational and couldn't be successfully initialised (eg. lack of
+system drivers, no special hardware attached, etc), otherwise it will
+return non-zero to indicate that the ENGINE is now operational and will
+have allocated a new B<functional> reference to the ENGINE. In this case,
+the supplied ENGINE pointer is, from the point of the view of the caller,
+both a structural reference and a functional reference - so if the caller
+intends to use it as a functional reference it should free the structural
+reference with ENGINE_free() first. If the caller wishes to use it only as
+a structural reference (eg. if the ENGINE_init() call was simply to test if
+the ENGINE seems available/online), then it should free the functional
+reference; all functional references are released by the ENGINE_finish()
+function.
+
+The second way to get a functional reference is by asking OpenSSL for a
+default implementation for a given task, eg. by ENGINE_get_default_RSA(),
+ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
+section, though they are not usually required by application programmers as
+they are used automatically when creating and using the relevant
+algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
+
+=head2 Default implementations
+
+For each supported abstraction, the ENGINE code maintains an internal table
+of state to control which implementations are available for a given
+abstraction and which should be used by default. These implementations are
+registered in the tables separated-out by an 'nid' index, because
+abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
+algorithms and modes - ENGINEs will support different numbers and
+combinations of these. In the case of other abstractions like RSA, DSA,
+etc, there is only one "algorithm" so all implementations implicitly
+register using the same 'nid' index. ENGINEs can be B<registered> into
+these tables to make themselves available for use automatically by the
+various abstractions, eg. RSA. For illustrative purposes, we continue with
+the RSA example, though all comments apply similarly to the other
+abstractions (they each get their own table and linkage to the
+corresponding section of openssl code).
+
+When a new RSA key is being created, ie. in RSA_new_method(), a
+"get_default" call will be made to the ENGINE subsystem to process the RSA
+state table and return a functional reference to an initialised ENGINE
+whose RSA_METHOD should be used. If no ENGINE should (or can) be used, it
+will return NULL and the RSA key will operate with a NULL ENGINE handle by
+using the conventional RSA implementation in OpenSSL (and will from then on
+behave the way it used to before the ENGINE API existed - for details see
+L<RSA_new_method(3)|RSA_new_method(3)>).
+
+Each state table has a flag to note whether it has processed this
+"get_default" query since the table was last modified, because to process
+this question it must iterate across all the registered ENGINEs in the
+table trying to initialise each of them in turn, in case one of them is
+operational. If it returns a functional reference to an ENGINE, it will
+also cache another reference to speed up processing future queries (without
+needing to iterate across the table). Likewise, it will cache a NULL
+response if no ENGINE was available so that future queries won't repeat the
+same iteration unless the state table changes. This behaviour can also be
+changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
+ENGINE_set_table_flags()), no attempted initialisations will take place,
+instead the only way for the state table to return a non-NULL ENGINE to the
+"get_default" query will be if one is expressly set in the table. Eg.
+ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
+that it also sets the state table's cached response for the "get_default"
+query.
+
+In the case of abstractions like EVP_CIPHER, where implementations are
+indexed by 'nid', these flags and cached-responses are distinct for each
+'nid' value.
+
+It is worth illustrating the difference between "registration" of ENGINEs
+into these per-algorithm state tables and using the alternative
+"set_default" functions. The latter handles both "registration" and also
+setting the cached "default" ENGINE in each relevant state table - so
+registered ENGINEs will only have a chance to be initialised for use as a
+default if a default ENGINE wasn't already set for the same state table.
+Eg. if ENGINE X supports cipher nids {A,B} and RSA, ENGINE Y supports
+ciphers {A} and DSA, and the following code is executed;
+
+ ENGINE_register_complete(X);
+ ENGINE_set_default(Y, ENGINE_METHOD_ALL);
+ e1 = ENGINE_get_default_RSA();
+ e2 = ENGINE_get_cipher_engine(A);
+ e3 = ENGINE_get_cipher_engine(B);
+ e4 = ENGINE_get_default_DSA();
+ e5 = ENGINE_get_cipher_engine(C);
+
+The results would be as follows;
+
+ assert(e1 == X);
+ assert(e2 == Y);
+ assert(e3 == X);
+ assert(e4 == Y);
+ assert(e5 == NULL);
+
+=head2 Application requirements
+
+This section will explain the basic things an application programmer should
+support to make the most useful elements of the ENGINE functionality
+available to the user. The first thing to consider is whether the
+programmer wishes to make alternative ENGINE modules available to the
+application and user. OpenSSL maintains an internal linked list of
+"visible" ENGINEs from which it has to operate - at start-up, this list is
+empty and in fact if an application does not call any ENGINE API calls and
+it uses static linking against openssl, then the resulting application
+binary will not contain any alternative ENGINE code at all. So the first
+consideration is whether any/all available ENGINE implementations should be
+made visible to OpenSSL - this is controlled by calling the various "load"
+functions, eg.
+
+ /* Make the "dynamic" ENGINE available */
+ void ENGINE_load_dynamic(void);
+ /* Make the CryptoSwift hardware acceleration support available */
+ void ENGINE_load_cswift(void);
+ /* Make support for nCipher's "CHIL" hardware available */
+ void ENGINE_load_chil(void);
+ ...
+ /* Make ALL ENGINE implementations bundled with OpenSSL available */
+ void ENGINE_load_builtin_engines(void);
+
+Having called any of these functions, ENGINE objects would have been
+dynamically allocated and populated with these implementations and linked
+into OpenSSL's internal linked list. At this point it is important to
+mention an important API function;
+
+ void ENGINE_cleanup(void);
+
+If no ENGINE API functions are called at all in an application, then there
+are no inherent memory leaks to worry about from the ENGINE functionality,
+however if any ENGINEs are "load"ed, even if they are never registered or
+used, it is necessary to use the ENGINE_cleanup() function to
+correspondingly cleanup before program exit, if the caller wishes to avoid
+memory leaks. This mechanism uses an internal callback registration table
+so that any ENGINE API functionality that knows it requires cleanup can
+register its cleanup details to be called during ENGINE_cleanup(). This
+approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
+at all that your program uses, yet doesn't automatically create linker
+dependencies to all possible ENGINE functionality - only the cleanup
+callbacks required by the functionality you do use will be required by the
+linker.
+
+The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
+the program and loaded into memory at run-time) does not mean they are
+"registered" or called into use by OpenSSL automatically - that behaviour
+is something for the application to have control over. Some applications
+will want to allow the user to specify exactly which ENGINE they want used
+if any is to be used at all. Others may prefer to load all support and have
+OpenSSL automatically use at run-time any ENGINE that is able to
+successfully initialise - ie. to assume that this corresponds to
+acceleration hardware attached to the machine or some such thing. There are
+probably numerous other ways in which applications may prefer to handle
+things, so we will simply illustrate the consequences as they apply to a
+couple of simple cases and leave developers to consider these and the
+source code to openssl's builtin utilities as guides.
+
+I<Using a specific ENGINE implementation>
+
+Here we'll assume an application has been configured by its user or admin
+to want to use the "ACME" ENGINE if it is available in the version of
+OpenSSL the application was compiled with. If it is available, it should be
+used by default for all RSA, DSA, and symmetric cipher operation, otherwise
+OpenSSL should use its builtin software as per usual. The following code
+illustrates how to approach this;
+
+ ENGINE *e;
+ const char *engine_id = "ACME";
+ ENGINE_load_builtin_engines();
+ e = ENGINE_by_id(engine_id);
+ if(!e)
+     /* the engine isn't available */
+     return;
+ if(!ENGINE_init(e)) {
+     /* the engine couldn't initialise, release 'e' */
+     ENGINE_free(e);
+     return;
+ }
+ if(!ENGINE_set_default_RSA(e))
+     /* This should only happen when 'e' can't initialise, but the previous
+      * statement suggests it did. */
+     abort();
+ ENGINE_set_default_DSA(e);
+ ENGINE_set_default_ciphers(e);
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(e);
+ /* Release the structural reference from ENGINE_by_id() */
+ ENGINE_free(e);
+
+I<Automatically using builtin ENGINE implementations>
+
+Here we'll assume we want to load and register all ENGINE implementations
+bundled with OpenSSL, such that for any cryptographic algorithm required by
+OpenSSL - if there is an ENGINE that implements it and can be initialise,
+it should be used. The following code illustrates how this can work;
+
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
+
+That's all that's required. Eg. the next time OpenSSL tries to set up an
+RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
+ENGINE_init() and if any of those succeed, that ENGINE will be set as the
+default for use with RSA from then on.
+
+=head2 Advanced configuration support
+
+There is a mechanism supported by the ENGINE framework that allows each
+ENGINE implementation to define an arbitrary set of configuration
+"commands" and expose them to OpenSSL and any applications based on
+OpenSSL. This mechanism is entirely based on the use of name-value pairs
+and and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
+applications want to provide a transparent way for users to provide
+arbitrary configuration "directives" directly to such ENGINEs. It is also
+possible for the application to dynamically interrogate the loaded ENGINE
+implementations for the names, descriptions, and input flags of their
+available "control commands", providing a more flexible configuration
+scheme. However, if the user is expected to know which ENGINE device he/she
+is using (in the case of specialised hardware, this goes without saying)
+then applications may not need to concern themselves with discovering the
+supported control commands and simply prefer to allow settings to passed
+into ENGINEs exactly as they are provided by the user.
+
+Before illustrating how control commands work, it is worth mentioning what
+they are typically used for. Broadly speaking there are two uses for
+control commands; the first is to provide the necessary details to the
+implementation (which may know nothing at all specific to the host system)
+so that it can be initialised for use. This could include the path to any
+driver or config files it needs to load, required network addresses,
+smart-card identifiers, passwords to initialise password-protected devices,
+logging information, etc etc. This class of commands typically needs to be
+passed to an ENGINE B<before> attempting to initialise it, ie. before
+calling ENGINE_init(). The other class of commands consist of settings or
+operations that tweak certain behaviour or cause certain operations to take
+place, and these commands may work either before or after ENGINE_init(), or
+in same cases both. ENGINE implementations should provide indications of
+this in the descriptions attached to builtin control commands and/or in
+external product documentation.
+
+I<Issuing control commands to an ENGINE>
+
+Let's illustrate by example; a function for which the caller supplies the
+name of the ENGINE it wishes to use, a table of string-pairs for use before
+initialisation, and another table for use after initialisation. Note that
+the string-pairs used for control commands consist of a command "name"
+followed by the command "parameter" - the parameter could be NULL in some
+cases but the name can not. This function should initialise the ENGINE
+(issuing the "pre" commands beforehand and the "post" commands afterwards)
+and set it as the default for everything except RAND and then return a
+boolean success or failure.
+
+ int generic_load_engine_fn(const char *engine_id,
+                            const char **pre_cmds, int pre_num,
+                            const char **post_cmds, int post_num)
+ {
+     ENGINE *e = ENGINE_by_id(engine_id);
+     if(!e) return 0;
+     while(pre_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+             ENGINE_free(e);
+             return 0;
+         }
+         pre_cmds += 2;
+     }
+     if(!ENGINE_init(e)) {
+         fprintf(stderr, "Failed initialisation\n");
+         ENGINE_free(e);
+         return 0;
+     }
+     /* ENGINE_init() returned a functional reference, so free the structural
+      * reference from ENGINE_by_id(). */
+     ENGINE_free(e);
+     while(post_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+             ENGINE_finish(e);
+             return 0;
+         }
+         post_cmds += 2;
+     }
+     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+     /* Success */
+     return 1;
+ }
+
+Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
+relax the semantics of the function - if set non-zero it will only return
+failure if the ENGINE supported the given command name but failed while
+executing it, if the ENGINE doesn't support the command name it will simply
+return success without doing anything. In this case we assume the user is
+only supplying commands specific to the given ENGINE so we set this to
+FALSE.
+
+I<Discovering supported control commands>
+
+It is possible to discover at run-time the names, numerical-ids, descriptions
+and input parameters of the control commands supported from a structural
+reference to any ENGINE. It is first important to note that some control
+commands are defined by OpenSSL itself and it will intercept and handle these
+control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not
+used for the control command. openssl/engine.h defines a symbol,
+ENGINE_CMD_BASE, that all control commands implemented by ENGINEs from. Any
+command value lower than this symbol is considered a "generic" command is
+handled directly by the OpenSSL core routines.
+
+It is using these "core" control commands that one can discover the the control
+commands implemented by a given ENGINE, specifically the commands;
+
+ #define ENGINE_HAS_CTRL_FUNCTION               10
+ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE         11
+ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE          12
+ #define ENGINE_CTRL_GET_CMD_FROM_NAME          13
+ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD      14
+ #define ENGINE_CTRL_GET_NAME_FROM_CMD          15
+ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD      16
+ #define ENGINE_CTRL_GET_DESC_FROM_CMD          17
+ #define ENGINE_CTRL_GET_CMD_FLAGS              18
+
+Whilst these commands are automatically processed by the OpenSSL framework code,
+they use various properties exposed by each ENGINE by which to process these
+queries. An ENGINE has 3 properties it exposes that can affect this behaviour;
+it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
+the ENGINE's flags, and it can expose an array of control command descriptions.
+If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
+simply pass all these "core" control commands directly to the ENGINE's ctrl()
+handler (and thus, it must have supplied one), so it is up to the ENGINE to
+reply to these "discovery" commands itself. If that flag is not set, then the
+OpenSSL framework code will work with the following rules;
+
+ if no ctrl() handler supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+     all other commands fail.
+ if a ctrl() handler was supplied but no array of control commands;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands fail.
+ if a ctrl() handler and array of control commands was supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands proceed processing ...
+
+If the ENGINE's array of control commands is empty then all other commands will
+fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
+the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
+identifier of a command supported by the ENGINE and returns the next command
+identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
+name for a command and returns the corresponding identifier or fails if no such
+command name exists, and the remaining commands take a command identifier and
+return properties of the corresponding commands. All except
+ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
+or populate a supplied character buffer with a copy of the command name or
+description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
+possible values;
+
+ #define ENGINE_CMD_FLAG_NUMERIC                (unsigned int)0x0001
+ #define ENGINE_CMD_FLAG_STRING                 (unsigned int)0x0002
+ #define ENGINE_CMD_FLAG_NO_INPUT               (unsigned int)0x0004
+ #define ENGINE_CMD_FLAG_INTERNAL               (unsigned int)0x0008
+
+If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
+informational to the caller - this flag will prevent the command being usable
+for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
+"INTERNAL" commands are not intended to be exposed to text-based configuration
+by applications, administrations, users, etc. These can support arbitrary
+operations via ENGINE_ctrl(), including passing to and/or from the control
+commands data of any arbitrary type. These commands are supported in the
+discovery mechanisms simply to allow applications determinie if an ENGINE
+supports certain specific commands it might want to use (eg. application "foo"
+might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
+and ENGINE could therefore decide whether or not to support this "foo"-specific
+extension).
+
+=head2 Future developments
+
+The ENGINE API and internal architecture is currently being reviewed. Slated for
+possible release in 0.9.8 is support for transparent loading of "dynamic"
+ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
+implementations to be provided independantly of OpenSSL libraries and/or
+OpenSSL-based applications, and would also remove any requirement for
+applications to explicitly use the "dynamic" ENGINE to bind to shared-library
+implementations.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
+
+=cut
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod
new file mode 100644
index 0000000000..b3ca14314f
--- /dev/null
+++ b/src/lib/libcrypto/doc/evp.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+evp - high-level cryptographic functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+=head1 DESCRIPTION
+
+The EVP library provides a high-level interface to cryptographic
+functions.
+
+B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
+and decryption to implement digital "envelopes".
+
+The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
+digital signatures.
+
+Symmetric encryption is available with the B<EVP_Encrypt>I<...>
+functions.  The B<EVP_Digest>I<...> functions provide message digests.
+
+Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+
+All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+modules providing alternative implementations. If ENGINE implementations of
+ciphers or digests are registered as defaults, then the various EVP functions
+will automatically use those implementations automatically in preference to
+built in software implementations. For more information, consult the engine(3)
+man page.
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
+
+=cut
diff --git a/src/lib/libcrypto/doc/lh_stats.pod b/src/lib/libcrypto/doc/lh_stats.pod
new file mode 100644
index 0000000000..3eeaa72e52
--- /dev/null
+++ b/src/lib/libcrypto/doc/lh_stats.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
+
+=head1 SYNOPSIS
+
+ #include <openssl/lhash.h>
+
+ void lh_stats(LHASH *table, FILE *out);
+ void lh_node_stats(LHASH *table, FILE *out);
+ void lh_node_usage_stats(LHASH *table, FILE *out);
+
+ void lh_stats_bio(LHASH *table, BIO *out);
+ void lh_node_stats_bio(LHASH *table, BIO *out);
+ void lh_node_usage_stats_bio(LHASH *table, BIO *out);
+
+=head1 DESCRIPTION
+
+The B<LHASH> structure records statistics about most aspects of
+accessing the hash table.  This is mostly a legacy of Eric Young
+writing this library for the reasons of implementing what looked like
+a nice algorithm rather than for a particular software product.
+
+lh_stats() prints out statistics on the size of the hash table, how
+many entries are in it, and the number and result of calls to the
+routines in this library.
+
+lh_node_stats() prints the number of entries for each 'bucket' in the
+hash table.
+
+lh_node_usage_stats() prints out a short summary of the state of the
+hash table.  It prints the 'load' and the 'actual load'.  The load is
+the average number of data items per 'bucket' in the hash table.  The
+'actual load' is the average number of items per 'bucket', but only
+for buckets which contain entries.  So the 'actual load' is the
+average number of searches that will need to find an item in the hash
+table, while the 'load' is the average number that will be done to
+record a miss.
+
+lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
+are the same as the above, except that the output goes to a B<BIO>.
+
+=head1 RETURN VALUES
+
+These functions do not return values.
+
+=head1 SEE ALSO
+
+L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
+
+=head1 HISTORY
+
+These functions are available in all versions of SSLeay and OpenSSL.
+
+This manpage is derived from the SSLeay documentation.
+
+=cut
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod
new file mode 100644
index 0000000000..45ac53ffc1
--- /dev/null
+++ b/src/lib/libcrypto/doc/rsa.pod
@@ -0,0 +1,123 @@
+=pod
+
+=head1 NAME
+
+rsa - RSA public key cryptosystem
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+ #include <openssl/engine.h>
+
+ RSA * RSA_new(void);
+ void RSA_free(RSA *rsa);
+
+ int RSA_public_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa,int padding);
+
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+ int RSA_size(const RSA *rsa);
+
+ RSA *RSA_generate_key(int num, unsigned long e,
+    void (*callback)(int,int,void *), void *cb_arg);
+
+ int RSA_check_key(RSA *rsa);
+
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+ void RSA_blinding_off(RSA *rsa);
+
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_method(const RSA *rsa);
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+ RSA_METHOD *RSA_null_method(void);
+ int RSA_flags(const RSA *rsa);
+ RSA *RSA_new_method(ENGINE *engine);
+
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+ int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+    int (*dup_func)(), void (*free_func)());
+ int RSA_set_ex_data(RSA *r,int idx,char *arg);
+ char *RSA_get_ex_data(RSA *r, int idx);
+
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+    RSA *rsa);
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+    RSA *rsa);
+
+=head1 DESCRIPTION
+
+These functions implement RSA public key encryption and signatures
+as defined in PKCS #1 v2.0 [RFC 2437].
+
+The B<RSA> structure consists of several BIGNUM components. It can
+contain public as well as private RSA keys:
+
+ struct
+        {
+        BIGNUM *n;              // public modulus
+        BIGNUM *e;              // public exponent
+        BIGNUM *d;              // private exponent
+        BIGNUM *p;              // secret prime factor
+        BIGNUM *q;              // secret prime factor
+        BIGNUM *dmp1;           // d mod (p-1)
+        BIGNUM *dmq1;           // d mod (q-1)
+        BIGNUM *iqmp;           // q^-1 mod p
+        // ...
+        };
+ RSA
+
+In public keys, the private exponent and the related secret values are
+B<NULL>.
+
+B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
+keys, but the RSA operations are much faster when these values are
+available.
+
+Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using RSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 PATENTS
+
+RSA was covered by a US patent which expired in September 2000.
+
+=head1 SEE ALSO
+
+L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_check_key(3)|RSA_check_key(3)>,
+L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
+L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
+L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+
+=cut
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..e5f8a8cf51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -0,0 +1,171 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
new file mode 100644
index 0000000000..225ff391f9
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -0,0 +1,254 @@
+/* crypto/dsa/dsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
+ * work and I have just tweaked them a little to fit into my
+ * stylistic vision for SSLeay :-) */
+
+#ifndef HEADER_DSA_H
+#define HEADER_DSA_H
+
+#ifdef OPENSSL_NO_DSA
+#error DSA is disabled.
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+#define DSA_FLAG_CACHE_MONT_P   0x01
+
+#if defined(OPENSSL_FIPS)
+#define FIPS_DSA_SIZE_T int
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct dsa_st DSA;
+
+typedef struct DSA_SIG_st
+        {
+        BIGNUM *r;
+        BIGNUM *s;
+        } DSA_SIG;
+
+typedef struct dsa_method {
+        const char *name;
+        DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
+        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                                                BIGNUM **rp);
+        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+                                                        DSA_SIG *sig, DSA *dsa);
+        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                        BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *in_mont);
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx); /* Can be null */
+        int (*init)(DSA *dsa);
+        int (*finish)(DSA *dsa);
+        int flags;
+        char *app_data;
+} DSA_METHOD;
+
+struct dsa_st
+        {
+        /* This first variable is used to pick up errors where
+         * a DSA is passed instead of of a EVP_PKEY */
+        int pad;
+        long version;
+        int write_params;
+        BIGNUM *p;
+        BIGNUM *q;      /* == 20 */
+        BIGNUM *g;
+
+        BIGNUM *pub_key;  /* y public key */
+        BIGNUM *priv_key; /* x private key */
+
+        BIGNUM *kinv;   /* Signing pre-calc */
+        BIGNUM *r;      /* Signing pre-calc */
+
+        int flags;
+        /* Normally used to cache montgomery values */
+        char *method_mont_p;
+        int references;
+        CRYPTO_EX_DATA ex_data;
+        const DSA_METHOD *meth;
+        /* functional reference if 'meth' is ENGINE-provided */
+        ENGINE *engine;
+        };
+
+#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
+                (char *(*)())d2i_DSAparams,(char *)(x))
+#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
+#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
+                (unsigned char *)(x))
+
+
+DSA_SIG * DSA_SIG_new(void);
+void    DSA_SIG_free(DSA_SIG *a);
+int     i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
+int     DSA_do_verify(const unsigned char *dgst,int dgst_len,
+                      DSA_SIG *sig,DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void    DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int     DSA_set_method(DSA *dsa, const DSA_METHOD *);
+
+DSA *   DSA_new(void);
+DSA *   DSA_new_method(ENGINE *engine);
+void    DSA_free (DSA *r);
+/* "up" the DSA object's reference count */
+int     DSA_up_ref(DSA *r);
+int     DSA_size(const DSA *);
+        /* next 4 return -1 on error */
+int     DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
+int     DSA_sign(int type,const unsigned char *dgst,int dlen,
+                unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int     DSA_verify(int type,const unsigned char *dgst,int dgst_len,
+                const unsigned char *sigbuf, int siglen, DSA *dsa);
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *   d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *   d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *   d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+DSA *   DSA_generate_parameters(int bits,
+                unsigned char *seed,int seed_len,
+                int *counter_ret, unsigned long *h_ret,void
+                (*callback)(int, int, void *),void *cb_arg);
+int     DSA_generate_key(DSA *a);
+int     i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int     i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int     i2d_DSAparams(const DSA *a,unsigned char **pp);
+
+#ifndef OPENSSL_NO_BIO
+int     DSAparams_print(BIO *bp, const DSA *x);
+int     DSA_print(BIO *bp, const DSA *x, int off);
+#endif
+#ifndef OPENSSL_NO_FP_API
+int     DSAparams_print_fp(FILE *fp, const DSA *x);
+int     DSA_print_fp(FILE *bp, const DSA *x, int off);
+#endif
+
+#define DSS_prime_checks 50
+/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
+ * 50 rounds of Rabin-Miller */
+#define DSA_is_prime(n, callback, cb_arg) \
+        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+#ifndef OPENSSL_NO_DH
+/* Convert DSA structure (key or just parameters) into DH structure
+ * (be careful to avoid small subgroup attacks when using this!) */
+DH *DSA_dup_DH(const DSA *r);
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSA_strings(void);
+
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+#define DSA_F_D2I_DSA_SIG                                110
+#define DSA_F_DSAPARAMS_PRINT                            100
+#define DSA_F_DSAPARAMS_PRINT_FP                         101
+#define DSA_F_DSA_DO_SIGN                                112
+#define DSA_F_DSA_DO_VERIFY                              113
+#define DSA_F_DSA_NEW_METHOD                             103
+#define DSA_F_DSA_PRINT                                  104
+#define DSA_F_DSA_PRINT_FP                               105
+#define DSA_F_DSA_SIGN                                   106
+#define DSA_F_DSA_SIGN_SETUP                             107
+#define DSA_F_DSA_SIG_NEW                                109
+#define DSA_F_DSA_VERIFY                                 108
+#define DSA_F_I2D_DSA_SIG                                111
+#define DSA_F_SIG_CB                                     114
+
+/* Reason codes. */
+#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
+#define DSA_R_MISSING_PARAMETERS                         101
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000000..23fce555aa
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -0,0 +1,140 @@
+/* dsa_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Override the default new methods */
+static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_PRE) {
+                DSA_SIG *sig;
+                sig = OPENSSL_malloc(sizeof(DSA_SIG));
+                sig->r = NULL;
+                sig->s = NULL;
+                *pval = (ASN1_VALUE *)sig;
+                if(sig) return 2;
+                DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_PRE) {
+                *pval = (ASN1_VALUE *)DSA_new();
+                if(*pval) return 2;
+                return 0;
+        } else if(operation == ASN1_OP_FREE_PRE) {
+                DSA_free((DSA *)*pval);
+                *pval = NULL;
+                return 2;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, version, LONG),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, priv_key, BIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
+
+/* DSA public key is a bit trickier... its effectively a CHOICE type
+ * decided by a field called write_params which can either write out
+ * just the public key as an INTEGER or the parameters and public key
+ * in a SEQUENCE
+ */
+
+ASN1_SEQUENCE(dsa_pub_internal) = {
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM)
+} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
+
+ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
+} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..79aa4ff526
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -0,0 +1,108 @@
+/* crypto/dsa/dsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA DSA_str_functs[]=
+        {
+{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0),       "d2i_DSA_SIG"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),   "DSAparams_print"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),        "DSAparams_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0),       "DSA_do_sign"},
+{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0),     "DSA_do_verify"},
+{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0),    "DSA_new_method"},
+{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
+{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),      "DSA_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_SIGN,0),  "DSA_sign"},
+{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),    "DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0),       "DSA_SIG_new"},
+{ERR_PACK(0,DSA_F_DSA_VERIFY,0),        "DSA_verify"},
+{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0),       "i2d_DSA_SIG"},
+{ERR_PACK(0,DSA_F_SIG_CB,0),    "SIG_CB"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA DSA_str_reasons[]=
+        {
+{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{DSA_R_MISSING_PARAMETERS                ,"missing parameters"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_DSA_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000..e40afeea51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -0,0 +1,305 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/* Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
+#define HASH    EVP_sha()
+#else
+/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
+ * FIPS PUB 180-1) */
+#define HASH    EVP_sha1()
+#endif 
+
+#ifndef OPENSSL_NO_SHA
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+#ifndef OPENSSL_FIPS
+DSA *DSA_generate_parameters(int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *),
+                void *cb_arg)
+        {
+        int ok=0;
+        unsigned char seed[SHA_DIGEST_LENGTH];
+        unsigned char md[SHA_DIGEST_LENGTH];
+        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+        BIGNUM *r0,*W,*X,*c,*test;
+        BIGNUM *g=NULL,*q=NULL,*p=NULL;
+        BN_MONT_CTX *mont=NULL;
+        int k,n=0,i,b,m=0;
+        int counter=0;
+        int r=0;
+        BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
+        unsigned int h=2;
+        DSA *ret=NULL;
+
+        if (bits < 512) bits=512;
+        bits=(bits+63)/64*64;
+
+        if (seed_len < 20)
+                seed_in = NULL; /* seed buffer too small -- ignore */
+        if (seed_len > 20) 
+                seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+                                * but our internal buffers are restricted to 160 bits*/
+        if ((seed_in != NULL) && (seed_len == 20))
+                memcpy(seed,seed_in,seed_len);
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        if ((ctx2=BN_CTX_new()) == NULL) goto err;
+        if ((ctx3=BN_CTX_new()) == NULL) goto err;
+        if ((ret=DSA_new()) == NULL) goto err;
+
+        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
+        BN_CTX_start(ctx2);
+        r0 = BN_CTX_get(ctx2);
+        g = BN_CTX_get(ctx2);
+        W = BN_CTX_get(ctx2);
+        q = BN_CTX_get(ctx2);
+        X = BN_CTX_get(ctx2);
+        c = BN_CTX_get(ctx2);
+        p = BN_CTX_get(ctx2);
+        test = BN_CTX_get(ctx2);
+        if (test == NULL) goto err;
+
+        if (!BN_lshift(test,BN_value_one(),bits-1)) goto err;
+
+        for (;;)
+                {
+                for (;;) /* find q */
+                        {
+                        int seed_is_random;
+
+                        /* step 1 */
+                        if (callback != NULL) callback(0,m++,cb_arg);
+
+                        if (!seed_len)
+                                {
+                                RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
+                                seed_is_random = 1;
+                                }
+                        else
+                                {
+                                seed_is_random = 0;
+                                seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
+                                }
+                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+                        /* precompute "SEED + 1" for step 7: */
+                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                {
+                                buf[i]++;
+                                if (buf[i] != 0) break;
+                                }
+
+                        /* step 2 */
+                        EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+                        EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
+                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                                md[i]^=buf2[i];
+
+                        /* step 3 */
+                        md[0]|=0x80;
+                        md[SHA_DIGEST_LENGTH-1]|=0x01;
+                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
+
+                        /* step 4 */
+                        r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
+                        if (r > 0)
+                                break;
+                        if (r != 0)
+                                goto err;
+
+                        /* do a callback call */
+                        /* step 5 */
+                        }
+
+                if (callback != NULL) callback(2,0,cb_arg);
+                if (callback != NULL) callback(3,0,cb_arg);
+
+                /* step 6 */
+                counter=0;
+                /* "offset = 2" */
+
+                n=(bits-1)/160;
+                b=(bits-1)-n*160;
+
+                for (;;)
+                        {
+                        if (callback != NULL && counter != 0)
+                                callback(0,counter,cb_arg);
+
+                        /* step 7 */
+                        if (!BN_zero(W)) goto err;
+                        /* now 'buf' contains "SEED + offset - 1" */
+                        for (k=0; k<=n; k++)
+                                {
+                                /* obtain "SEED + offset + k" by incrementing: */
+                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                        {
+                                        buf[i]++;
+                                        if (buf[i] != 0) break;
+                                        }
+
+                                EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+
+                                /* step 8 */
+                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+                                        goto err;
+                                if (!BN_lshift(r0,r0,160*k)) goto err;
+                                if (!BN_add(W,W,r0)) goto err;
+                                }
+
+                        /* more of step 8 */
+                        if (!BN_mask_bits(W,bits-1)) goto err;
+                        if (!BN_copy(X,W)) goto err;
+                        if (!BN_add(X,X,test)) goto err;
+
+                        /* step 9 */
+                        if (!BN_lshift1(r0,q)) goto err;
+                        if (!BN_mod(c,X,r0,ctx)) goto err;
+                        if (!BN_sub(r0,c,BN_value_one())) goto err;
+                        if (!BN_sub(p,X,r0)) goto err;
+
+                        /* step 10 */
+                        if (BN_cmp(p,test) >= 0)
+                                {
+                                /* step 11 */
+                                r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
+                                if (r > 0)
+                                                goto end; /* found it */
+                                if (r != 0)
+                                        goto err;
+                                }
+
+                        /* step 13 */
+                        counter++;
+                        /* "offset = offset + n + 1" */
+
+                        /* step 14 */
+                        if (counter >= 4096) break;
+                        }
+                }
+end:
+        if (callback != NULL) callback(2,1,cb_arg);
+
+        /* We now need to generate g */
+        /* Set r0=(p-1)/q */
+        if (!BN_sub(test,p,BN_value_one())) goto err;
+        if (!BN_div(r0,NULL,test,q,ctx)) goto err;
+
+        if (!BN_set_word(test,h)) goto err;
+        if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
+
+        for (;;)
+                {
+                /* g=test^r0%p */
+                if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
+                if (!BN_is_one(g)) break;
+                if (!BN_add(test,test,BN_value_one())) goto err;
+                h++;
+                }
+
+        if (callback != NULL) callback(3,1,cb_arg);
+
+        ok=1;
+err:
+        if (!ok)
+                {
+                if (ret != NULL) DSA_free(ret);
+                }
+        else
+                {
+                ret->p=BN_dup(p);
+                ret->q=BN_dup(q);
+                ret->g=BN_dup(g);
+                if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
+                        {
+                        ok=0;
+                        goto err;
+                        }
+                if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
+                if (counter_ret != NULL) *counter_ret=counter;
+                if (h_ret != NULL) *h_ret=h;
+                }
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (ctx2 != NULL)
+                {
+                BN_CTX_end(ctx2);
+                BN_CTX_free(ctx2);
+                }
+        if (ctx3 != NULL) BN_CTX_free(ctx3);
+        if (mont != NULL) BN_MONT_CTX_free(mont);
+        return(ok?ret:NULL);
+        }
+#endif /* ndef OPENSSL_FIPS */
+#endif /* ndef OPENSSL_NO_SHA */
+
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
new file mode 100644
index 0000000000..30607ca579
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -0,0 +1,107 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_SHA
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_FIPS
+int DSA_generate_key(DSA *dsa)
+        {
+        int ok=0;
+        BN_CTX *ctx=NULL;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if (dsa->priv_key == NULL)
+                {
+                if ((priv_key=BN_new()) == NULL) goto err;
+                }
+        else
+                priv_key=dsa->priv_key;
+
+        do
+                if (!BN_rand_range(priv_key,dsa->q)) goto err;
+        while (BN_is_zero(priv_key));
+
+        if (dsa->pub_key == NULL)
+                {
+                if ((pub_key=BN_new()) == NULL) goto err;
+                }
+        else
+                pub_key=dsa->pub_key;
+
+        if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+
+        dsa->priv_key=priv_key;
+        dsa->pub_key=pub_key;
+        ok=1;
+
+err:
+        if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+        if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ok);
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000..4171af24c6
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -0,0 +1,308 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+
+static const DSA_METHOD *default_DSA_method = NULL;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+        {
+        default_DSA_method = meth;
+        }
+
+const DSA_METHOD *DSA_get_default_method(void)
+        {
+        if(!default_DSA_method)
+                default_DSA_method = DSA_OpenSSL();
+        return default_DSA_method;
+        }
+
+DSA *DSA_new(void)
+        {
+        return DSA_new_method(NULL);
+        }
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
+        mtmp = dsa->meth;
+        if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+        if (dsa->engine)
+                {
+                ENGINE_finish(dsa->engine);
+                dsa->engine = NULL;
+                }
+#endif
+        dsa->meth = meth;
+        if (meth->init) meth->init(dsa);
+        return 1;
+        }
+
+DSA *DSA_new_method(ENGINE *engine)
+        {
+        DSA *ret;
+
+        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
+        if (ret == NULL)
+                {
+                DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_DSA();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_DSA(ret->engine);
+                if(!ret->meth)
+                        {
+                        DSAerr(DSA_F_DSA_NEW_METHOD,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+
+        ret->pad=0;
+        ret->version=0;
+        ret->write_params=1;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->g=NULL;
+
+        ret->pub_key=NULL;
+        ret->priv_key=NULL;
+
+        ret->kinv=NULL;
+        ret->r=NULL;
+        ret->method_mont_p=NULL;
+
+        ret->references=1;
+        ret->flags=ret->meth->flags;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        
+        return(ret);
+        }
+
+void DSA_free(DSA *r)
+        {
+        int i;
+
+        if (r == NULL) return;
+
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+        REF_PRINT("DSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"DSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if(r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if(r->engine)
+                ENGINE_finish(r->engine);
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        if (r->kinv != NULL) BN_clear_free(r->kinv);
+        if (r->r != NULL) BN_clear_free(r->r);
+        OPENSSL_free(r);
+        }
+
+int DSA_up_ref(DSA *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+        REF_PRINT("DSA",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "DSA_up_ref, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+
+int DSA_size(const DSA *r)
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
+
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
+
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
+        }
+
+void *DSA_get_ex_data(DSA *d, int idx)
+        {
+        return(CRYPTO_get_ex_data(&d->ex_data,idx));
+        }
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
+        {
+        /* DSA has p, q, g, optional pub_key, optional priv_key.
+         * DH has p, optional length, g, optional pub_key, optional priv_key.
+         */ 
+
+        DH *ret = NULL;
+
+        if (r == NULL)
+                goto err;
+        ret = DH_new();
+        if (ret == NULL)
+                goto err;
+        if (r->p != NULL) 
+                if ((ret->p = BN_dup(r->p)) == NULL)
+                        goto err;
+        if (r->q != NULL)
+                ret->length = BN_num_bits(r->q);
+        if (r->g != NULL)
+                if ((ret->g = BN_dup(r->g)) == NULL)
+                        goto err;
+        if (r->pub_key != NULL)
+                if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+                        goto err;
+        if (r->priv_key != NULL)
+                if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+                        goto err;
+
+        return ret;
+
+ err:
+        if (ret != NULL)
+                DH_free(ret);
+        return NULL;
+        }
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..f1a85afcde
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,350 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+
+#ifndef OPENSSL_FIPS
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+
+static DSA_METHOD openssl_dsa_meth = {
+"OpenSSL DSA method",
+dsa_do_sign,
+dsa_sign_setup,
+dsa_do_verify,
+dsa_mod_exp,
+dsa_bn_mod_exp,
+dsa_init,
+dsa_finish,
+0,
+NULL
+};
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+        return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+        BIGNUM m;
+        BIGNUM xr;
+        BN_CTX *ctx=NULL;
+        int i,reason=ERR_R_BN_LIB;
+        DSA_SIG *ret=NULL;
+
+        BN_init(&m);
+        BN_init(&xr);
+
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                reason=DSA_R_MISSING_PARAMETERS;
+                goto err;
+                }
+
+        s=BN_new();
+        if (s == NULL) goto err;
+
+        i=BN_num_bytes(dsa->q); /* should be 20 */
+        if ((dlen > i) || (dlen > 50))
+                {
+                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+                goto err;
+                }
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+
+        if ((dsa->kinv == NULL) || (dsa->r == NULL))
+                {
+                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+                }
+        else
+                {
+                kinv=dsa->kinv;
+                dsa->kinv=NULL;
+                r=dsa->r;
+                dsa->r=NULL;
+                }
+
+        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+        /* Compute  s = inv(k) (m + xr) mod q */
+        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+        if (!BN_add(s, &xr, &m)) goto err;              /* s = m + xr */
+        if (BN_cmp(s,dsa->q) > 0)
+                BN_sub(s,s,dsa->q);
+        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+        ret=DSA_SIG_new();
+        if (ret == NULL) goto err;
+        ret->r = r;
+        ret->s = s;
+        
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_DO_SIGN,reason);
+                BN_free(r);
+                BN_free(s);
+                }
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_clear_free(&m);
+        BN_clear_free(&xr);
+        if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+            BN_clear_free(kinv);
+        return(ret);
+        }
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+        {
+        BN_CTX *ctx;
+        BIGNUM k,*kinv=NULL,*r=NULL;
+        int ret=0;
+
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+                return 0;
+                }
+
+        BN_init(&k);
+
+        if (ctx_in == NULL)
+                {
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+                }
+        else
+                ctx=ctx_in;
+
+        if ((r=BN_new()) == NULL) goto err;
+        kinv=NULL;
+
+        /* Get random k */
+        do
+                if (!BN_rand_range(&k, dsa->q)) goto err;
+        while (BN_is_zero(&k));
+
+        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+                {
+                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+                                dsa->p,ctx)) goto err;
+                }
+
+        /* Compute r = (g^k mod p) mod q */
+        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+        /* Compute  part of 's = inv(k) (m + xr) mod q' */
+        if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+
+        if (*kinvp != NULL) BN_clear_free(*kinvp);
+        *kinvp=kinv;
+        kinv=NULL;
+        if (*rp != NULL) BN_clear_free(*rp);
+        *rp=r;
+        ret=1;
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL) BN_clear_free(r);
+                }
+        if (ctx_in == NULL) BN_CTX_free(ctx);
+        if (kinv != NULL) BN_clear_free(kinv);
+        BN_clear_free(&k);
+        return(ret);
+        }
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+        {
+        BN_CTX *ctx;
+        BIGNUM u1,u2,t1;
+        BN_MONT_CTX *mont=NULL;
+        int ret = -1;
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+                return -1;
+                }
+
+        BN_init(&u1);
+        BN_init(&u2);
+        BN_init(&t1);
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+                {
+                ret = 0;
+                goto err;
+                }
+        if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+                {
+                ret = 0;
+                goto err;
+                }
+
+        /* Calculate W = inv(S) mod Q
+         * save W in u2 */
+        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+
+        /* save M in u1 */
+        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+
+        /* u1 = M * w mod q */
+        if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+
+        /* u2 = r * w mod q */
+        if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+                {
+                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+                                dsa->p,ctx)) goto err;
+                }
+        mont=(BN_MONT_CTX *)dsa->method_mont_p;
+
+#if 0
+        {
+        BIGNUM t2;
+
+        BN_init(&t2);
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+        BN_free(&t2);
+        }
+        /* let u1 = u1 mod q */
+        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+        {
+        if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+                                                dsa->p,ctx,mont)) goto err;
+        /* BN_copy(&u1,&t1); */
+        /* let u1 = u1 mod q */
+        if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+        }
+#endif
+        /* V is now in u1.  If the signature is correct, it will be
+         * equal to R. */
+        ret=(BN_ucmp(&u1, sig->r) == 0);
+
+        err:
+        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_free(&u1);
+        BN_free(&u2);
+        BN_free(&t1);
+        return(ret);
+        }
+
+static int dsa_init(DSA *dsa)
+{
+        dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+        return(1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+        if(dsa->method_mont_p)
+                BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+        return(1);
+}
+
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont)
+{
+        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+        
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx)
+{
+        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..3c9753bac3
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -0,0 +1,104 @@
+/* crypto/dsa/dsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !FIPS_dsa_check(dsa))
+                return NULL;
+#endif
+        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+        }
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+             unsigned int *siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        s=DSA_do_sign(dgst,dlen,dsa);
+        if (s == NULL)
+                {
+                *siglen=0;
+                return(0);
+                }
+        *siglen=i2d_DSA_SIG(s,&sig);
+        DSA_SIG_free(s);
+        return(1);
+        }
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !FIPS_dsa_check(dsa))
+                return 0;
+#endif
+        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..8ef0c45025
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -0,0 +1,102 @@
+/* crypto/dsa/dsa_vrf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !FIPS_dsa_check(dsa))
+                return -1;
+#endif
+        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+        }
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        int ret=-1;
+
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+        DSA_SIG_free(s);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index 55a3756aff..4734ce4af8 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -194,19 +194,10 @@ int main(int argc, char **argv)
                 BIO_printf(bio_err,"g value is wrong\n");
                 goto end;
                 }
-
-        dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
         DSA_generate_key(dsa);
         DSA_sign(0, str1, 20, sig, &siglen, dsa);
         if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
                 ret=1;
-
-        dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
-        DSA_generate_key(dsa);
-        DSA_sign(0, str1, 20, sig, &siglen, dsa);
-        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-                ret=1;
-
 end:
         if (!ret)
                 ERR_print_errors(bio_err);
diff --git a/src/lib/libcrypto/dso/Makefile.ssl b/src/lib/libcrypto/dso/Makefile.ssl
new file mode 100644
index 0000000000..c0449d184e
--- /dev/null
+++ b/src/lib/libcrypto/dso/Makefile.ssl
@@ -0,0 +1,142 @@
+#
+# SSLeay/crypto/dso/Makefile
+#
+
+DIR=    dso
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
+        dso_openssl.c dso_win32.c dso_vms.c
+LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
+        dso_openssl.o dso_win32.o dso_vms.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dso.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dl.c
+dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dlfcn.o: ../../include/openssl/opensslconf.h
+dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_dlfcn.o: ../cryptlib.h dso_dlfcn.c
+dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_err.o: ../../include/openssl/symhacks.h dso_err.c
+dso_lib.o: ../../e_os.h ../../include/openssl/bio.h
+dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_lib.c
+dso_null.o: ../../e_os.h ../../include/openssl/bio.h
+dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_null.o: ../../include/openssl/opensslconf.h
+dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_null.o: ../cryptlib.h dso_null.c
+dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_openssl.o: ../../include/openssl/opensslconf.h
+dso_openssl.o: ../../include/openssl/opensslv.h
+dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c
+dso_vms.o: ../../e_os.h ../../include/openssl/bio.h
+dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_vms.c
+dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
+dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_win32.o: ../../include/openssl/opensslconf.h
+dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_win32.o: ../cryptlib.h dso_win32.c
diff --git a/src/lib/libcrypto/dso/dso.h b/src/lib/libcrypto/dso/dso.h
new file mode 100644
index 0000000000..aa721f7feb
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso.h
@@ -0,0 +1,322 @@
+/* dso.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DSO_H
+#define HEADER_DSO_H
+
+#include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These values are used as commands to DSO_ctrl() */
+#define DSO_CTRL_GET_FLAGS      1
+#define DSO_CTRL_SET_FLAGS      2
+#define DSO_CTRL_OR_FLAGS       3
+
+/* By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform (more specifically the DSO_METHOD) using the
+ * dso_name_converter function of the method. Eg. win32 will transform "blah"
+ * into "blah.dll", and dlfcn will transform it into "libblah.so". The
+ * behaviour can be overriden by setting the name_converter callback in the DSO
+ * object (using DSO_set_name_converter()). This callback could even utilise
+ * the DSO_METHOD's converter too if it only wants to override behaviour for
+ * one or two possible DSO methods. However, the following flag can be set in a
+ * DSO to prevent *any* native name-translation at all - eg. if the caller has
+ * prompted the user for a path to a driver library so the filename should be
+ * interpreted as-is. */
+#define DSO_FLAG_NO_NAME_TRANSLATION            0x01
+/* An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and
+ * other operating systems where the translation also may prefix
+ * the name with something, like 'lib', and ignored everywhere else.
+ * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
+ * at the same time. */
+#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
+
+/* The following flag controls the translation of symbol names to upper
+ * case.  This is currently only being implemented for OpenVMS.
+ */
+#define DSO_FLAG_UPCASE_SYMBOL                  0x10
+
+
+typedef void (*DSO_FUNC_TYPE)(void);
+
+typedef struct dso_st DSO;
+
+/* The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure pointer
+ * (or NULL if they are to be used independantly of a DSO object) and a
+ * filename to transform. They should either return NULL (if there is an error
+ * condition) or a newly allocated string containing the transformed form that
+ * the caller will need to free with OPENSSL_free() when done. */
+typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+
+typedef struct dso_meth_st
+        {
+        const char *name;
+        /* Loads a shared library, NB: new DSO_METHODs must ensure that a
+         * successful load populates the loaded_filename field, and likewise a
+         * successful unload OPENSSL_frees and NULLs it out. */
+        int (*dso_load)(DSO *dso);
+        /* Unloads a shared library */
+        int (*dso_unload)(DSO *dso);
+        /* Binds a variable */
+        void *(*dso_bind_var)(DSO *dso, const char *symname);
+        /* Binds a function - assumes a return type of DSO_FUNC_TYPE.
+         * This should be cast to the real function prototype by the
+         * caller. Platforms that don't have compatible representations
+         * for different prototypes (this is possible within ANSI C)
+         * are highly unlikely to have shared libraries at all, let
+         * alone a DSO_METHOD implemented for them. */
+        DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);
+
+/* I don't think this would actually be used in any circumstances. */
+#if 0
+        /* Unbinds a variable */
+        int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);
+        /* Unbinds a function */
+        int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+#endif
+        /* The generic (yuck) "ctrl()" function. NB: Negative return
+         * values (rather than zero) indicate errors. */
+        long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
+        /* The default DSO_METHOD-specific function for converting filenames to
+         * a canonical native form. */
+        DSO_NAME_CONVERTER_FUNC dso_name_converter;
+
+        /* [De]Initialisation handlers. */
+        int (*init)(DSO *dso);
+        int (*finish)(DSO *dso);
+        } DSO_METHOD;
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st
+        {
+        DSO_METHOD *meth;
+        /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
+         * doesn't use anything but will need to cache the filename
+         * for use in the dso_bind handler. All in all, let each
+         * method control its own destiny. "Handles" and such go in
+         * a STACK. */
+        STACK *meth_data;
+        int references;
+        int flags;
+        /* For use by applications etc ... use this for your bits'n'pieces,
+         * don't touch meth_data! */
+        CRYPTO_EX_DATA ex_data;
+        /* If this callback function pointer is set to non-NULL, then it will
+         * be used on DSO_load() in place of meth->dso_name_converter. NB: This
+         * should normally set using DSO_set_name_converter(). */
+        DSO_NAME_CONVERTER_FUNC name_converter;
+        /* This is populated with (a copy of) the platform-independant
+         * filename used for this DSO. */
+        char *filename;
+        /* This is populated with (a copy of) the translated filename by which
+         * the DSO was actually loaded. It is NULL iff the DSO is not currently
+         * loaded. NB: This is here because the filename translation process
+         * may involve a callback being invoked more than once not only to
+         * convert to a platform-specific form, but also to try different
+         * filenames in the process of trying to perform a load. As such, this
+         * variable can be used to indicate (a) whether this DSO structure
+         * corresponds to a loaded library or not, and (b) the filename with
+         * which it was actually loaded. */
+        char *loaded_filename;
+        };
+
+
+DSO *   DSO_new(void);
+DSO *   DSO_new_method(DSO_METHOD *method);
+int     DSO_free(DSO *dso);
+int     DSO_flags(DSO *dso);
+int     DSO_up_ref(DSO *dso);
+long    DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/* This function sets the DSO's name_converter callback. If it is non-NULL,
+ * then it will be used instead of the associated DSO_METHOD's function. If
+ * oldcb is non-NULL then it is set to the function pointer value being
+ * replaced. Return value is non-zero for success. */
+int     DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+                                DSO_NAME_CONVERTER_FUNC *oldcb);
+/* These functions can be used to get/set the platform-independant filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded. */
+const char *DSO_get_filename(DSO *dso);
+int     DSO_set_filename(DSO *dso, const char *filename);
+/* This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
+ * caller-created DSO_METHODs can do the same thing. A non-NULL return value
+ * will need to be OPENSSL_free()'d. */
+char    *DSO_convert_filename(DSO *dso, const char *filename);
+/* If the DSO is currently loaded, this returns the filename that it was loaded
+ * under, otherwise it returns NULL. So it is also useful as a test as to
+ * whether the DSO is currently loaded. NB: This will not necessarily return
+ * the same value as DSO_convert_filename(dso, dso->filename), because the
+ * DSO_METHOD's load function may have tried a variety of filenames (with
+ * and/or without the aid of the converters) before settling on the one it
+ * actually loaded. */
+const char *DSO_get_loaded_filename(DSO *dso);
+
+void    DSO_set_default_method(DSO_METHOD *meth);
+DSO_METHOD *DSO_get_default_method(void);
+DSO_METHOD *DSO_get_method(DSO *dso);
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
+
+/* The all-singing all-dancing load function, you normally pass NULL
+ * for the first and third parameters. Use DSO_up and DSO_free for
+ * subsequent reference count handling. Any flags passed in will be set
+ * in the constructed DSO after its init() function but before the
+ * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a variable inside a shared library. */
+void *DSO_bind_var(DSO *dso, const char *symname);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/* This method is the default, but will beg, borrow, or steal whatever
+ * method should be the default on any particular platform (including
+ * DSO_METH_null() if necessary). */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/* This method is defined for all platforms - if a platform has no
+ * DSO support then this will be the only method! */
+DSO_METHOD *DSO_METHOD_null(void);
+
+/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
+ * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
+ * this method. If not, this method will return NULL. */
+DSO_METHOD *DSO_METHOD_dlfcn(void);
+
+/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, 
+ * shl_unload, shl_findsym, etc) will be used and incorporated into
+ * this method. If not, this method will return NULL. */
+DSO_METHOD *DSO_METHOD_dl(void);
+
+/* If WIN32 is defined, use DLLs. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_win32(void);
+
+/* If VMS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_vms(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSO_strings(void);
+
+/* Error codes for the DSO functions. */
+
+/* Function codes. */
+#define DSO_F_DLFCN_BIND_FUNC                            100
+#define DSO_F_DLFCN_BIND_VAR                             101
+#define DSO_F_DLFCN_LOAD                                 102
+#define DSO_F_DLFCN_NAME_CONVERTER                       123
+#define DSO_F_DLFCN_UNLOAD                               103
+#define DSO_F_DL_BIND_FUNC                               104
+#define DSO_F_DL_BIND_VAR                                105
+#define DSO_F_DL_LOAD                                    106
+#define DSO_F_DL_NAME_CONVERTER                          124
+#define DSO_F_DL_UNLOAD                                  107
+#define DSO_F_DSO_BIND_FUNC                              108
+#define DSO_F_DSO_BIND_VAR                               109
+#define DSO_F_DSO_CONVERT_FILENAME                       126
+#define DSO_F_DSO_CTRL                                   110
+#define DSO_F_DSO_FREE                                   111
+#define DSO_F_DSO_GET_FILENAME                           127
+#define DSO_F_DSO_GET_LOADED_FILENAME                    128
+#define DSO_F_DSO_LOAD                                   112
+#define DSO_F_DSO_NEW_METHOD                             113
+#define DSO_F_DSO_SET_FILENAME                           129
+#define DSO_F_DSO_SET_NAME_CONVERTER                     122
+#define DSO_F_DSO_UP_REF                                 114
+#define DSO_F_VMS_BIND_VAR                               115
+#define DSO_F_VMS_LOAD                                   116
+#define DSO_F_VMS_UNLOAD                                 117
+#define DSO_F_WIN32_BIND_FUNC                            118
+#define DSO_F_WIN32_BIND_VAR                             119
+#define DSO_F_WIN32_LOAD                                 120
+#define DSO_F_WIN32_NAME_CONVERTER                       125
+#define DSO_F_WIN32_UNLOAD                               121
+
+/* Reason codes. */
+#define DSO_R_CTRL_FAILED                                100
+#define DSO_R_DSO_ALREADY_LOADED                         110
+#define DSO_R_FILENAME_TOO_BIG                           101
+#define DSO_R_FINISH_FAILED                              102
+#define DSO_R_LOAD_FAILED                                103
+#define DSO_R_NAME_TRANSLATION_FAILED                    109
+#define DSO_R_NO_FILENAME                                111
+#define DSO_R_NULL_HANDLE                                104
+#define DSO_R_SET_FILENAME_FAILED                        112
+#define DSO_R_STACK_ERROR                                105
+#define DSO_R_SYM_FAILURE                                106
+#define DSO_R_UNLOAD_FAILED                              107
+#define DSO_R_UNSUPPORTED                                108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c
index f7b4dfc0c3..79d2cb4d8c 100644
--- a/src/lib/libcrypto/dso/dso_dl.c
+++ b/src/lib/libcrypto/dso/dso_dl.c
@@ -126,8 +126,7 @@ static int dl_load(DSO *dso)
                 DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
                 goto err;
                 }
-        ptr = shl_load(filename, BIND_IMMEDIATE |
-                (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
+        ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
         if(ptr == NULL)
                 {
                 DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -282,36 +281,4 @@ static char *dl_name_converter(DSO *dso, const char *filename)
         return(translated);
         }
 
-#ifdef OPENSSL_FIPS
-static void dl_ref_point(){}
-
-int DSO_pathbyaddr(void *addr,char *path,int sz)
-        {
-        struct shl_descriptor inf;
-        int i,len;
-
-        if (addr == NULL)
-                {
-                union { void(*f)(); void *p; } t = { dl_ref_point };
-                addr = t.p;
-                }
-
-        for (i=-1;shl_get_r(i,&inf)==0;i++)
-                {
-                if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
-                    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
-                        {
-                        len = (int)strlen(inf.filename);
-                        if (sz <= 0) return len+1;
-                        if (len >= sz) len=sz-1;
-                        memcpy(path,inf.filename,len);
-                        path[len++] = 0;
-                        return len;
-                        }
-                }
-
-        return -1;
-        }
-#endif
-
 #endif /* DSO_DL */
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
new file mode 100644
index 0000000000..2e72969431
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -0,0 +1,293 @@
+/* dso_dlfcn.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DLFCN
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+        {
+        return NULL;
+        }
+#else
+
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+/* Part of the hack in "dlfcn_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dlfcn_load(DSO *dso);
+static int dlfcn_unload(DSO *dso);
+static void *dlfcn_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
+#if 0
+static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
+static int dlfcn_init(DSO *dso);
+static int dlfcn_finish(DSO *dso);
+static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *dlfcn_name_converter(DSO *dso, const char *filename);
+
+static DSO_METHOD dso_meth_dlfcn = {
+        "OpenSSL 'dlfcn' shared library method",
+        dlfcn_load,
+        dlfcn_unload,
+        dlfcn_bind_var,
+        dlfcn_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        dlfcn_name_converter,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+        {
+        return(&dso_meth_dlfcn);
+        }
+
+/* Prior to using the dlopen() function, we should decide on the flag
+ * we send. There's a few different ways of doing this and it's a
+ * messy venn-diagram to match up which platforms support what. So
+ * as we don't have autoconf yet, I'm implementing a hack that could
+ * be hacked further relatively easily to deal with cases as we find
+ * them. Initially this is to cope with OpenBSD. */
+#if defined(__OpenBSD__) || defined(__NetBSD__)
+#       ifdef DL_LAZY
+#               define DLOPEN_FLAG DL_LAZY
+#       else
+#               ifdef RTLD_NOW
+#                       define DLOPEN_FLAG RTLD_NOW
+#               else
+#                       define DLOPEN_FLAG 0
+#               endif
+#       endif
+#else
+#       ifdef OPENSSL_SYS_SUNOS
+#               define DLOPEN_FLAG 1
+#       else
+#               define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+#       endif
+#endif
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) the handle (void*) returned from dlopen().
+ */
+
+static int dlfcn_load(DSO *dso)
+        {
+        void *ptr = NULL;
+        /* See applicable comments in dso_dl.c */
+        char *filename = DSO_convert_filename(dso, NULL);
+
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        ptr = dlopen(filename, DLOPEN_FLAG);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
+                ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+                goto err;
+                }
+        if(!sk_push(dso->meth_data, (char *)ptr))
+                {
+                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+        /* Success */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup! */
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        if(ptr != NULL)
+                dlclose(ptr);
+        return(0);
+}
+
+static int dlfcn_unload(DSO *dso)
+        {
+        void *ptr;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        ptr = (void *)sk_pop(dso->meth_data);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
+                /* Should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)ptr);
+                return(0);
+                }
+        /* For now I'm not aware of any errors associated with dlclose() */
+        dlclose(ptr);
+        return(1);
+        }
+
+static void *dlfcn_bind_var(DSO *dso, const char *symname)
+        {
+        void *ptr, *sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = dlsym(ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+        {
+        void *ptr;
+        DSO_FUNC_TYPE sym;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = (DSO_FUNC_TYPE)dlsym(ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+                return(NULL);
+                }
+        return(sym);
+        }
+
+static char *dlfcn_name_converter(DSO *dso, const char *filename)
+        {
+        char *translated;
+        int len, rsize, transform;
+
+        len = strlen(filename);
+        rsize = len + 1;
+        transform = (strstr(filename, "/") == NULL);
+        if(transform)
+                {
+                /* We will convert this to "%s.so" or "lib%s.so" */
+                rsize += 3;     /* The length of ".so" */
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        rsize += 3; /* The length of "lib" */
+                }
+        translated = OPENSSL_malloc(rsize);
+        if(translated == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
+                                DSO_R_NAME_TRANSLATION_FAILED);
+                return(NULL);
+                }
+        if(transform)
+                {
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        snprintf(translated, rsize, "lib%s.so", filename);
+                else
+                        snprintf(translated, rsize, "%s.so", filename);
+                }
+        else
+                snprintf(translated, rsize, "%s", filename);
+        return(translated);
+        }
+
+#endif /* DSO_DLFCN */
diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c
new file mode 100644
index 0000000000..cf452de1aa
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_err.c
@@ -0,0 +1,135 @@
+/* crypto/dso/dso_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dso.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA DSO_str_functs[]=
+        {
+{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0),   "DLFCN_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0),    "DLFCN_BIND_VAR"},
+{ERR_PACK(0,DSO_F_DLFCN_LOAD,0),        "DLFCN_LOAD"},
+{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0),      "DLFCN_NAME_CONVERTER"},
+{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0),      "DLFCN_UNLOAD"},
+{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0),      "DL_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_DL_BIND_VAR,0),       "DL_BIND_VAR"},
+{ERR_PACK(0,DSO_F_DL_LOAD,0),   "DL_LOAD"},
+{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"},
+{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"},
+{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0),     "DSO_bind_func"},
+{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0),      "DSO_bind_var"},
+{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0),      "DSO_convert_filename"},
+{ERR_PACK(0,DSO_F_DSO_CTRL,0),  "DSO_ctrl"},
+{ERR_PACK(0,DSO_F_DSO_FREE,0),  "DSO_free"},
+{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0),  "DSO_get_filename"},
+{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0),   "DSO_get_loaded_filename"},
+{ERR_PACK(0,DSO_F_DSO_LOAD,0),  "DSO_load"},
+{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0),    "DSO_new_method"},
+{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0),  "DSO_set_filename"},
+{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0),    "DSO_set_name_converter"},
+{ERR_PACK(0,DSO_F_DSO_UP_REF,0),        "DSO_up_ref"},
+{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0),      "VMS_BIND_VAR"},
+{ERR_PACK(0,DSO_F_VMS_LOAD,0),  "VMS_LOAD"},
+{ERR_PACK(0,DSO_F_VMS_UNLOAD,0),        "VMS_UNLOAD"},
+{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0),   "WIN32_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0),    "WIN32_BIND_VAR"},
+{ERR_PACK(0,DSO_F_WIN32_LOAD,0),        "WIN32_LOAD"},
+{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0),      "WIN32_NAME_CONVERTER"},
+{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0),      "WIN32_UNLOAD"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA DSO_str_reasons[]=
+        {
+{DSO_R_CTRL_FAILED                       ,"control command failed"},
+{DSO_R_DSO_ALREADY_LOADED                ,"dso already loaded"},
+{DSO_R_FILENAME_TOO_BIG                  ,"filename too big"},
+{DSO_R_FINISH_FAILED                     ,"cleanup method function failed"},
+{DSO_R_LOAD_FAILED                       ,"could not load the shared library"},
+{DSO_R_NAME_TRANSLATION_FAILED           ,"name translation failed"},
+{DSO_R_NO_FILENAME                       ,"no filename"},
+{DSO_R_NULL_HANDLE                       ,"a null shared library handle was used"},
+{DSO_R_SET_FILENAME_FAILED               ,"set filename failed"},
+{DSO_R_STACK_ERROR                       ,"the meth_data stack is corrupt"},
+{DSO_R_SYM_FAILURE                       ,"could not bind to the requested symbol name"},
+{DSO_R_UNLOAD_FAILED                     ,"could not unload the shared library"},
+{DSO_R_UNSUPPORTED                       ,"functionality not supported"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_DSO_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_DSO,DSO_str_functs);
+                ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
new file mode 100644
index 0000000000..48d9fdb25e
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -0,0 +1,439 @@
+/* dso_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+DSO *DSO_new(void)
+        {
+        return(DSO_new_method(NULL));
+        }
+
+void DSO_set_default_method(DSO_METHOD *meth)
+        {
+        default_DSO_meth = meth;
+        }
+
+DSO_METHOD *DSO_get_default_method(void)
+        {
+        return(default_DSO_meth);
+        }
+
+DSO_METHOD *DSO_get_method(DSO *dso)
+        {
+        return(dso->meth);
+        }
+
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
+        {
+        DSO_METHOD *mtmp;
+        mtmp = dso->meth;
+        dso->meth = meth;
+        return(mtmp);
+        }
+
+DSO *DSO_new_method(DSO_METHOD *meth)
+        {
+        DSO *ret;
+
+        if(default_DSO_meth == NULL)
+                /* We default to DSO_METH_openssl() which in turn defaults
+                 * to stealing the "best available" method. Will fallback
+                 * to DSO_METH_null() in the worst case. */
+                default_DSO_meth = DSO_METHOD_openssl();
+        ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
+        if(ret == NULL)
+                {
+                DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memset(ret, 0, sizeof(DSO));
+        ret->meth_data = sk_new_null();
+        if(ret->meth_data == NULL)
+                {
+                /* sk_new doesn't generate any errors so we do */
+                DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(ret);
+                return(NULL);
+                }
+        if(meth == NULL)
+                ret->meth = default_DSO_meth;
+        else
+                ret->meth = meth;
+        ret->references = 1;
+        if((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+int DSO_free(DSO *dso)
+        {
+        int i;
+ 
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+ 
+        i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
+#ifdef REF_PRINT
+        REF_PRINT("DSO",dso);
+#endif
+        if(i > 0) return(1);
+#ifdef REF_CHECK
+        if(i < 0)
+                {
+                fprintf(stderr,"DSO_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
+                {
+                DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
+                return(0);
+                }
+ 
+        if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
+                {
+                DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
+                return(0);
+                }
+        
+        sk_free(dso->meth_data);
+        if(dso->filename != NULL)
+                OPENSSL_free(dso->filename);
+        if(dso->loaded_filename != NULL)
+                OPENSSL_free(dso->loaded_filename);
+ 
+        OPENSSL_free(dso);
+        return(1);
+        }
+
+int DSO_flags(DSO *dso)
+        {
+        return((dso == NULL) ? 0 : dso->flags);
+        }
+
+
+int DSO_up_ref(DSO *dso)
+        {
+        if (dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+
+        CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);
+        return(1);
+        }
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+        {
+        DSO *ret;
+        int allocated = 0;
+
+        if(dso == NULL)
+                {
+                ret = DSO_new_method(meth);
+                if(ret == NULL)
+                        {
+                        DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                allocated = 1;
+                /* Pass the provided flags to the new DSO object */
+                if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
+                        {
+                        DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
+                        goto err;
+                        }
+                }
+        else
+                ret = dso;
+        /* Don't load if we're currently already loaded */
+        if(ret->filename != NULL)
+                {
+                DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);
+                goto err;
+                }
+        /* filename can only be NULL if we were passed a dso that already has
+         * one set. */
+        if(filename != NULL)
+                if(!DSO_set_filename(ret, filename))
+                        {
+                        DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);
+                        goto err;
+                        }
+        filename = ret->filename;
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        if(ret->meth->dso_load == NULL)
+                {
+                DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
+                goto err;
+                }
+        if(!ret->meth->dso_load(ret))
+                {
+                DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
+                goto err;
+                }
+        /* Load succeeded */
+        return(ret);
+err:
+        if(allocated)
+                DSO_free(ret);
+        return(NULL);
+        }
+
+void *DSO_bind_var(DSO *dso, const char *symname)
+        {
+        void *ret = NULL;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(dso->meth->dso_bind_var == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);
+                return(NULL);
+                }
+        if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        /* Success */
+        return(ret);
+        }
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+        {
+        DSO_FUNC_TYPE ret = NULL;
+
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(dso->meth->dso_bind_func == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);
+                return(NULL);
+                }
+        if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)
+                {
+                DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);
+                return(NULL);
+                }
+        /* Success */
+        return(ret);
+        }
+
+/* I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for
+ * any error because possible DSO_ctrl() commands may return values
+ * such as "size"s that can legitimately be zero (making the standard
+ * "if(DSO_cmd(...))" form that works almost everywhere else fail at
+ * odd times. I'd prefer "output" values to be passed by reference and
+ * the return value as success/failure like usual ... but we conform
+ * when we must... :-) */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return(-1);
+                }
+        /* We should intercept certain generic commands and only pass control
+         * to the method-specific ctrl() function if it's something we don't
+         * handle. */
+        switch(cmd)
+                {
+        case DSO_CTRL_GET_FLAGS:
+                return dso->flags;
+        case DSO_CTRL_SET_FLAGS:
+                dso->flags = (int)larg;
+                return(0);
+        case DSO_CTRL_OR_FLAGS:
+                dso->flags |= (int)larg;
+                return(0);
+        default:
+                break;
+                }
+        if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
+                {
+                DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
+                return(-1);
+                }
+        return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
+        }
+
+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+                        DSO_NAME_CONVERTER_FUNC *oldcb)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(oldcb)
+                *oldcb = dso->name_converter;
+        dso->name_converter = cb;
+        return(1);
+        }
+
+const char *DSO_get_filename(DSO *dso)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        return(dso->filename);
+        }
+
+int DSO_set_filename(DSO *dso, const char *filename)
+        {
+        char *copied;
+
+        if((dso == NULL) || (filename == NULL))
+                {
+                DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(dso->loaded_filename)
+                {
+                DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);
+                return(0);
+                }
+        /* We'll duplicate filename */
+        copied = OPENSSL_malloc(strlen(filename) + 1);
+        if(copied == NULL)
+                {
+                DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        BUF_strlcpy(copied, filename, strlen(filename) + 1);
+        if(dso->filename)
+                OPENSSL_free(dso->filename);
+        dso->filename = copied;
+        return(1);
+        }
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+        {
+        char *result = NULL;
+
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(filename == NULL)
+                filename = dso->filename;
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
+                return(NULL);
+                }
+        if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
+                {
+                if(dso->name_converter != NULL)
+                        result = dso->name_converter(dso, filename);
+                else if(dso->meth->dso_name_converter != NULL)
+                        result = dso->meth->dso_name_converter(dso, filename);
+                }
+        if(result == NULL)
+                {
+                result = OPENSSL_malloc(strlen(filename) + 1);
+                if(result == NULL)
+                        {
+                        DSOerr(DSO_F_DSO_CONVERT_FILENAME,
+                                        ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                BUF_strlcpy(result, filename, strlen(filename) + 1);
+                }
+        return(result);
+        }
+
+const char *DSO_get_loaded_filename(DSO *dso)
+        {
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        return(dso->loaded_filename);
+        }
diff --git a/src/lib/libcrypto/dso/dso_null.c b/src/lib/libcrypto/dso/dso_null.c
new file mode 100644
index 0000000000..fa13a7cb0f
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_null.c
@@ -0,0 +1,86 @@
+/* dso_null.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* This "NULL" method is provided as the fallback for systems that have
+ * no appropriate support for "shared-libraries". */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD dso_meth_null = {
+        "NULL shared library method",
+        NULL, /* load */
+        NULL, /* unload */
+        NULL, /* bind_var */
+        NULL, /* bind_func */
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        NULL, /* init */
+        NULL  /* finish */
+        };
+
+DSO_METHOD *DSO_METHOD_null(void)
+        {
+        return(&dso_meth_null);
+        }
+
diff --git a/src/lib/libcrypto/dso/dso_openssl.c b/src/lib/libcrypto/dso/dso_openssl.c
new file mode 100644
index 0000000000..a4395ebffe
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_openssl.c
@@ -0,0 +1,81 @@
+/* dso_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+/* We just pinch the method from an appropriate "default" method. */
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+        {
+#ifdef DEF_DSO_METHOD
+        return(DEF_DSO_METHOD());
+#elif defined(DSO_DLFCN)
+        return(DSO_METHOD_dlfcn());
+#elif defined(DSO_DL)
+        return(DSO_METHOD_dl());
+#elif defined(DSO_WIN32)
+        return(DSO_METHOD_win32());
+#elif defined(DSO_VMS)
+        return(DSO_METHOD_vms());
+#else
+        return(DSO_METHOD_null());
+#endif
+        }
+
diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c
index cc4ac68696..3fa90eb27c 100644
--- a/src/lib/libcrypto/dso/dso_win32.c
+++ b/src/lib/libcrypto/dso/dso_win32.c
@@ -68,25 +68,6 @@ DSO_METHOD *DSO_METHOD_win32(void)
         }
 #else
 
-#ifdef _WIN32_WCE
-# if _WIN32_WCE < 300
-static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
-        {
-        WCHAR lpProcNameW[64];
-        int i;
-
-        for (i=0;lpProcName[i] && i<64;i++)
-                lpProcNameW[i] = (WCHAR)lpProcName[i];
-        if (i==64) return NULL;
-        lpProcNameW[i] = 0;
-
-        return GetProcAddressW(hModule,lpProcNameW);
-        }
-# endif
-# undef GetProcAddress
-# define GetProcAddress GetProcAddressA
-#endif
-
 /* Part of the hack in "win32_load" ... */
 #define DSO_MAX_TRANSLATED_SIZE 256
 
@@ -141,7 +122,7 @@ static int win32_load(DSO *dso)
                 DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
                 goto err;
                 }
-        h = LoadLibraryA(filename);
+        h = LoadLibrary(filename);
         if(h == NULL)
                 {
                 DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
diff --git a/src/lib/libcrypto/ec/Makefile.ssl b/src/lib/libcrypto/ec/Makefile.ssl
new file mode 100644
index 0000000000..a2805c47a2
--- /dev/null
+++ b/src/lib/libcrypto/ec/Makefile.ssl
@@ -0,0 +1,128 @@
+#
+# crypto/ec/Makefile
+#
+
+DIR=    ec
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ectest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \
+        ec_err.c
+
+LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \
+        ec_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ec.h
+HEADER= ec_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
+ec_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_err.o: ec_err.c
+ec_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_lib.o: ec_lcl.h ec_lib.c
+ec_mult.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_mult.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_mult.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_mult.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_mult.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_mult.o: ec_lcl.h ec_mult.c
+ecp_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_mont.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_mont.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_mont.o: ec_lcl.h ecp_mont.c
+ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_nist.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_recp.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c
+ecp_smpl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_smpl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_smpl.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_smpl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_smpl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_smpl.o: ec_lcl.h ecp_smpl.c
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
new file mode 100644
index 0000000000..6d6a9b7127
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec.h
@@ -0,0 +1,243 @@
+/* crypto/ec/ec.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_EC_H
+#define HEADER_EC_H
+
+#ifdef OPENSSL_NO_EC
+#error EC is disabled.
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+typedef enum {
+        /* values as defined in X9.62 (ECDSA) and elsewhere */
+        POINT_CONVERSION_COMPRESSED = 2,
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+
+typedef struct ec_method_st EC_METHOD;
+
+typedef struct ec_group_st
+        /*
+         EC_METHOD *meth;
+         -- field definition
+         -- curve coefficients
+         -- optional generator with associated information (order, cofactor)
+         -- optional extra data (TODO: precomputed table for fast computation of multiples of generator)
+        */
+        EC_GROUP;
+
+typedef struct ec_point_st EC_POINT;
+
+
+/* EC_METHODs for curves over GF(p).
+ * EC_GFp_simple_method provides the basis for the optimized methods.
+ */
+const EC_METHOD *EC_GFp_simple_method(void);
+const EC_METHOD *EC_GFp_mont_method(void);
+#if 0
+const EC_METHOD *EC_GFp_recp_method(void); /* TODO */
+const EC_METHOD *EC_GFp_nist_method(void); /* TODO */
+#endif
+
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *);
+void EC_GROUP_free(EC_GROUP *);
+void EC_GROUP_clear_free(EC_GROUP *);
+int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
+        
+
+/* We don't have types for field specifications and field elements in general.
+ * Otherwise we could declare
+ *     int EC_GROUP_set_curve(EC_GROUP *, .....);
+ */
+int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+
+/* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp()
+ * after choosing an appropriate EC_METHOD */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+
+int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+
+EC_POINT *EC_POINT_new(const EC_GROUP *);
+void EC_POINT_free(EC_POINT *);
+void EC_POINT_clear_free(EC_POINT *);
+int EC_POINT_copy(EC_POINT *, const EC_POINT *);
+ 
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
+
+int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+        BIGNUM *x, BIGNUM *y, BN_CTX *);
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, int y_bit, BN_CTX *);
+
+size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *);
+int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
+        const unsigned char *buf, size_t len, BN_CTX *);
+
+int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+
+int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+
+int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+
+
+int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
+int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
+int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
+
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_EC_strings(void);
+
+/* Error codes for the EC functions. */
+
+/* Function codes. */
+#define EC_F_COMPUTE_WNAF                                143
+#define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
+#define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
+#define EC_F_EC_GFP_MONT_FIELD_MUL                       131
+#define EC_F_EC_GFP_MONT_FIELD_SQR                       132
+#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP           100
+#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR           101
+#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
+#define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
+#define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
+#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
+#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
+#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
+#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
+#define EC_F_EC_GROUP_COPY                               106
+#define EC_F_EC_GROUP_GET0_GENERATOR                     139
+#define EC_F_EC_GROUP_GET_COFACTOR                       140
+#define EC_F_EC_GROUP_GET_CURVE_GFP                      130
+#define EC_F_EC_GROUP_GET_ORDER                          141
+#define EC_F_EC_GROUP_NEW                                108
+#define EC_F_EC_GROUP_PRECOMPUTE_MULT                    142
+#define EC_F_EC_GROUP_SET_CURVE_GFP                      109
+#define EC_F_EC_GROUP_SET_EXTRA_DATA                     110
+#define EC_F_EC_GROUP_SET_GENERATOR                      111
+#define EC_F_EC_POINTS_MAKE_AFFINE                       136
+#define EC_F_EC_POINTS_MUL                               138
+#define EC_F_EC_POINT_ADD                                112
+#define EC_F_EC_POINT_CMP                                113
+#define EC_F_EC_POINT_COPY                               114
+#define EC_F_EC_POINT_DBL                                115
+#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
+#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
+#define EC_F_EC_POINT_IS_AT_INFINITY                     118
+#define EC_F_EC_POINT_IS_ON_CURVE                        119
+#define EC_F_EC_POINT_MAKE_AFFINE                        120
+#define EC_F_EC_POINT_NEW                                121
+#define EC_F_EC_POINT_OCT2POINT                          122
+#define EC_F_EC_POINT_POINT2OCT                          123
+#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
+#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
+#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
+#define EC_F_EC_POINT_SET_TO_INFINITY                    127
+#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP                135
+
+/* Reason codes. */
+#define EC_R_BUFFER_TOO_SMALL                            100
+#define EC_R_INCOMPATIBLE_OBJECTS                        101
+#define EC_R_INVALID_ARGUMENT                            112
+#define EC_R_INVALID_COMPRESSED_POINT                    110
+#define EC_R_INVALID_COMPRESSION_BIT                     109
+#define EC_R_INVALID_ENCODING                            102
+#define EC_R_INVALID_FIELD                               103
+#define EC_R_INVALID_FORM                                104
+#define EC_R_NOT_INITIALIZED                             111
+#define EC_R_POINT_AT_INFINITY                           106
+#define EC_R_POINT_IS_NOT_ON_CURVE                       107
+#define EC_R_SLOT_FULL                                   108
+#define EC_R_UNDEFINED_GENERATOR                         113
+#define EC_R_UNKNOWN_ORDER                               114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/ec/ec_cvt.c b/src/lib/libcrypto/ec/ec_cvt.c
new file mode 100644
index 0000000000..45b0ec33a0
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_cvt.c
@@ -0,0 +1,80 @@
+/* crypto/ec/ec_cvt.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ec_lcl.h"
+
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        const EC_METHOD *meth;
+        EC_GROUP *ret;
+        
+        /* Finally, this will use EC_GFp_nist_method if 'p' is a special
+         * prime with optimized modular arithmetics (for NIST curves)
+         */
+        meth = EC_GFp_mont_method();
+        
+        ret = EC_GROUP_new(meth);
+        if (ret == NULL)
+                return NULL;
+
+        if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
+                {
+                EC_GROUP_clear_free(ret);
+                return NULL;
+                }
+
+        return ret;
+        }
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
new file mode 100644
index 0000000000..d37b6aba87
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -0,0 +1,149 @@
+/* crypto/ec/ec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ec.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA EC_str_functs[]=
+        {
+{ERR_PACK(0,EC_F_COMPUTE_WNAF,0),       "COMPUTE_WNAF"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0),   "ec_GFp_mont_field_decode"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0),   "ec_GFp_mont_field_encode"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0),      "ec_GFp_mont_field_mul"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0),      "ec_GFp_mont_field_sqr"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0),  "ec_GFp_simple_group_set_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0),  "ec_GFp_simple_group_set_generator"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0),  "ec_GFp_simple_make_affine"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0),    "ec_GFp_simple_oct2point"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0),    "ec_GFp_simple_point2oct"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0),   "ec_GFp_simple_points_make_affine"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0),     "ec_GFp_simple_point_get_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0),     "ec_GFp_simple_point_set_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0),       "ec_GFp_simple_set_compressed_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_COPY,0),      "EC_GROUP_copy"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0),    "EC_GROUP_get0_generator"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0),      "EC_GROUP_get_cofactor"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0),     "EC_GROUP_get_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"},
+{ERR_PACK(0,EC_F_EC_GROUP_NEW,0),       "EC_GROUP_new"},
+{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0),   "EC_GROUP_precompute_mult"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0),     "EC_GROUP_set_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0),    "EC_GROUP_set_extra_data"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0),     "EC_GROUP_set_generator"},
+{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0),      "EC_POINTs_make_affine"},
+{ERR_PACK(0,EC_F_EC_POINTS_MUL,0),      "EC_POINTs_mul"},
+{ERR_PACK(0,EC_F_EC_POINT_ADD,0),       "EC_POINT_add"},
+{ERR_PACK(0,EC_F_EC_POINT_CMP,0),       "EC_POINT_cmp"},
+{ERR_PACK(0,EC_F_EC_POINT_COPY,0),      "EC_POINT_copy"},
+{ERR_PACK(0,EC_F_EC_POINT_DBL,0),       "EC_POINT_dbl"},
+{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0),        "EC_POINT_get_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0),   "EC_POINT_get_Jprojective_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0),    "EC_POINT_is_at_infinity"},
+{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0),       "EC_POINT_is_on_curve"},
+{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0),       "EC_POINT_make_affine"},
+{ERR_PACK(0,EC_F_EC_POINT_NEW,0),       "EC_POINT_new"},
+{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0), "EC_POINT_oct2point"},
+{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0), "EC_POINT_point2oct"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0),        "EC_POINT_set_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0),    "EC_POINT_set_compressed_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0),   "EC_POINT_set_Jprojective_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0),   "EC_POINT_set_to_infinity"},
+{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0),       "GFP_MONT_GROUP_SET_CURVE_GFP"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA EC_str_reasons[]=
+        {
+{EC_R_BUFFER_TOO_SMALL                   ,"buffer too small"},
+{EC_R_INCOMPATIBLE_OBJECTS               ,"incompatible objects"},
+{EC_R_INVALID_ARGUMENT                   ,"invalid argument"},
+{EC_R_INVALID_COMPRESSED_POINT           ,"invalid compressed point"},
+{EC_R_INVALID_COMPRESSION_BIT            ,"invalid compression bit"},
+{EC_R_INVALID_ENCODING                   ,"invalid encoding"},
+{EC_R_INVALID_FIELD                      ,"invalid field"},
+{EC_R_INVALID_FORM                       ,"invalid form"},
+{EC_R_NOT_INITIALIZED                    ,"not initialized"},
+{EC_R_POINT_AT_INFINITY                  ,"point at infinity"},
+{EC_R_POINT_IS_NOT_ON_CURVE              ,"point is not on curve"},
+{EC_R_SLOT_FULL                          ,"slot full"},
+{EC_R_UNDEFINED_GENERATOR                ,"undefined generator"},
+{EC_R_UNKNOWN_ORDER                      ,"unknown order"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_EC_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_EC,EC_str_functs);
+                ERR_load_strings(ERR_LIB_EC,EC_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
new file mode 100644
index 0000000000..cc4cf27755
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_lcl.h
@@ -0,0 +1,277 @@
+/* crypto/ec/ec_lcl.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdlib.h>
+
+#include <openssl/ec.h>
+
+
+/* Structure details are not part of the exported interface,
+ * so all this may change in future versions. */
+
+struct ec_method_st {
+        /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
+        int (*group_init)(EC_GROUP *);
+        void (*group_finish)(EC_GROUP *);
+        void (*group_clear_finish)(EC_GROUP *);
+        int (*group_copy)(EC_GROUP *, const EC_GROUP *);
+
+        /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */
+        int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+        int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+
+        /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator,
+         * EC_GROUP_get_order, EC_GROUP_get_cofactor:
+         */
+        int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator,
+                const BIGNUM *order, const BIGNUM *cofactor);
+        EC_POINT *(*group_get0_generator)(const EC_GROUP *);
+        int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+        int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+
+        /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
+        int (*point_init)(EC_POINT *);
+        void (*point_finish)(EC_POINT *);
+        void (*point_clear_finish)(EC_POINT *);
+        int (*point_copy)(EC_POINT *, const EC_POINT *);
+
+        /* used by EC_POINT_set_to_infinity,
+         * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp,
+         * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
+         * EC_POINT_set_compressed_coordinates_GFp:
+         */
+        int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
+        int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+                const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+        int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
+                BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+        int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+                const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+        int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
+                BIGNUM *x, BIGNUM *y, BN_CTX *);
+        int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+                const BIGNUM *x, int y_bit, BN_CTX *);
+
+        /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
+        size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+                unsigned char *buf, size_t len, BN_CTX *);
+        int (*oct2point)(const EC_GROUP *, EC_POINT *,
+                const unsigned char *buf, size_t len, BN_CTX *);
+
+        /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
+        int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+        int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+        int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
+
+        /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
+        int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
+        int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+        int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+
+        /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
+        int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
+        int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+
+
+        /* internal functions */
+
+        /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that
+         * the same implementations of point operations can be used with different
+         * optimized implementations of expensive field operations: */
+        int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+        int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+        int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
+        int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
+        int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+} /* EC_METHOD */;
+
+
+struct ec_group_st {
+        const EC_METHOD *meth;
+
+        void *extra_data;
+        void *(*extra_data_dup_func)(void *);
+        void (*extra_data_free_func)(void *);
+        void (*extra_data_clear_free_func)(void *);
+
+        /* All members except 'meth' and 'extra_data...' are handled by
+         * the method functions, even if they appear generic */
+        
+        BIGNUM field; /* Field specification.
+                       * For curves over GF(p), this is the modulus. */
+
+        BIGNUM a, b; /* Curve coefficients.
+                      * (Here the assumption is that BIGNUMs can be used
+                      * or abused for all kinds of fields, not just GF(p).)
+                      * For characteristic  > 3,  the curve is defined
+                      * by a Weierstrass equation of the form
+                      *     y^2 = x^3 + a*x + b.
+                      */
+        int a_is_minus3; /* enable optimized point arithmetics for special case */
+
+        EC_POINT *generator; /* optional */
+        BIGNUM order, cofactor;
+
+        void *field_data1; /* method-specific (e.g., Montgomery structure) */
+        void *field_data2; /* method-specific */
+} /* EC_GROUP */;
+
+
+/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
+ * (with visibility limited to 'package' level for now).
+ * We use the function pointers as index for retrieval; this obviates
+ * global ex_data-style index tables.
+ * (Currently, we have one slot only, but is is possible to extend this
+ * if necessary.) */
+int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *),
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
+void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *),
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
+void EC_GROUP_free_extra_data(EC_GROUP *);
+void EC_GROUP_clear_free_extra_data(EC_GROUP *);
+
+
+
+struct ec_point_st {
+        const EC_METHOD *meth;
+
+        /* All members except 'meth' are handled by the method functions,
+         * even if they appear generic */
+
+        BIGNUM X;
+        BIGNUM Y;
+        BIGNUM Z; /* Jacobian projective coordinates:
+                   * (X, Y, Z)  represents  (X/Z^2, Y/Z^3)  if  Z != 0 */
+        int Z_is_one; /* enable optimized point arithmetics for special case */
+} /* EC_POINT */;
+
+
+
+/* method functions in ecp_smpl.c */
+int ec_GFp_simple_group_init(EC_GROUP *);
+void ec_GFp_simple_group_finish(EC_GROUP *);
+void ec_GFp_simple_group_clear_finish(EC_GROUP *);
+int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator,
+        const BIGNUM *order, const BIGNUM *cofactor);
+EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *);
+int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+        BIGNUM *x, BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+        const BIGNUM *x, int y_bit, BN_CTX *);
+size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
+        const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ecp_mont.c */
+int ec_GFp_mont_group_init(EC_GROUP *);
+int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_mont_group_finish(EC_GROUP *);
+void ec_GFp_mont_group_clear_finish(EC_GROUP *);
+int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+
+/* method functions in ecp_recp.c */
+int ec_GFp_recp_group_init(EC_GROUP *);
+int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_recp_group_finish(EC_GROUP *);
+void ec_GFp_recp_group_clear_finish(EC_GROUP *);
+int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ecp_nist.c */
+int ec_GFp_nist_group_init(EC_GROUP *);
+int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_nist_group_finish(EC_GROUP *);
+void ec_GFp_nist_group_clear_finish(EC_GROUP *);
+int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
new file mode 100644
index 0000000000..deb522060f
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -0,0 +1,656 @@
+/* crypto/ec/ec_lib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
+
+
+/* functions for EC_GROUP objects */
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
+        {
+        EC_GROUP *ret;
+
+        if (meth == NULL)
+                {
+                ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (meth->group_init == 0)
+                {
+                ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return NULL;
+                }
+
+        ret = OPENSSL_malloc(sizeof *ret);
+        if (ret == NULL)
+                {
+                ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        ret->meth = meth;
+
+        ret->extra_data = NULL;
+        ret->extra_data_dup_func = 0;
+        ret->extra_data_free_func = 0;
+        ret->extra_data_clear_free_func = 0;
+        
+        if (!meth->group_init(ret))
+                {
+                OPENSSL_free(ret);
+                return NULL;
+                }
+        
+        return ret;
+        }
+
+
+void EC_GROUP_free(EC_GROUP *group)
+        {
+        if (!group) return;
+
+        if (group->meth->group_finish != 0)
+                group->meth->group_finish(group);
+
+        EC_GROUP_free_extra_data(group);
+
+        OPENSSL_free(group);
+        }
+ 
+
+void EC_GROUP_clear_free(EC_GROUP *group)
+        {
+        if (!group) return;
+
+        if (group->meth->group_clear_finish != 0)
+                group->meth->group_clear_finish(group);
+        else if (group->meth != NULL && group->meth->group_finish != 0)
+                group->meth->group_finish(group);
+
+        EC_GROUP_clear_free_extra_data(group);
+
+        OPENSSL_cleanse(group, sizeof *group);
+        OPENSSL_free(group);
+        }
+
+
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+        {
+        if (dest->meth->group_copy == 0)
+                {
+                ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (dest->meth != src->meth)
+                {
+                ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        if (dest == src)
+                return 1;
+        
+        EC_GROUP_clear_free_extra_data(dest);
+        if (src->extra_data_dup_func)
+                {
+                if (src->extra_data != NULL)
+                        {
+                        dest->extra_data = src->extra_data_dup_func(src->extra_data);
+                        if (dest->extra_data == NULL)
+                                return 0;
+                        }
+
+                dest->extra_data_dup_func = src->extra_data_dup_func;
+                dest->extra_data_free_func = src->extra_data_free_func;
+                dest->extra_data_clear_free_func = src->extra_data_clear_free_func;
+                }
+
+        return dest->meth->group_copy(dest, src);
+        }
+
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+        {
+        return group->meth;
+        }
+
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        if (group->meth->group_set_curve_GFp == 0)
+                {
+                ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        return group->meth->group_set_curve_GFp(group, p, a, b, ctx);
+        }
+
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+        {
+        if (group->meth->group_get_curve_GFp == 0)
+                {
+                ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        return group->meth->group_get_curve_GFp(group, p, a, b, ctx);
+        }
+
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
+        {
+        if (group->meth->group_set_generator == 0)
+                {
+                ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        return group->meth->group_set_generator(group, generator, order, cofactor);
+        }
+
+
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+        {
+        if (group->meth->group_get0_generator == 0)
+                {
+                ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        return group->meth->group_get0_generator(group);
+        }
+
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+        {
+        if (group->meth->group_get_order == 0)
+                {
+                ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        return group->meth->group_get_order(group, order, ctx);
+        }
+
+
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
+        {
+        if (group->meth->group_get_cofactor == 0)
+                {
+                ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        return group->meth->group_get_cofactor(group, cofactor, ctx);
+        }
+
+
+/* this has 'package' visibility */
+int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *),
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
+        {
+        if ((group->extra_data != NULL)
+                || (group->extra_data_dup_func != 0)
+                || (group->extra_data_free_func != 0)
+                || (group->extra_data_clear_free_func != 0))
+                {
+                ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL);
+                return 0;
+                }
+
+        group->extra_data = extra_data;
+        group->extra_data_dup_func = extra_data_dup_func;
+        group->extra_data_free_func = extra_data_free_func;
+        group->extra_data_clear_free_func = extra_data_clear_free_func;
+        return 1;
+        }
+
+
+/* this has 'package' visibility */
+void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *),
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
+        {
+        if ((group->extra_data_dup_func != extra_data_dup_func)
+                || (group->extra_data_free_func != extra_data_free_func)
+                || (group->extra_data_clear_free_func != extra_data_clear_free_func))
+                {
+#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */
+                ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA);
+#endif
+                return NULL;
+                }
+
+        return group->extra_data;
+        }
+
+
+/* this has 'package' visibility */
+void EC_GROUP_free_extra_data(EC_GROUP *group)
+        {
+        if (group->extra_data_free_func)
+                group->extra_data_free_func(group->extra_data);
+        group->extra_data = NULL;
+        group->extra_data_dup_func = 0;
+        group->extra_data_free_func = 0;
+        group->extra_data_clear_free_func = 0;
+        }
+
+
+/* this has 'package' visibility */
+void EC_GROUP_clear_free_extra_data(EC_GROUP *group)
+        {
+        if (group->extra_data_clear_free_func)
+                group->extra_data_clear_free_func(group->extra_data);
+        else if (group->extra_data_free_func)
+                group->extra_data_free_func(group->extra_data);
+        group->extra_data = NULL;
+        group->extra_data_dup_func = 0;
+        group->extra_data_free_func = 0;
+        group->extra_data_clear_free_func = 0;
+        }
+
+
+
+/* functions for EC_POINT objects */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group)
+        {
+        EC_POINT *ret;
+
+        if (group == NULL)
+                {
+                ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (group->meth->point_init == 0)
+                {
+                ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return NULL;
+                }
+
+        ret = OPENSSL_malloc(sizeof *ret);
+        if (ret == NULL)
+                {
+                ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        ret->meth = group->meth;
+        
+        if (!ret->meth->point_init(ret))
+                {
+                OPENSSL_free(ret);
+                return NULL;
+                }
+        
+        return ret;
+        }
+
+
+void EC_POINT_free(EC_POINT *point)
+        {
+        if (!point) return;
+
+        if (point->meth->point_finish != 0)
+                point->meth->point_finish(point);
+        OPENSSL_free(point);
+        }
+ 
+
+void EC_POINT_clear_free(EC_POINT *point)
+        {
+        if (!point) return;
+
+        if (point->meth->point_clear_finish != 0)
+                point->meth->point_clear_finish(point);
+        else if (point->meth != NULL && point->meth->point_finish != 0)
+                point->meth->point_finish(point);
+        OPENSSL_cleanse(point, sizeof *point);
+        OPENSSL_free(point);
+        }
+
+
+int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
+        {
+        if (dest->meth->point_copy == 0)
+                {
+                ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (dest->meth != src->meth)
+                {
+                ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        if (dest == src)
+                return 1;
+        return dest->meth->point_copy(dest, src);
+        }
+
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
+        {
+        return point->meth;
+        }
+
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+        {
+        if (group->meth->point_set_to_infinity == 0)
+                {
+                ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point_set_to_infinity(group, point);
+        }
+
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
+        {
+        if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
+                {
+                ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
+        }
+
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
+        {
+        if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
+                {
+                ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
+        }
+
+
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+        {
+        if (group->meth->point_set_affine_coordinates_GFp == 0)
+                {
+                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx);
+        }
+
+
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+        {
+        if (group->meth->point_get_affine_coordinates_GFp == 0)
+                {
+                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx);
+        }
+
+
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x, int y_bit, BN_CTX *ctx)
+        {
+        if (group->meth->point_set_compressed_coordinates_GFp == 0)
+                {
+                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx);
+        }
+
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *ctx)
+        {
+        if (group->meth->point2oct == 0)
+                {
+                ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point2oct(group, point, form, buf, len, ctx);
+        }
+
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+        const unsigned char *buf, size_t len, BN_CTX *ctx)
+        {
+        if (group->meth->oct2point == 0)
+                {
+                ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->oct2point(group, point, buf, len, ctx);
+        }
+
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+        {
+        if (group->meth->add == 0)
+                {
+                ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
+                {
+                ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->add(group, r, a, b, ctx);
+        }
+
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
+        {
+        if (group->meth->dbl == 0)
+                {
+                ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if ((group->meth != r->meth) || (r->meth != a->meth))
+                {
+                ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->dbl(group, r, a, ctx);
+        }
+
+
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+        {
+        if (group->meth->dbl == 0)
+                {
+                ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != a->meth)
+                {
+                ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->invert(group, a, ctx);
+        }
+
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+        {
+        if (group->meth->is_at_infinity == 0)
+                {
+                ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->is_at_infinity(group, point);
+        }
+
+
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+        {
+        if (group->meth->is_on_curve == 0)
+                {
+                ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->is_on_curve(group, point, ctx);
+        }
+
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+        {
+        if (group->meth->point_cmp == 0)
+                {
+                ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if ((group->meth != a->meth) || (a->meth != b->meth))
+                {
+                ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->point_cmp(group, a, b, ctx);
+        }
+
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+        {
+        if (group->meth->make_affine == 0)
+                {
+                ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        if (group->meth != point->meth)
+                {
+                ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+        return group->meth->make_affine(group, point, ctx);
+        }
+
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+        {
+        size_t i;
+
+        if (group->meth->points_make_affine == 0)
+                {
+                ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return 0;
+                }
+        for (i = 0; i < num; i++)
+                {
+                if (group->meth != points[i]->meth)
+                        {
+                        ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+                        return 0;
+                        }
+                }
+        return group->meth->points_make_affine(group, num, points, ctx);
+        }
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
new file mode 100644
index 0000000000..16822a73cf
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -0,0 +1,485 @@
+/* crypto/ec/ec_mult.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+/* TODO: optional precomputation of multiples of the generator */
+
+
+
+/*
+ * wNAF-based interleaving multi-exponentation method
+ * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>)
+ */
+
+
+/* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array  r[]  of values that are either zero or odd with an
+ * absolute value less than  2^w  satisfying
+ *     scalar = \sum_j r[j]*2^j
+ * where at most one of any  w+1  consecutive digits is non-zero.
+ */
+static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx)
+        {
+        BIGNUM *c;
+        int ok = 0;
+        signed char *r = NULL;
+        int sign = 1;
+        int bit, next_bit, mask;
+        size_t len = 0, j;
+        
+        BN_CTX_start(ctx);
+        c = BN_CTX_get(ctx);
+        if (c == NULL) goto err;
+        
+        if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
+                {
+                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+        bit = 1 << w; /* at most 128 */
+        next_bit = bit << 1; /* at most 256 */
+        mask = next_bit - 1; /* at most 255 */
+
+        if (!BN_copy(c, scalar)) goto err;
+        if (c->neg)
+                {
+                sign = -1;
+                c->neg = 0;
+                }
+
+        len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */
+        r = OPENSSL_malloc(len);
+        if (r == NULL) goto err;
+
+        j = 0;
+        while (!BN_is_zero(c))
+                {
+                int u = 0;
+
+                if (BN_is_odd(c)) 
+                        {
+                        if (c->d == NULL || c->top == 0)
+                                {
+                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        u = c->d[0] & mask;
+                        if (u & bit)
+                                {
+                                u -= next_bit;
+                                /* u < 0 */
+                                if (!BN_add_word(c, -u)) goto err;
+                                }
+                        else
+                                {
+                                /* u > 0 */
+                                if (!BN_sub_word(c, u)) goto err;
+                                }
+
+                        if (u <= -bit || u >= bit || !(u & 1) || c->neg)
+                                {
+                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        }
+
+                r[j++] = sign * u;
+                
+                if (BN_is_odd(c))
+                        {
+                        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                if (!BN_rshift1(c, c)) goto err;
+                }
+
+        if (j > len)
+                {
+                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+        len = j;
+        ok = 1;
+
+ err:
+        BN_CTX_end(ctx);
+        if (!ok)
+                {
+                OPENSSL_free(r);
+                r = NULL;
+                }
+        if (ok)
+                *ret_len = len;
+        return r;
+        }
+
+
+/* TODO: table should be optimised for the wNAF-based implementation,
+ *       sometimes smaller windows will give better performance
+ *       (thus the boundaries should be increased)
+ */
+#define EC_window_bits_for_scalar_size(b) \
+                ((size_t) \
+                 ((b) >= 2000 ? 6 : \
+                  (b) >=  800 ? 5 : \
+                  (b) >=  300 ? 4 : \
+                  (b) >=   70 ? 3 : \
+                  (b) >=   20 ? 2 : \
+                   1))
+
+/* Compute
+ *      \sum scalars[i]*points[i],
+ * also including
+ *      scalar*generator
+ * in the addition if scalar != NULL
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        EC_POINT *generator = NULL;
+        EC_POINT *tmp = NULL;
+        size_t totalnum;
+        size_t i, j;
+        int k;
+        int r_is_inverted = 0;
+        int r_is_at_infinity = 1;
+        size_t *wsize = NULL; /* individual window sizes */
+        signed char **wNAF = NULL; /* individual wNAFs */
+        size_t *wNAF_len = NULL;
+        size_t max_len = 0;
+        size_t num_val;
+        EC_POINT **val = NULL; /* precomputation */
+        EC_POINT **v;
+        EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
+        int ret = 0;
+        
+        if (group->meth != r->meth)
+                {
+                ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+                return 0;
+                }
+
+        if ((scalar == NULL) && (num == 0))
+                {
+                return EC_POINT_set_to_infinity(group, r);
+                }
+
+        if (scalar != NULL)
+                {
+                generator = EC_GROUP_get0_generator(group);
+                if (generator == NULL)
+                        {
+                        ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
+                        return 0;
+                        }
+                }
+        
+        for (i = 0; i < num; i++)
+                {
+                if (group->meth != points[i]->meth)
+                        {
+                        ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+                        return 0;
+                        }
+                }
+
+        totalnum = num + (scalar != NULL);
+
+        wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
+        wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
+        wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]);
+        if (wNAF != NULL)
+                {
+                wNAF[0] = NULL; /* preliminary pivot */
+                }
+        if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err;
+
+        /* num_val := total number of points to precompute */
+        num_val = 0;
+        for (i = 0; i < totalnum; i++)
+                {
+                size_t bits;
+
+                bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+                wsize[i] = EC_window_bits_for_scalar_size(bits);
+                num_val += 1u << (wsize[i] - 1);
+                }
+
+        /* all precomputed points go into a single array 'val',
+         * 'val_sub[i]' is a pointer to the subarray for the i-th point */
+        val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
+        if (val == NULL) goto err;
+        val[num_val] = NULL; /* pivot element */
+
+        val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+        if (val_sub == NULL) goto err;
+
+        /* allocate points for precomputation */
+        v = val;
+        for (i = 0; i < totalnum; i++)
+                {
+                val_sub[i] = v;
+                for (j = 0; j < (1u << (wsize[i] - 1)); j++)
+                        {
+                        *v = EC_POINT_new(group);
+                        if (*v == NULL) goto err;
+                        v++;
+                        }
+                }
+        if (!(v == val + num_val))
+                {
+                ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        goto err;
+                }
+        
+        tmp = EC_POINT_new(group);
+        if (tmp == NULL) goto err;
+
+        /* prepare precomputed values:
+         *    val_sub[i][0] :=     points[i]
+         *    val_sub[i][1] := 3 * points[i]
+         *    val_sub[i][2] := 5 * points[i]
+         *    ...
+         */
+        for (i = 0; i < totalnum; i++)
+                {
+                if (i < num)
+                        {
+                        if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
+                        }
+                else
+                        {
+                        if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
+                        }
+
+                if (wsize[i] > 1)
+                        {
+                        if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
+                        for (j = 1; j < (1u << (wsize[i] - 1)); j++)
+                                {
+                                if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
+                                }
+                        }
+
+                wNAF[i + 1] = NULL; /* make sure we always have a pivot */
+                wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx);
+                if (wNAF[i] == NULL) goto err;
+                if (wNAF_len[i] > max_len)
+                        max_len = wNAF_len[i];
+                }
+
+#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
+        if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err;
+#endif
+
+        r_is_at_infinity = 1;
+
+        for (k = max_len - 1; k >= 0; k--)
+                {
+                if (!r_is_at_infinity)
+                        {
+                        if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
+                        }
+                
+                for (i = 0; i < totalnum; i++)
+                        {
+                        if (wNAF_len[i] > (size_t)k)
+                                {
+                                int digit = wNAF[i][k];
+                                int is_neg;
+
+                                if (digit) 
+                                        {
+                                        is_neg = digit < 0;
+
+                                        if (is_neg)
+                                                digit = -digit;
+
+                                        if (is_neg != r_is_inverted)
+                                                {
+                                                if (!r_is_at_infinity)
+                                                        {
+                                                        if (!EC_POINT_invert(group, r, ctx)) goto err;
+                                                        }
+                                                r_is_inverted = !r_is_inverted;
+                                                }
+
+                                        /* digit > 0 */
+
+                                        if (r_is_at_infinity)
+                                                {
+                                                if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
+                                                r_is_at_infinity = 0;
+                                                }
+                                        else
+                                                {
+                                                if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
+                                                }
+                                        }
+                                }
+                        }
+                }
+
+        if (r_is_at_infinity)
+                {
+                if (!EC_POINT_set_to_infinity(group, r)) goto err;
+                }
+        else
+                {
+                if (r_is_inverted)
+                        if (!EC_POINT_invert(group, r, ctx)) goto err;
+                }
+        
+        ret = 1;
+
+ err:
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        if (tmp != NULL)
+                EC_POINT_free(tmp);
+        if (wsize != NULL)
+                OPENSSL_free(wsize);
+        if (wNAF_len != NULL)
+                OPENSSL_free(wNAF_len);
+        if (wNAF != NULL)
+                {
+                signed char **w;
+                
+                for (w = wNAF; *w != NULL; w++)
+                        OPENSSL_free(*w);
+                
+                OPENSSL_free(wNAF);
+                }
+        if (val != NULL)
+                {
+                for (v = val; *v != NULL; v++)
+                        EC_POINT_clear_free(*v);
+
+                OPENSSL_free(val);
+                }
+        if (val_sub != NULL)
+                {
+                OPENSSL_free(val_sub);
+                }
+        return ret;
+        }
+
+
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+        {
+        const EC_POINT *points[1];
+        const BIGNUM *scalars[1];
+
+        points[0] = point;
+        scalars[0] = p_scalar;
+
+        return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
+        }
+
+
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+        {
+        const EC_POINT *generator;
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *order;
+        int ret = 0;
+
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL)
+                {
+                ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+                return 0;
+                }
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+        
+        BN_CTX_start(ctx);
+        order = BN_CTX_get(ctx);
+        if (order == NULL) goto err;
+        
+        if (!EC_GROUP_get_order(group, order, ctx)) return 0;
+        if (BN_is_zero(order))
+                {
+                ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+                goto err;
+                }
+
+        /* TODO */
+
+        ret = 1;
+        
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
new file mode 100644
index 0000000000..7b30d4c38a
--- /dev/null
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -0,0 +1,304 @@
+/* crypto/ec/ecp_mont.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+const EC_METHOD *EC_GFp_mont_method(void)
+        {
+        static const EC_METHOD ret = {
+                ec_GFp_mont_group_init,
+                ec_GFp_mont_group_finish,
+                ec_GFp_mont_group_clear_finish,
+                ec_GFp_mont_group_copy,
+                ec_GFp_mont_group_set_curve_GFp,
+                ec_GFp_simple_group_get_curve_GFp,
+                ec_GFp_simple_group_set_generator,
+                ec_GFp_simple_group_get0_generator,
+                ec_GFp_simple_group_get_order,
+                ec_GFp_simple_group_get_cofactor,
+                ec_GFp_simple_point_init,
+                ec_GFp_simple_point_finish,
+                ec_GFp_simple_point_clear_finish,
+                ec_GFp_simple_point_copy,
+                ec_GFp_simple_point_set_to_infinity,
+                ec_GFp_simple_set_Jprojective_coordinates_GFp,
+                ec_GFp_simple_get_Jprojective_coordinates_GFp,
+                ec_GFp_simple_point_set_affine_coordinates_GFp,
+                ec_GFp_simple_point_get_affine_coordinates_GFp,
+                ec_GFp_simple_set_compressed_coordinates_GFp,
+                ec_GFp_simple_point2oct,
+                ec_GFp_simple_oct2point,
+                ec_GFp_simple_add,
+                ec_GFp_simple_dbl,
+                ec_GFp_simple_invert,
+                ec_GFp_simple_is_at_infinity,
+                ec_GFp_simple_is_on_curve,
+                ec_GFp_simple_cmp,
+                ec_GFp_simple_make_affine,
+                ec_GFp_simple_points_make_affine,
+                ec_GFp_mont_field_mul,
+                ec_GFp_mont_field_sqr,
+                ec_GFp_mont_field_encode,
+                ec_GFp_mont_field_decode,
+                ec_GFp_mont_field_set_to_one };
+
+        return &ret;
+        }
+
+
+int ec_GFp_mont_group_init(EC_GROUP *group)
+        {
+        int ok;
+
+        ok = ec_GFp_simple_group_init(group);
+        group->field_data1 = NULL;
+        group->field_data2 = NULL;
+        return ok;
+        }
+
+
+int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        BN_MONT_CTX *mont = NULL;
+        BIGNUM *one = NULL;
+        int ret = 0;
+
+        if (group->field_data1 != NULL)
+                {
+                BN_MONT_CTX_free(group->field_data1);
+                group->field_data1 = NULL;
+                }
+        if (group->field_data2 != NULL)
+                {
+                BN_free(group->field_data2);
+                group->field_data2 = NULL;
+                }
+        
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        mont = BN_MONT_CTX_new();
+        if (mont == NULL) goto err;
+        if (!BN_MONT_CTX_set(mont, p, ctx))
+                {
+                ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB);
+                goto err;
+                }
+        one = BN_new();
+        if (one == NULL) goto err;
+        if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
+
+        group->field_data1 = mont;
+        mont = NULL;
+        group->field_data2 = one;
+        one = NULL;
+
+        ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx);
+
+        if (!ret)
+                {
+                BN_MONT_CTX_free(group->field_data1);
+                group->field_data1 = NULL;
+                BN_free(group->field_data2);
+                group->field_data2 = NULL;
+                }
+
+ err:
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        if (mont != NULL)
+                BN_MONT_CTX_free(mont);
+        return ret;
+        }
+
+
+void ec_GFp_mont_group_finish(EC_GROUP *group)
+        {
+        if (group->field_data1 != NULL)
+                {
+                BN_MONT_CTX_free(group->field_data1);
+                group->field_data1 = NULL;
+                }
+        if (group->field_data2 != NULL)
+                {
+                BN_free(group->field_data2);
+                group->field_data2 = NULL;
+                }
+        ec_GFp_simple_group_finish(group);
+        }
+
+
+void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
+        {
+        if (group->field_data1 != NULL)
+                {
+                BN_MONT_CTX_free(group->field_data1);
+                group->field_data1 = NULL;
+                }
+        if (group->field_data2 != NULL)
+                {
+                BN_clear_free(group->field_data2);
+                group->field_data2 = NULL;
+                }
+        ec_GFp_simple_group_clear_finish(group);
+        }
+
+
+int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+        {
+        if (dest->field_data1 != NULL)
+                {
+                BN_MONT_CTX_free(dest->field_data1);
+                dest->field_data1 = NULL;
+                }
+        if (dest->field_data2 != NULL)
+                {
+                BN_clear_free(dest->field_data2);
+                dest->field_data2 = NULL;
+                }
+
+        if (!ec_GFp_simple_group_copy(dest, src)) return 0;
+
+        if (src->field_data1 != NULL)
+                {
+                dest->field_data1 = BN_MONT_CTX_new();
+                if (dest->field_data1 == NULL) return 0;
+                if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
+                }
+        if (src->field_data2 != NULL)
+                {
+                dest->field_data2 = BN_dup(src->field_data2);
+                if (dest->field_data2 == NULL) goto err;
+                }
+
+        return 1;
+
+ err:
+        if (dest->field_data1 != NULL)
+                {
+                BN_MONT_CTX_free(dest->field_data1);
+                dest->field_data1 = NULL;
+                }
+        return 0;       
+        }
+
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        if (group->field_data1 == NULL)
+                {
+                ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+                return 0;
+                }
+
+        return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+        }
+
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+        {
+        if (group->field_data1 == NULL)
+                {
+                ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+                return 0;
+                }
+
+        return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+        }
+
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+        {
+        if (group->field_data1 == NULL)
+                {
+                ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+                return 0;
+                }
+
+        return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+        }
+
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+        {
+        if (group->field_data1 == NULL)
+                {
+                ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+                return 0;
+                }
+
+        return BN_from_montgomery(r, a, group->field_data1, ctx);
+        }
+
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
+        {
+        if (group->field_data2 == NULL)
+                {
+                ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+                return 0;
+                }
+
+        if (!BN_copy(r, group->field_data2)) return 0;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
new file mode 100644
index 0000000000..ed07748675
--- /dev/null
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -0,0 +1,134 @@
+/* crypto/ec/ecp_nist.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ec_lcl.h"
+
+#if 0
+const EC_METHOD *EC_GFp_nist_method(void)
+        {
+        static const EC_METHOD ret = {
+                ec_GFp_nist_group_init,
+                ec_GFp_nist_group_finish,
+                ec_GFp_nist_group_clear_finish,
+                ec_GFp_nist_group_copy,
+                ec_GFp_nist_group_set_curve_GFp,
+                ec_GFp_simple_group_get_curve_GFp,
+                ec_GFp_simple_group_set_generator,
+                ec_GFp_simple_group_get0_generator,
+                ec_GFp_simple_group_get_order,
+                ec_GFp_simple_group_get_cofactor,
+                ec_GFp_simple_point_init,
+                ec_GFp_simple_point_finish,
+                ec_GFp_simple_point_clear_finish,
+                ec_GFp_simple_point_copy,
+                ec_GFp_simple_point_set_to_infinity,
+                ec_GFp_simple_set_Jprojective_coordinates_GFp,
+                ec_GFp_simple_get_Jprojective_coordinates_GFp,
+                ec_GFp_simple_point_set_affine_coordinates_GFp,
+                ec_GFp_simple_point_get_affine_coordinates_GFp,
+                ec_GFp_simple_set_compressed_coordinates_GFp,
+                ec_GFp_simple_point2oct,
+                ec_GFp_simple_oct2point,
+                ec_GFp_simple_add,
+                ec_GFp_simple_dbl,
+                ec_GFp_simple_invert,
+                ec_GFp_simple_is_at_infinity,
+                ec_GFp_simple_is_on_curve,
+                ec_GFp_simple_cmp,
+                ec_GFp_simple_make_affine,
+                ec_GFp_simple_points_make_affine,
+                ec_GFp_nist_field_mul,
+                ec_GFp_nist_field_sqr,
+                0 /* field_encode */,
+                0 /* field_decode */,
+                0 /* field_set_to_one */ };
+
+        return &ret;
+        }
+#endif
+
+
+int ec_GFp_nist_group_init(EC_GROUP *group)
+        {
+        int ok;
+
+        ok = ec_GFp_simple_group_init(group);
+        group->field_data1 = NULL;
+        return ok;
+        }
+
+
+int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+void ec_GFp_nist_group_finish(EC_GROUP *group);
+/* TODO */
+
+
+void ec_GFp_nist_group_clear_finish(EC_GROUP *group);
+/* TODO */
+
+
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+/* TODO */
+
+
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/* TODO */
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
new file mode 100644
index 0000000000..e9a51fb87a
--- /dev/null
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -0,0 +1,1717 @@
+/* crypto/ec/ecp_smpl.c */
+/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+const EC_METHOD *EC_GFp_simple_method(void)
+        {
+        static const EC_METHOD ret = {
+                ec_GFp_simple_group_init,
+                ec_GFp_simple_group_finish,
+                ec_GFp_simple_group_clear_finish,
+                ec_GFp_simple_group_copy,
+                ec_GFp_simple_group_set_curve_GFp,
+                ec_GFp_simple_group_get_curve_GFp,
+                ec_GFp_simple_group_set_generator,
+                ec_GFp_simple_group_get0_generator,
+                ec_GFp_simple_group_get_order,
+                ec_GFp_simple_group_get_cofactor,
+                ec_GFp_simple_point_init,
+                ec_GFp_simple_point_finish,
+                ec_GFp_simple_point_clear_finish,
+                ec_GFp_simple_point_copy,
+                ec_GFp_simple_point_set_to_infinity,
+                ec_GFp_simple_set_Jprojective_coordinates_GFp,
+                ec_GFp_simple_get_Jprojective_coordinates_GFp,
+                ec_GFp_simple_point_set_affine_coordinates_GFp,
+                ec_GFp_simple_point_get_affine_coordinates_GFp,
+                ec_GFp_simple_set_compressed_coordinates_GFp,
+                ec_GFp_simple_point2oct,
+                ec_GFp_simple_oct2point,
+                ec_GFp_simple_add,
+                ec_GFp_simple_dbl,
+                ec_GFp_simple_invert,
+                ec_GFp_simple_is_at_infinity,
+                ec_GFp_simple_is_on_curve,
+                ec_GFp_simple_cmp,
+                ec_GFp_simple_make_affine,
+                ec_GFp_simple_points_make_affine,
+                ec_GFp_simple_field_mul,
+                ec_GFp_simple_field_sqr,
+                0 /* field_encode */,
+                0 /* field_decode */,
+                0 /* field_set_to_one */ };
+
+        return &ret;
+        }
+
+
+int ec_GFp_simple_group_init(EC_GROUP *group)
+        {
+        BN_init(&group->field);
+        BN_init(&group->a);
+        BN_init(&group->b);
+        group->a_is_minus3 = 0;
+        group->generator = NULL;
+        BN_init(&group->order);
+        BN_init(&group->cofactor);
+        return 1;
+        }
+
+
+void ec_GFp_simple_group_finish(EC_GROUP *group)
+        {
+        BN_free(&group->field);
+        BN_free(&group->a);
+        BN_free(&group->b);
+        if (group->generator != NULL)
+                EC_POINT_free(group->generator);
+        BN_free(&group->order);
+        BN_free(&group->cofactor);
+        }
+
+
+void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
+        {
+        BN_clear_free(&group->field);
+        BN_clear_free(&group->a);
+        BN_clear_free(&group->b);
+        if (group->generator != NULL)
+                {
+                EC_POINT_clear_free(group->generator);
+                group->generator = NULL;
+                }
+        BN_clear_free(&group->order);
+        BN_clear_free(&group->cofactor);
+        }
+
+
+int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+        {
+        if (!BN_copy(&dest->field, &src->field)) return 0;
+        if (!BN_copy(&dest->a, &src->a)) return 0;
+        if (!BN_copy(&dest->b, &src->b)) return 0;
+
+        dest->a_is_minus3 = src->a_is_minus3;
+
+        if (src->generator != NULL)
+                {
+                if (dest->generator == NULL)
+                        {
+                        dest->generator = EC_POINT_new(dest);
+                        if (dest->generator == NULL) return 0;
+                        }
+                if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
+                }
+        else
+                {
+                /* src->generator == NULL */
+                if (dest->generator != NULL)
+                        {
+                        EC_POINT_clear_free(dest->generator);
+                        dest->generator = NULL;
+                        }
+                }
+
+        if (!BN_copy(&dest->order, &src->order)) return 0;
+        if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
+
+        return 1;
+        }
+
+
+int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group,
+        const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        int ret = 0;
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *tmp_a;
+        
+        /* p must be a prime > 3 */
+        if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD);
+                return 0;
+                }
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        BN_CTX_start(ctx);
+        tmp_a = BN_CTX_get(ctx);
+        if (tmp_a == NULL) goto err;
+
+        /* group->field */
+        if (!BN_copy(&group->field, p)) goto err;
+        group->field.neg = 0;
+
+        /* group->a */
+        if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
+        if (group->meth->field_encode)
+                { if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }     
+        else
+                if (!BN_copy(&group->a, tmp_a)) goto err;
+        
+        /* group->b */
+        if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
+        if (group->meth->field_encode)
+                if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
+        
+        /* group->a_is_minus3 */
+        if (!BN_add_word(tmp_a, 3)) goto err;
+        group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
+
+        ret = 1;
+
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+        {
+        int ret = 0;
+        BN_CTX *new_ctx = NULL;
+        
+        if (p != NULL)
+                {
+                if (!BN_copy(p, &group->field)) return 0;
+                }
+
+        if (a != NULL || b != NULL)
+                {
+                if (group->meth->field_decode)
+                        {
+                        if (ctx == NULL)
+                                {
+                                ctx = new_ctx = BN_CTX_new();
+                                if (ctx == NULL)
+                                        return 0;
+                                }
+                        if (a != NULL)
+                                {
+                                if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
+                                }
+                        if (b != NULL)
+                                {
+                                if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
+                                }
+                        }
+                else
+                        {
+                        if (a != NULL)
+                                {
+                                if (!BN_copy(a, &group->a)) goto err;
+                                }
+                        if (b != NULL)
+                                {
+                                if (!BN_copy(b, &group->b)) goto err;
+                                }
+                        }
+                }
+        
+        ret = 1;
+        
+ err:
+        if (new_ctx)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+
+int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator,
+        const BIGNUM *order, const BIGNUM *cofactor)
+        {
+        if (generator == NULL)
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+                return 0   ;
+                }
+
+        if (group->generator == NULL)
+                {
+                group->generator = EC_POINT_new(group);
+                if (group->generator == NULL) return 0;
+                }
+        if (!EC_POINT_copy(group->generator, generator)) return 0;
+
+        if (order != NULL)
+                { if (!BN_copy(&group->order, order)) return 0; }       
+        else
+                { if (!BN_zero(&group->order)) return 0; }      
+
+        if (cofactor != NULL)
+                { if (!BN_copy(&group->cofactor, cofactor)) return 0; } 
+        else
+                { if (!BN_zero(&group->cofactor)) return 0; }   
+
+        return 1;
+        }
+
+
+EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group)
+        {
+        return group->generator;
+        }
+
+
+int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+        {
+        if (!BN_copy(order, &group->order))
+                return 0;
+
+        return !BN_is_zero(&group->order);
+        }
+
+
+int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
+        {
+        if (!BN_copy(cofactor, &group->cofactor))
+                return 0;
+
+        return !BN_is_zero(&group->cofactor);
+        }
+
+
+int ec_GFp_simple_point_init(EC_POINT *point)
+        {
+        BN_init(&point->X);
+        BN_init(&point->Y);
+        BN_init(&point->Z);
+        point->Z_is_one = 0;
+
+        return 1;
+        }
+
+
+void ec_GFp_simple_point_finish(EC_POINT *point)
+        {
+        BN_free(&point->X);
+        BN_free(&point->Y);
+        BN_free(&point->Z);
+        }
+
+
+void ec_GFp_simple_point_clear_finish(EC_POINT *point)
+        {
+        BN_clear_free(&point->X);
+        BN_clear_free(&point->Y);
+        BN_clear_free(&point->Z);
+        point->Z_is_one = 0;
+        }
+
+
+int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+        {
+        if (!BN_copy(&dest->X, &src->X)) return 0;
+        if (!BN_copy(&dest->Y, &src->Y)) return 0;
+        if (!BN_copy(&dest->Z, &src->Z)) return 0;
+        dest->Z_is_one = src->Z_is_one;
+
+        return 1;
+        }
+
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+        {
+        point->Z_is_one = 0;
+        return (BN_zero(&point->Z));
+        }
+
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        int ret = 0;
+        
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        if (x != NULL)
+                {
+                if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
+                if (group->meth->field_encode)
+                        {
+                        if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
+                        }
+                }
+        
+        if (y != NULL)
+                {
+                if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
+                if (group->meth->field_encode)
+                        {
+                        if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
+                        }
+                }
+        
+        if (z != NULL)
+                {
+                int Z_is_one;
+
+                if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
+                Z_is_one = BN_is_one(&point->Z);
+                if (group->meth->field_encode)
+                        {
+                        if (Z_is_one && (group->meth->field_set_to_one != 0))
+                                {
+                                if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
+                                }
+                        else
+                                {
+                                if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
+                                }
+                        }
+                point->Z_is_one = Z_is_one;
+                }
+        
+        ret = 1;
+        
+ err:
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        int ret = 0;
+        
+        if (group->meth->field_decode != 0)
+                {
+                if (ctx == NULL)
+                        {
+                        ctx = new_ctx = BN_CTX_new();
+                        if (ctx == NULL)
+                                return 0;
+                        }
+
+                if (x != NULL)
+                        {
+                        if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
+                        }
+                if (y != NULL)
+                        {
+                        if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
+                        }
+                if (z != NULL)
+                        {
+                        if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
+                        }
+                }
+        else    
+                {
+                if (x != NULL)
+                        {
+                        if (!BN_copy(x, &point->X)) goto err;
+                        }
+                if (y != NULL)
+                        {
+                        if (!BN_copy(y, &point->Y)) goto err;
+                        }
+                if (z != NULL)
+                        {
+                        if (!BN_copy(z, &point->Z)) goto err;
+                        }
+                }
+        
+        ret = 1;
+
+ err:
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+        {
+        if (x == NULL || y == NULL)
+                {
+                /* unlike for projective coordinates, we do not tolerate this */
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+
+        return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
+        }
+
+
+int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3;
+        const BIGNUM *X_, *Y_, *Z_;
+        int ret = 0;
+
+        if (EC_POINT_is_at_infinity(group, point))
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY);
+                return 0;
+                }
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        BN_CTX_start(ctx);
+        X = BN_CTX_get(ctx);
+        Y = BN_CTX_get(ctx);
+        Z = BN_CTX_get(ctx);
+        Z_1 = BN_CTX_get(ctx);
+        Z_2 = BN_CTX_get(ctx);
+        Z_3 = BN_CTX_get(ctx);
+        if (Z_3 == NULL) goto err;
+
+        /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
+        
+        if (group->meth->field_decode)
+                {
+                if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err;
+                if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err;
+                if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
+                X_ = X; Y_ = Y; Z_ = Z;
+                }
+        else
+                {
+                X_ = &point->X;
+                Y_ = &point->Y;
+                Z_ = &point->Z;
+                }
+        
+        if (BN_is_one(Z_))
+                {
+                if (x != NULL)
+                        {
+                        if (!BN_copy(x, X_)) goto err;
+                        }
+                if (y != NULL)
+                        {
+                        if (!BN_copy(y, Y_)) goto err;
+                        }
+                }
+        else
+                {
+                if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB);
+                        goto err;
+                        }
+                
+                if (group->meth->field_encode == 0)
+                        {
+                        /* field_sqr works on standard representation */
+                        if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
+                        }
+                else
+                        {
+                        if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
+                        }
+        
+                if (x != NULL)
+                        {
+                        if (group->meth->field_encode == 0)
+                                {
+                                /* field_mul works on standard representation */
+                                if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err;
+                                }
+                        else
+                                {
+                                if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err;
+                                }
+                        }
+
+                if (y != NULL)
+                        {
+                        if (group->meth->field_encode == 0)
+                                {
+                                /* field_mul works on standard representation */
+                                if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
+                                if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err;
+                                
+                                }
+                        else
+                                {
+                                if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
+                                if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err;
+                                }
+                        }
+                }
+
+        ret = 1;
+
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x_, int y_bit, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *tmp1, *tmp2, *x, *y;
+        int ret = 0;
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        y_bit = (y_bit != 0);
+
+        BN_CTX_start(ctx);
+        tmp1 = BN_CTX_get(ctx);
+        tmp2 = BN_CTX_get(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL) goto err;
+
+        /* Recover y.  We have a Weierstrass equation
+         *     y^2 = x^3 + a*x + b,
+         * so  y  is one of the square roots of  x^3 + a*x + b.
+         */
+
+        /* tmp1 := x^3 */
+        if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
+        if (group->meth->field_decode == 0)
+                {
+                /* field_{sqr,mul} work on standard representation */
+                if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
+                if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
+                }
+        else
+                {
+                if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
+                if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
+                }
+        
+        /* tmp1 := tmp1 + a*x */
+        if (group->a_is_minus3)
+                {
+                if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
+                if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
+                if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+                }
+        else
+                {
+                if (group->meth->field_decode)
+                        {
+                        if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
+                        if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
+                        }
+                else
+                        {
+                        /* field_mul works on standard representation */
+                        if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
+                        }
+                
+                if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+                }
+        
+        /* tmp1 := tmp1 + b */
+        if (group->meth->field_decode)
+                {
+                if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
+                if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+                }
+        else
+                {
+                if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
+                }
+        
+        if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
+                {
+                unsigned long err = ERR_peek_error();
+                
+                if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
+                        {
+                        (void)ERR_get_error();
+                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
+                        }
+                else
+                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB);
+                goto err;
+                }
+        /* If tmp1 is not a square (i.e. there is no point on the curve with
+         * our x), then y now is a nonsense value too */
+
+        if (y_bit != BN_is_odd(y))
+                {
+                if (BN_is_zero(y))
+                        {
+                        int kron;
+
+                        kron = BN_kronecker(x, &group->field, ctx);
+                        if (kron == -2) goto err;
+
+                        if (kron == 1)
+                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT);
+                        else
+                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
+                        goto err;
+                        }
+                if (!BN_usub(y, &group->field, y)) goto err;
+                }
+        if (y_bit != BN_is_odd(y))
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+
+        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+
+        ret = 1;
+
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *ctx)
+        {
+        size_t ret;
+        BN_CTX *new_ctx = NULL;
+        int used_ctx = 0;
+        BIGNUM *x, *y;
+        size_t field_len, i, skip;
+
+        if ((form != POINT_CONVERSION_COMPRESSED)
+                && (form != POINT_CONVERSION_UNCOMPRESSED)
+                && (form != POINT_CONVERSION_HYBRID))
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+                goto err;
+                }
+
+        if (EC_POINT_is_at_infinity(group, point))
+                {
+                /* encodes to a single 0 octet */
+                if (buf != NULL)
+                        {
+                        if (len < 1)
+                                {
+                                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                                return 0;
+                                }
+                        buf[0] = 0;
+                        }
+                return 1;
+                }
+
+
+        /* ret := required output buffer length */
+        field_len = BN_num_bytes(&group->field);
+        ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+        /* if 'buf' is NULL, just return required length */
+        if (buf != NULL)
+                {
+                if (len < ret)
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                        goto err;
+                        }
+
+                if (ctx == NULL)
+                        {
+                        ctx = new_ctx = BN_CTX_new();
+                        if (ctx == NULL)
+                                return 0;
+                        }
+
+                BN_CTX_start(ctx);
+                used_ctx = 1;
+                x = BN_CTX_get(ctx);
+                y = BN_CTX_get(ctx);
+                if (y == NULL) goto err;
+
+                if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+
+                if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+                        buf[0] = form + 1;
+                else
+                        buf[0] = form;
+        
+                i = 1;
+                
+                skip = field_len - BN_num_bytes(x);
+                if (skip > field_len)
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                while (skip > 0)
+                        {
+                        buf[i++] = 0;
+                        skip--;
+                        }
+                skip = BN_bn2bin(x, buf + i);
+                i += skip;
+                if (i != 1 + field_len)
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+
+                if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
+                        {
+                        skip = field_len - BN_num_bytes(y);
+                        if (skip > field_len)
+                                {
+                                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                                goto err;
+                                }
+                        while (skip > 0)
+                                {
+                                buf[i++] = 0;
+                                skip--;
+                                }
+                        skip = BN_bn2bin(y, buf + i);
+                        i += skip;
+                        }
+
+                if (i != ret)
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                }
+        
+        if (used_ctx)
+                BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+
+ err:
+        if (used_ctx)
+                BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return 0;
+        }
+
+
+int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+        const unsigned char *buf, size_t len, BN_CTX *ctx)
+        {
+        point_conversion_form_t form;
+        int y_bit;
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *x, *y;
+        size_t field_len, enc_len;
+        int ret = 0;
+
+        if (len == 0)
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+                }
+        form = buf[0];
+        y_bit = form & 1;
+        form = form & ~1U;
+        if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+                && (form != POINT_CONVERSION_UNCOMPRESSED)
+                && (form != POINT_CONVERSION_HYBRID))
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                return 0;
+                }
+        if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                return 0;
+                }
+
+        if (form == 0)
+                {
+                if (len != 1)
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                        return 0;
+                        }
+
+                return EC_POINT_set_to_infinity(group, point);
+                }
+        
+        field_len = BN_num_bytes(&group->field);
+        enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+        if (len != enc_len)
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                return 0;
+                }
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        BN_CTX_start(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL) goto err;
+
+        if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
+        if (BN_ucmp(x, &group->field) >= 0)
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+                }
+
+        if (form == POINT_CONVERSION_COMPRESSED)
+                {
+                if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
+                }
+        else
+                {
+                if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
+                if (BN_ucmp(y, &group->field) >= 0)
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                        goto err;
+                        }
+                if (form == POINT_CONVERSION_HYBRID)
+                        {
+                        if (y_bit != BN_is_odd(y))
+                                {
+                                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                                goto err;
+                                }
+                        }
+
+                if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+                }
+        
+        if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+                goto err;
+                }
+
+        ret = 1;
+        
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+        {
+        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+        const BIGNUM *p;
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+        int ret = 0;
+        
+        if (a == b)
+                return EC_POINT_dbl(group, r, a, ctx);
+        if (EC_POINT_is_at_infinity(group, a))
+                return EC_POINT_copy(r, b);
+        if (EC_POINT_is_at_infinity(group, b))
+                return EC_POINT_copy(r, a);
+        
+        field_mul = group->meth->field_mul;
+        field_sqr = group->meth->field_sqr;
+        p = &group->field;
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        BN_CTX_start(ctx);
+        n0 = BN_CTX_get(ctx);
+        n1 = BN_CTX_get(ctx);
+        n2 = BN_CTX_get(ctx);
+        n3 = BN_CTX_get(ctx);
+        n4 = BN_CTX_get(ctx);
+        n5 = BN_CTX_get(ctx);
+        n6 = BN_CTX_get(ctx);
+        if (n6 == NULL) goto end;
+
+        /* Note that in this function we must not read components of 'a' or 'b'
+         * once we have written the corresponding components of 'r'.
+         * ('r' might be one of 'a' or 'b'.)
+         */
+
+        /* n1, n2 */
+        if (b->Z_is_one)
+                {
+                if (!BN_copy(n1, &a->X)) goto end;
+                if (!BN_copy(n2, &a->Y)) goto end;
+                /* n1 = X_a */
+                /* n2 = Y_a */
+                }
+        else
+                {
+                if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
+                if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
+                /* n1 = X_a * Z_b^2 */
+
+                if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
+                if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
+                /* n2 = Y_a * Z_b^3 */
+                }
+
+        /* n3, n4 */
+        if (a->Z_is_one)
+                {
+                if (!BN_copy(n3, &b->X)) goto end;
+                if (!BN_copy(n4, &b->Y)) goto end;
+                /* n3 = X_b */
+                /* n4 = Y_b */
+                }
+        else
+                {
+                if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
+                if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
+                /* n3 = X_b * Z_a^2 */
+
+                if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
+                if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
+                /* n4 = Y_b * Z_a^3 */
+                }
+
+        /* n5, n6 */
+        if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
+        if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
+        /* n5 = n1 - n3 */
+        /* n6 = n2 - n4 */
+
+        if (BN_is_zero(n5))
+                {
+                if (BN_is_zero(n6))
+                        {
+                        /* a is the same point as b */
+                        BN_CTX_end(ctx);
+                        ret = EC_POINT_dbl(group, r, a, ctx);
+                        ctx = NULL;
+                        goto end;
+                        }
+                else
+                        {
+                        /* a is the inverse of b */
+                        if (!BN_zero(&r->Z)) goto end;
+                        r->Z_is_one = 0;
+                        ret = 1;
+                        goto end;
+                        }
+                }
+
+        /* 'n7', 'n8' */
+        if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
+        if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
+        /* 'n7' = n1 + n3 */
+        /* 'n8' = n2 + n4 */
+
+        /* Z_r */
+        if (a->Z_is_one && b->Z_is_one)
+                {
+                if (!BN_copy(&r->Z, n5)) goto end;
+                }
+        else
+                {
+                if (a->Z_is_one)
+                        { if (!BN_copy(n0, &b->Z)) goto end; }
+                else if (b->Z_is_one)
+                        { if (!BN_copy(n0, &a->Z)) goto end; }
+                else
+                        { if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
+                if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
+                }
+        r->Z_is_one = 0;
+        /* Z_r = Z_a * Z_b * n5 */
+
+        /* X_r */
+        if (!field_sqr(group, n0, n6, ctx)) goto end;
+        if (!field_sqr(group, n4, n5, ctx)) goto end;
+        if (!field_mul(group, n3, n1, n4, ctx)) goto end;
+        if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
+        /* X_r = n6^2 - n5^2 * 'n7' */
+        
+        /* 'n9' */
+        if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
+        if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
+        /* n9 = n5^2 * 'n7' - 2 * X_r */
+
+        /* Y_r */
+        if (!field_mul(group, n0, n0, n6, ctx)) goto end;
+        if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
+        if (!field_mul(group, n1, n2, n5, ctx)) goto end;
+        if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
+        if (BN_is_odd(n0))
+                if (!BN_add(n0, n0, p)) goto end;
+        /* now  0 <= n0 < 2*p,  and n0 is even */
+        if (!BN_rshift1(&r->Y, n0)) goto end;
+        /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+        ret = 1;
+
+ end:
+        if (ctx) /* otherwise we already called BN_CTX_end */
+                BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
+        {
+        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+        const BIGNUM *p;
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *n0, *n1, *n2, *n3;
+        int ret = 0;
+        
+        if (EC_POINT_is_at_infinity(group, a))
+                {
+                if (!BN_zero(&r->Z)) return 0;
+                r->Z_is_one = 0;
+                return 1;
+                }
+
+        field_mul = group->meth->field_mul;
+        field_sqr = group->meth->field_sqr;
+        p = &group->field;
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        BN_CTX_start(ctx);
+        n0 = BN_CTX_get(ctx);
+        n1 = BN_CTX_get(ctx);
+        n2 = BN_CTX_get(ctx);
+        n3 = BN_CTX_get(ctx);
+        if (n3 == NULL) goto err;
+
+        /* Note that in this function we must not read components of 'a'
+         * once we have written the corresponding components of 'r'.
+         * ('r' might the same as 'a'.)
+         */
+
+        /* n1 */
+        if (a->Z_is_one)
+                {
+                if (!field_sqr(group, n0, &a->X, ctx)) goto err;
+                if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
+                if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
+                if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
+                /* n1 = 3 * X_a^2 + a_curve */
+                }
+        else if (group->a_is_minus3)
+                {
+                if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
+                if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
+                if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
+                if (!field_mul(group, n1, n0, n2, ctx)) goto err;
+                if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
+                if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
+                /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+                 *    = 3 * X_a^2 - 3 * Z_a^4 */
+                }
+        else
+                {
+                if (!field_sqr(group, n0, &a->X, ctx)) goto err;
+                if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
+                if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
+                if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
+                if (!field_sqr(group, n1, n1, ctx)) goto err;
+                if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
+                if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
+                /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+                }
+
+        /* Z_r */
+        if (a->Z_is_one)
+                {
+                if (!BN_copy(n0, &a->Y)) goto err;
+                }
+        else
+                {
+                if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
+                }
+        if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
+        r->Z_is_one = 0;
+        /* Z_r = 2 * Y_a * Z_a */
+
+        /* n2 */
+        if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
+        if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
+        if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
+        /* n2 = 4 * X_a * Y_a^2 */
+
+        /* X_r */
+        if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
+        if (!field_sqr(group, &r->X, n1, ctx)) goto err;
+        if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
+        /* X_r = n1^2 - 2 * n2 */
+        
+        /* n3 */
+        if (!field_sqr(group, n0, n3, ctx)) goto err;
+        if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
+        /* n3 = 8 * Y_a^4 */
+        
+        /* Y_r */
+        if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
+        if (!field_mul(group, n0, n1, n0, ctx)) goto err;
+        if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
+        /* Y_r = n1 * (n2 - X_r) - n3 */
+
+        ret = 1;
+
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+        {
+        if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+                /* point is its own inverse */
+                return 1;
+        
+        return BN_usub(&point->Y, &group->field, &point->Y);
+        }
+
+
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+        {
+        return BN_is_zero(&point->Z);
+        }
+
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+        {
+        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+        const BIGNUM *p;
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6;
+        int ret = -1;
+
+        if (EC_POINT_is_at_infinity(group, point))
+                return 1;
+        
+        field_mul = group->meth->field_mul;
+        field_sqr = group->meth->field_sqr;
+        p = &group->field;
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return -1;
+                }
+
+        BN_CTX_start(ctx);
+        rh = BN_CTX_get(ctx);
+        tmp1 = BN_CTX_get(ctx);
+        tmp2 = BN_CTX_get(ctx);
+        Z4 = BN_CTX_get(ctx);
+        Z6 = BN_CTX_get(ctx);
+        if (Z6 == NULL) goto err;
+
+        /* We have a curve defined by a Weierstrass equation
+         *      y^2 = x^3 + a*x + b.
+         * The point to consider is given in Jacobian projective coordinates
+         * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
+         * Substituting this and multiplying by  Z^6  transforms the above equation into
+         *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+         * To test this, we add up the right-hand side in 'rh'.
+         */
+
+        /* rh := X^3 */
+        if (!field_sqr(group, rh, &point->X, ctx)) goto err;
+        if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
+
+        if (!point->Z_is_one)
+                {
+                if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err;
+                if (!field_sqr(group, Z4, tmp1, ctx)) goto err;
+                if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err;
+
+                /* rh := rh + a*X*Z^4 */
+                if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err;
+                if (group->a_is_minus3)
+                        {
+                        if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err;
+                        if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err;
+                        if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
+                        }
+                else
+                        {
+                        if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err;
+                        if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
+                        }
+
+                /* rh := rh + b*Z^6 */
+                if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err;
+                if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err;
+                }
+        else
+                {
+                /* point->Z_is_one */
+
+                /* rh := rh + a*X */
+                if (group->a_is_minus3)
+                        {
+                        if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err;
+                        if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err;
+                        if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
+                        }
+                else
+                        {
+                        if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err;
+                        if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
+                        }
+
+                /* rh := rh + b */
+                if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
+                }
+
+        /* 'lh' := Y^2 */
+        if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err;
+
+        ret = (0 == BN_cmp(tmp1, rh));
+
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+        {
+        /* return values:
+         *  -1   error
+         *   0   equal (in affine coordinates)
+         *   1   not equal
+         */
+
+        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+        const BIGNUM *tmp1_, *tmp2_;
+        int ret = -1;
+        
+        if (EC_POINT_is_at_infinity(group, a))
+                {
+                return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+                }
+        
+        if (a->Z_is_one && b->Z_is_one)
+                {
+                return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+                }
+
+        field_mul = group->meth->field_mul;
+        field_sqr = group->meth->field_sqr;
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return -1;
+                }
+
+        BN_CTX_start(ctx);
+        tmp1 = BN_CTX_get(ctx);
+        tmp2 = BN_CTX_get(ctx);
+        Za23 = BN_CTX_get(ctx);
+        Zb23 = BN_CTX_get(ctx);
+        if (Zb23 == NULL) goto end;
+
+        /* We have to decide whether
+         *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+         * or equivalently, whether
+         *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+         */
+
+        if (!b->Z_is_one)
+                {
+                if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
+                if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
+                tmp1_ = tmp1;
+                }
+        else
+                tmp1_ = &a->X;
+        if (!a->Z_is_one)
+                {
+                if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
+                if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
+                tmp2_ = tmp2;
+                }
+        else
+                tmp2_ = &b->X;
+        
+        /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
+        if (BN_cmp(tmp1_, tmp2_) != 0)
+                {
+                ret = 1; /* points differ */
+                goto end;
+                }
+
+
+        if (!b->Z_is_one)
+                {
+                if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
+                if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
+                /* tmp1_ = tmp1 */
+                }
+        else
+                tmp1_ = &a->Y;
+        if (!a->Z_is_one)
+                {
+                if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
+                if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
+                /* tmp2_ = tmp2 */
+                }
+        else
+                tmp2_ = &b->Y;
+
+        /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
+        if (BN_cmp(tmp1_, tmp2_) != 0)
+                {
+                ret = 1; /* points differ */
+                goto end;
+                }
+
+        /* points are equal */
+        ret = 0;
+
+ end:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *x, *y;
+        int ret = 0;
+
+        if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+                return 1;
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        BN_CTX_start(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL) goto err;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+        if (!point->Z_is_one)
+                {
+                ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+        
+        ret = 1;
+
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        return ret;
+        }
+
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        BIGNUM *tmp0, *tmp1;
+        size_t pow2 = 0;
+        BIGNUM **heap = NULL;
+        size_t i;
+        int ret = 0;
+
+        if (num == 0)
+                return 1;
+
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+
+        BN_CTX_start(ctx);
+        tmp0 = BN_CTX_get(ctx);
+        tmp1 = BN_CTX_get(ctx);
+        if (tmp0  == NULL || tmp1 == NULL) goto err;
+
+        /* Before converting the individual points, compute inverses of all Z values.
+         * Modular inversion is rather slow, but luckily we can do with a single
+         * explicit inversion, plus about 3 multiplications per input value.
+         */
+
+        pow2 = 1;
+        while (num > pow2)
+                pow2 <<= 1;
+        /* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
+         * We need twice that. */
+        pow2 <<= 1;
+
+        heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
+        if (heap == NULL) goto err;
+        
+        /* The array is used as a binary tree, exactly as in heapsort:
+         *
+         *                               heap[1]
+         *                 heap[2]                     heap[3]
+         *          heap[4]       heap[5]       heap[6]       heap[7]
+         *   heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
+         *
+         * We put the Z's in the last line;
+         * then we set each other node to the product of its two child-nodes (where
+         * empty or 0 entries are treated as ones);
+         * then we invert heap[1];
+         * then we invert each other node by replacing it by the product of its
+         * parent (after inversion) and its sibling (before inversion).
+         */
+        heap[0] = NULL;
+        for (i = pow2/2 - 1; i > 0; i--)
+                heap[i] = NULL;
+        for (i = 0; i < num; i++)
+                heap[pow2/2 + i] = &points[i]->Z;
+        for (i = pow2/2 + num; i < pow2; i++)
+                heap[i] = NULL;
+        
+        /* set each node to the product of its children */
+        for (i = pow2/2 - 1; i > 0; i--)
+                {
+                heap[i] = BN_new();
+                if (heap[i] == NULL) goto err;
+                
+                if (heap[2*i] != NULL)
+                        {
+                        if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
+                                {
+                                if (!BN_copy(heap[i], heap[2*i])) goto err;
+                                }
+                        else
+                                {
+                                if (BN_is_zero(heap[2*i]))
+                                        {
+                                        if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
+                                        }
+                                else
+                                        {
+                                        if (!group->meth->field_mul(group, heap[i],
+                                                heap[2*i], heap[2*i + 1], ctx)) goto err;
+                                        }
+                                }
+                        }
+                }
+
+        /* invert heap[1] */
+        if (!BN_is_zero(heap[1]))
+                {
+                if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
+                        {
+                        ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+                        goto err;
+                        }
+                }
+        if (group->meth->field_encode != 0)
+                {
+                /* in the Montgomery case, we just turned  R*H  (representing H)
+                 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
+                 * i.e. we have need to multiply by the Montgomery factor twice */
+                if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+                if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+                }
+
+        /* set other heap[i]'s to their inverses */
+        for (i = 2; i < pow2/2 + num; i += 2)
+                {
+                /* i is even */
+                if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
+                        {
+                        if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
+                        if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
+                        if (!BN_copy(heap[i], tmp0)) goto err;
+                        if (!BN_copy(heap[i + 1], tmp1)) goto err;
+                        }
+                else
+                        {
+                        if (!BN_copy(heap[i], heap[i/2])) goto err;
+                        }
+                }
+
+        /* we have replaced all non-zero Z's by their inverses, now fix up all the points */
+        for (i = 0; i < num; i++)
+                {
+                EC_POINT *p = points[i];
+                
+                if (!BN_is_zero(&p->Z))
+                        {
+                        /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
+
+                        if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
+                        if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
+
+                        if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
+                        if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
+                
+                        if (group->meth->field_set_to_one != 0)
+                                {
+                                if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
+                                }
+                        else
+                                {
+                                if (!BN_one(&p->Z)) goto err;
+                                }
+                        p->Z_is_one = 1;
+                        }
+                }
+
+        ret = 1;
+                
+ err:
+        BN_CTX_end(ctx);
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        if (heap != NULL)
+                {
+                /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
+                for (i = pow2/2 - 1; i > 0; i--)
+                        {
+                        if (heap[i] != NULL)
+                                BN_clear_free(heap[i]);
+                        }
+                OPENSSL_free(heap);
+                }
+        return ret;
+        }
+
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        return BN_mod_mul(r, a, b, &group->field, ctx);
+        }
+
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+        {
+        return BN_mod_sqr(r, a, &group->field, ctx);
+        }
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
index 345d3e4289..fcf969f3cf 100644
--- a/src/lib/libcrypto/ec/ectest.c
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -197,7 +197,7 @@ int main(int argc, char *argv[])
                 EC_GROUP *tmp;
                 tmp = EC_GROUP_new(EC_GROUP_method_of(group));
                 if (!tmp) ABORT;
-                if (!EC_GROUP_copy(tmp, group));
+                if (!EC_GROUP_copy(tmp, group)) ABORT;
                 EC_GROUP_free(group);
                 group = tmp;
         }
diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..30a4446ff9
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile.ssl
@@ -0,0 +1,538 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+        eng_openssl.c eng_dyn.c eng_cnf.c \
+        hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
+        hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+        eng_openssl.o eng_dyn.o eng_cnf.o \
+        hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
+        hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+errors:
+        $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
+                -nostatic -staticloader -write hw_*.c
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/ui.h eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
+hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_4758_cca.o: ../../include/openssl/opensslconf.h
+hw_4758_cca.o: ../../include/openssl/opensslv.h
+hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
+hw_4758_cca.o: vendor_defns/hw_4758_cca.h
+hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
+hw_aep.o: vendor_defns/aep.h
+hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+hw_cryptodev.o: ../../include/openssl/objects.h
+hw_cryptodev.o: ../../include/openssl/opensslconf.h
+hw_cryptodev.o: ../../include/openssl/opensslv.h
+hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c
+hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
+hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
+hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
+hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_sureware.o: ../../include/openssl/opensslconf.h
+hw_sureware.o: ../../include/openssl/opensslv.h
+hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
+hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
+hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
+hw_ubsec.o: vendor_defns/hw_ubsec.h
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_dsa.o: eng_int.h tb_dsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rand.o: eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README
new file mode 100644
index 0000000000..6b69b70f57
--- /dev/null
+++ b/src/lib/libcrypto/engine/README
@@ -0,0 +1,211 @@
+Notes: 2001-09-24
+-----------------
+
+This "description" (if one chooses to call it that) needed some major updating
+so here goes. This update addresses a change being made at the same time to
+OpenSSL, and it pretty much completely restructures the underlying mechanics of
+the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
+for masochists" document *and* a rather extensive commit log message. (I'd get
+lynched for sticking all this in CHANGES or the commit mails :-).
+
+ENGINE_TABLE underlies this restructuring, as described in the internal header
+"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
+tb_rsa.c, tb_dsa.c, etc.
+
+However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
+I'll mention a bit about that first. EVP_CIPHER (and most of this applies
+equally to EVP_MD for digests) is both a "method" and a algorithm/mode
+identifier that, in the current API, "lingers". These cipher description +
+implementation structures can be defined or obtained directly by applications,
+or can be loaded "en masse" into EVP storage so that they can be catalogued and
+searched in various ways, ie. two ways of encrypting with the "des_cbc"
+algorithm/mode pair are;
+
+(i) directly;
+     const EVP_CIPHER *cipher = EVP_des_cbc();
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
+
+(ii) indirectly; 
+     OpenSSL_add_all_ciphers();
+     cipher = EVP_get_cipherbyname("des_cbc");
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... etc ... ]
+
+The latter is more generally used because it also allows ciphers/digests to be
+looked up based on other identifiers which can be useful for automatic cipher
+selection, eg. in SSL/TLS, or by user-controllable configuration.
+
+The important point about this is that EVP_CIPHER definitions and structures are
+passed around with impunity and there is no safe way, without requiring massive
+rewrites of many applications, to assume that EVP_CIPHERs can be reference
+counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
+comes from can "safely" be destroyed. Unless of course the way of getting to
+such ciphers is via entirely distinct API calls that didn't exist before.
+However existing API usage cannot be made to understand when an EVP_CIPHER
+pointer, that has been passed to the caller, is no longer being used.
+
+The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
+into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
+ciphers simultaneously registers cipher *types* and cipher *implementations* -
+they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
+hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
+solution is necessarily that ENGINE-provided ciphers simply are not registered,
+stored, or exposed to the caller in the same manner as existing ciphers. This is
+especially necessary considering the fact ENGINE uses reference counts to allow
+for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
+callers in the current API, support no such controls.
+
+Another sticking point for integrating cipher support into ENGINE is linkage.
+Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
+they are available *because* they're part of a giant ENGINE called "openssl".
+Ie. all implementations *have* to come from an ENGINE, but we get round that by
+having a giant ENGINE with all the software support encapsulated. This creates
+linker hassles if nothing else - linking a 1-line application that calls 2 basic
+RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
+ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
+continue with this approach for EVP_CIPHER support (even if it *was* possible)
+we would lose our ability to link selectively by selectively loading certain
+implementations of certain functionality. Touching any part of any kind of
+crypto would result in massive static linkage of everything else. So the
+solution is to change the way ENGINE feeds existing "classes", ie. how the
+hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
+for EVP_CIPHER, and EVP_MD.
+
+The way this is now being done is by mostly reverting back to how things used to
+work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
+was previously replaced by an "ENGINE" pointer and all RSA code that required
+the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
+temporarily get and use the ENGINE's RSA implementation. Apart from being more
+efficient, switching back to each RSA having an RSA_METHOD pointer also allows
+us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
+for a fallback ENGINE that encapsulates default implementations - we can simply
+have our RSA structure pointing its RSA_METHOD pointer to the software
+implementation and have its ENGINE pointer set to NULL.
+
+A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
+turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
+and the existing EVP API functions that return "software" implementations and
+descriptions remain untouched. However, the storage takes more meaning in terms
+of "cipher description" and less meaning in terms of "implementation". When an
+EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
+begin en/decryption, the hooking to ENGINE comes into play. What happens is that
+cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
+reference) for any ENGINE that is registered to perform the algo/mode that the
+provided EVP_CIPHER structure represents. Under normal circumstances, that
+ENGINE code will return NULL because no ENGINEs will have had any cipher
+implementations *registered*. As such, a NULL ENGINE pointer is stored in the
+EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
+context and so is used as the implementation. Pretty much how things work now
+except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
+
+Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
+combination represented by the provided EVP_CIPHER, then a functional reference
+to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
+That functional reference will be stored in the context (and released on
+cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
+definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
+application will actually be replaced by an EVP_CIPHER from the registered
+ENGINE - it will support the same algorithm/mode as the original but will be a
+completely different implementation. Because this EVP_CIPHER isn't stored in the
+EVP storage, nor is it returned to applications from traditional API functions,
+there is no associated problem with it not having reference counts. And of
+course, when one of these "private" cipher implementations is hooked into
+EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
+reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
+safe.
+
+The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
+in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
+EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
+use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
+ENGINE_TABLE essentially provide linker-separation of the classes so that even
+if ENGINEs implement *all* possible algorithms, an application using only
+EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
+ENGINE code that is independant of class, and of course the ENGINE
+implementation that the application loaded. It will *not* however link any
+class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
+other APIs, such as the RSA/DSA/etc library code.
+
+ENGINE_TABLE is a little more complicated than may seem necessary but this is
+mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
+DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
+to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
+example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
+These nids provide the uniquenness of an algorithm/mode - and each nid will hash
+to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
+pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
+caching tricks such that requests on that 'nid' will be cached and all future
+requests will return immediately (well, at least with minimal operation) unless
+a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
+that an application could have support for 10 ENGINEs statically linked
+in, and the machine in question may not have any of the hardware those 10
+ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
+want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
+each of those 10 ENGINEs. Instead, the first such request will try to do that
+and will either return (and cache) a NULL ENGINE pointer or will return a
+functional reference to the first that successfully initialised. In the latter
+case it will also cache an extra functional reference to the ENGINE as a
+"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
+that is unset only if un/registration takes place on that pile. Ie. if
+implementations of "des_cbc" are added or removed. This behaviour can be
+tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
+ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
+try to initialise from the "pile" will be those that are already initialised
+(ie. it's simply an increment of the functional reference count, and no real
+"initialisation" will take place).
+
+RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
+difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
+actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
+not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
+necessarily interoperable and don't have different flavours, only different
+implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
+or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
+represents ENGINEs that implement the single "type" of RSA there is.
+
+Cleanup - the registration and unregistration may pose questions about how
+cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
+application or EVP_CIPHER code releases its last reference to an ENGINE, the
+ENGINE_PILE code may still have references and thus those ENGINEs will stay
+hooked in forever). The way this is handled is via "unregistration". With these
+new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
+is an algorithm-agnostic process. Even if initialised, it will not have
+registered any of its implementations (to do so would link all class "table"
+code despite the fact the application may use only ciphers, for example). This
+is deliberately a distinct step. Moreover, registration and unregistration has
+nothing to do with whether an ENGINE is *functional* or not (ie. you can even
+register an ENGINE and its implementations without it being operational, you may
+not even have the drivers to make it operate). What actually happens with
+respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
+functions. These functions are internal-only and each part of ENGINE code that
+could require cleanup will, upon performing its first allocation, register a
+callback with the "engine_cleanup" code. The other part of this that makes it
+tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
+initialised state. So if RSA code asks for an ENGINE and no ENGINE has
+registered an implementation, the code will simply return NULL and the tb_rsa.c
+state will be unchanged. Thus, no cleanup is required unless registration takes
+place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
+callbacks calling each in turn, and will then internally delete its own storage
+(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
+part of a gracefull restart and the application wants to cleanup all state then
+start again), the internal STACK storage will be freshly allocated. This is much
+the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
+initialised state, so only modification operations (not queries) will cause that
+code to have to register a cleanup.
+
+What else? The bignum callbacks and associated ENGINE functions have been
+removed for two obvious reasons; (i) there was no way to generalise them to the
+mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
+method, and (ii) because of (i), there was no meaningful way for library or
+application code to automatically hook and use ENGINE supplied bignum functions
+anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
+exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
+one and now certainly doesn't make sense in any generalised way. Some of the
+RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
+changes have now, as a consequence, been reverted back. This is because the
+hooking of ENGINE is now automatic (and passive, it can interally use a NULL
+ENGINE pointer to simply ignore ENGINE from then on).
+
+Hell, that should be enough for now ... comments welcome: geoff@openssl.org
+
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
new file mode 100644
index 0000000000..0f6992a40d
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -0,0 +1,113 @@
+/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+void ENGINE_load_builtin_engines(void)
+        {
+        /* There's no longer any need for an "openssl" ENGINE unless, one day,
+         * it is the *only* way for standard builtin implementations to be be
+         * accessed (ie. it would be possible to statically link binaries with
+         * *no* builtin implementations). */
+#if 0
+        ENGINE_load_openssl();
+#endif
+        ENGINE_load_dynamic();
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+        ENGINE_load_cswift();
+#endif
+#ifndef OPENSSL_NO_HW_NCIPHER
+        ENGINE_load_chil();
+#endif
+#ifndef OPENSSL_NO_HW_ATALLA
+        ENGINE_load_atalla();
+#endif
+#ifndef OPENSSL_NO_HW_NURON
+        ENGINE_load_nuron();
+#endif
+#ifndef OPENSSL_NO_HW_UBSEC
+        ENGINE_load_ubsec();
+#endif
+#ifndef OPENSSL_NO_HW_AEP
+        ENGINE_load_aep();
+#endif
+#ifndef OPENSSL_NO_HW_SUREWARE
+        ENGINE_load_sureware();
+#endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+        ENGINE_load_4758cca();
+#endif
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+        ENGINE_load_cryptodev();
+#endif
+#endif
+        }
+
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+void ENGINE_setup_bsd_cryptodev(void) {
+        static int bsd_cryptodev_default_loaded = 0;
+        if (!bsd_cryptodev_default_loaded) {
+                ENGINE_load_cryptodev();
+                ENGINE_register_all_complete();
+        }
+        bsd_cryptodev_default_loaded=1;
+}
+#endif
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
new file mode 100644
index 0000000000..cdf670901a
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -0,0 +1,242 @@
+/* eng_cnf.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static char *skip_dot(char *name)
+        {
+        char *p;
+        p = strchr(name, '.');
+        if (p)
+                return p + 1;
+        return name;
+        }
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+        {
+        if (!ENGINE_init(e))
+                return 0;
+        if (!initialized_engines)
+                initialized_engines = sk_ENGINE_new_null();
+        if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
+                {
+                ENGINE_finish(e);
+                return 0;
+                }
+        return 1;
+        }
+        
+
+static int int_engine_configure(char *name, char *value, const CONF *cnf)
+        {
+        int i;
+        int ret = 0;
+        long do_init = -1;
+        STACK_OF(CONF_VALUE) *ecmds;
+        CONF_VALUE *ecmd;
+        char *ctrlname, *ctrlvalue;
+        ENGINE *e = NULL;
+        name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+        /* Value is a section containing ENGINE commands */
+        ecmds = NCONF_get_section(cnf, value);
+
+        if (!ecmds)
+                {
+                ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
+                return 0;
+                }
+
+        for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
+                {
+                ecmd = sk_CONF_VALUE_value(ecmds, i);
+                ctrlname = skip_dot(ecmd->name);
+                ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
+#endif
+
+                /* First handle some special pseudo ctrls */
+
+                /* Override engine name to use */
+                if (!strcmp(ctrlname, "engine_id"))
+                        name = ctrlvalue;
+                /* Load a dynamic ENGINE */
+                else if (!strcmp(ctrlname, "dynamic_path"))
+                        {
+                        e = ENGINE_by_id("dynamic");
+                        if (!e)
+                                goto err;
+                        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+                                goto err;
+                        if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+                                goto err;
+                        if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+                                goto err;
+                        }
+                /* ... add other pseudos here ... */
+                else
+                        {
+                        /* At this point we need an ENGINE structural reference
+                         * if we don't already have one.
+                         */
+                        if (!e)
+                                {
+                                e = ENGINE_by_id(name);
+                                if (!e)
+                                        return 0;
+                                }
+                        /* Allow "EMPTY" to mean no value: this allows a valid
+                         * "value" to be passed to ctrls of type NO_INPUT
+                         */
+                        if (!strcmp(ctrlvalue, "EMPTY"))
+                                ctrlvalue = NULL;
+                        else if (!strcmp(ctrlname, "init"))
+                                {
+                                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+                                        goto err;
+                                if (do_init == 1)
+                                        {
+                                        if (!int_engine_init(e))
+                                                goto err;
+                                        }
+                                else if (do_init != 0)
+                                        {
+                                        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
+                                        goto err;
+                                        }
+                                }
+                        else if (!strcmp(ctrlname, "default_algorithms"))
+                                {
+                                if (!ENGINE_set_default_string(e, ctrlvalue))
+                                        goto err;
+                                }
+                        else if (!ENGINE_ctrl_cmd_string(e,
+                                        ctrlname, ctrlvalue, 0))
+                                return 0;
+                        }
+
+
+
+                }
+        if (e && (do_init == -1) && !int_engine_init(e))
+                goto err;
+        ret = 1;
+        err:
+        if (e)
+                ENGINE_free(e);
+        return ret;
+        }
+
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+        {
+        STACK_OF(CONF_VALUE) *elist;
+        CONF_VALUE *cval;
+        int i;
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "Called engine module: name %s, value %s\n",
+                        CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+        /* Value is a section containing ENGINEs to configure */
+        elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+        if (!elist)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
+                return 0;
+                }
+
+        for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
+                {
+                cval = sk_CONF_VALUE_value(elist, i);
+                if (!int_engine_configure(cval->name, cval->value, cnf))
+                        return 0;
+                }
+
+        return 1;
+        }
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+        {
+        ENGINE *e;
+        while ((e = sk_ENGINE_pop(initialized_engines)))
+                ENGINE_finish(e);
+        sk_ENGINE_free(initialized_engines);
+        initialized_engines = NULL;
+        }
+        
+
+void ENGINE_add_conf_module(void)
+        {
+        CONF_module_add("engines",
+                        int_engine_module_init,
+                        int_engine_module_finish);
+        }
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
new file mode 100644
index 0000000000..412c73fb0f
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -0,0 +1,391 @@
+/* crypto/engine/eng_ctrl.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* When querying a ENGINE-specific control command's 'description', this string
+ * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
+static const char *int_no_description = "";
+
+/* These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+        {
+        if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+                return 1;
+        return 0;
+        }
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+        {
+        int idx = 0;
+        while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
+                {
+                idx++;
+                defn++;
+                }
+        if(int_ctrl_cmd_is_null(defn))
+                /* The given name wasn't found */
+                return -1;
+        return idx;
+        }
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+        {
+        int idx = 0;
+        /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+         * our searches don't need to take any longer than necessary. */
+        while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
+                {
+                idx++;
+                defn++;
+                }
+        if(defn->cmd_num == num)
+                return idx;
+        /* The given cmd_num wasn't found */
+        return -1;
+        }
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int idx;
+        char *s = (char *)p;
+        /* Take care of the easy one first (eg. it requires no searches) */
+        if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
+                {
+                if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+                        return 0;
+                return e->cmd_defns->cmd_num;
+                }
+        /* One or two commands require that "p" be a valid string buffer */
+        if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+                        (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+                        (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
+                {
+                if(s == NULL)
+                        {
+                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                        return -1;
+                        }
+                }
+        /* Now handle cmd_name -> cmd_num conversion */
+        if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
+                {
+                if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
+                                                e->cmd_defns, s)) < 0))
+                        {
+                        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                                ENGINE_R_INVALID_CMD_NAME);
+                        return -1;
+                        }
+                return e->cmd_defns[idx].cmd_num;
+                }
+        /* For the rest of the commands, the 'long' argument must specify a
+         * valie command number - so we need to conduct a search. */
+        if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+                                        (unsigned int)i)) < 0))
+                {
+                ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+                        ENGINE_R_INVALID_CMD_NUMBER);
+                return -1;
+                }
+        /* Now the logic splits depending on command type */
+        switch(cmd)
+                {
+        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+                idx++;
+                if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
+                        /* end-of-list */
+                        return 0;
+                else
+                        return e->cmd_defns[idx].cmd_num;
+        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+                return strlen(e->cmd_defns[idx].cmd_name);
+        case ENGINE_CTRL_GET_NAME_FROM_CMD:
+                return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
+                                    "%s", e->cmd_defns[idx].cmd_name);
+        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+                if(e->cmd_defns[idx].cmd_desc)
+                        return strlen(e->cmd_defns[idx].cmd_desc);
+                return strlen(int_no_description);
+        case ENGINE_CTRL_GET_DESC_FROM_CMD:
+                if(e->cmd_defns[idx].cmd_desc)
+                        return BIO_snprintf(s,
+                                            strlen(e->cmd_defns[idx].cmd_desc) + 1,
+                                            "%s", e->cmd_defns[idx].cmd_desc);
+                return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
+                                    int_no_description);
+        case ENGINE_CTRL_GET_CMD_FLAGS:
+                return e->cmd_defns[idx].cmd_flags;
+                }
+        /* Shouldn't really be here ... */
+        ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
+        return -1;
+        }
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int ctrl_exists, ref_exists;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+        if(!ref_exists)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+                return 0;
+                }
+        /* Intercept any "root-level" commands before trying to hand them on to
+         * ctrl() handlers. */
+        switch(cmd)
+                {
+        case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+                return ctrl_exists;
+        case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+        case ENGINE_CTRL_GET_CMD_FROM_NAME:
+        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+        case ENGINE_CTRL_GET_NAME_FROM_CMD:
+        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+        case ENGINE_CTRL_GET_DESC_FROM_CMD:
+        case ENGINE_CTRL_GET_CMD_FLAGS:
+                if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+                        return int_ctrl_helper(e,cmd,i,p,f);
+                if(!ctrl_exists)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+                        /* For these cmd-related functions, failure is indicated
+                         * by a -1 return value (because 0 is used as a valid
+                         * return in some places). */
+                        return -1;
+                        }
+        default:
+                break;
+                }
+        /* Anything else requires a ctrl() handler to exist. */
+        if(!ctrl_exists)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+                return 0;
+                }
+        return e->ctrl(e, cmd, i, p, f);
+        }
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+        {
+        int flags;
+        if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+                        ENGINE_R_INVALID_CMD_NUMBER);
+                return 0;
+                }
+        if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+                        !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+                        !(flags & ENGINE_CMD_FLAG_STRING))
+                return 0;
+        return 1;
+        }
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional)
+        {
+        int num;
+
+        if((e == NULL) || (cmd_name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                        ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                        0, (void *)cmd_name, NULL)) <= 0))
+                {
+                /* If the command didn't *have* to be supported, we fake
+                 * success. This allows certain settings to be specified for
+                 * multiple ENGINEs and only require a change of ENGINE id
+                 * (without having to selectively apply settings). Eg. changing
+                 * from a hardware device back to the regular software ENGINE
+                 * without editing the config file, etc. */
+                if(cmd_optional)
+                        {
+                        ERR_clear_error();
+                        return 1;
+                        }
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
+                        ENGINE_R_INVALID_CMD_NAME);
+                return 0;
+                }
+        /* Force the result of the control command to 0 or 1, for the reasons
+         * mentioned before. */
+        if (ENGINE_ctrl(e, num, i, p, f))
+                return 1;
+        return 0;
+        }
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                                int cmd_optional)
+        {
+        int num, flags;
+        long l;
+        char *ptr;
+        if((e == NULL) || (cmd_name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                        ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                        0, (void *)cmd_name, NULL)) <= 0))
+                {
+                /* If the command didn't *have* to be supported, we fake
+                 * success. This allows certain settings to be specified for
+                 * multiple ENGINEs and only require a change of ENGINE id
+                 * (without having to selectively apply settings). Eg. changing
+                 * from a hardware device back to the regular software ENGINE
+                 * without editing the config file, etc. */
+                if(cmd_optional)
+                        {
+                        ERR_clear_error();
+                        return 1;
+                        }
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_INVALID_CMD_NAME);
+                return 0;
+                }
+        if(!ENGINE_cmd_is_executable(e, num))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_CMD_NOT_EXECUTABLE);
+                return 0;
+                }
+        if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
+                {
+                /* Shouldn't happen, given that ENGINE_cmd_is_executable()
+                 * returned success. */
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                return 0;
+                }
+        /* If the command takes no input, there must be no input. And vice
+         * versa. */
+        if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+                {
+                if(arg != NULL)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                                ENGINE_R_COMMAND_TAKES_NO_INPUT);
+                        return 0;
+                        }
+                /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
+                 * rather than returning it as "return data". This is to ensure
+                 * usage of these commands is consistent across applications and
+                 * that certain applications don't understand it one way, and
+                 * others another. */
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                        return 1;
+                return 0;
+                }
+        /* So, we require input */
+        if(arg == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_COMMAND_TAKES_INPUT);
+                return 0;
+                }
+        /* If it takes string input, that's easy */
+        if(flags & ENGINE_CMD_FLAG_STRING)
+                {
+                /* Same explanation as above */
+                if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+                        return 1;
+                return 0;
+                }
+        /* If it doesn't take numeric either, then it is unsupported for use in
+         * a config-setting situation, which is what this function is for. This
+         * should never happen though, because ENGINE_cmd_is_executable() was
+         * used. */
+        if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                return 0;
+                }
+        l = strtol(arg, &ptr, 10);
+        if((arg == ptr) || (*ptr != '\0'))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                        ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+                return 0;
+                }
+        /* Force the result of the control command to 0 or 1, for the reasons
+         * mentioned before. */
+        if(ENGINE_ctrl(e, num, l, NULL, NULL))
+                return 1;
+        return 0;
+        }
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
new file mode 100644
index 0000000000..4139a16e76
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_dyn.c
@@ -0,0 +1,460 @@
+/* crypto/engine/eng_dyn.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+
+/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
+ * should implement the hook-up functions with the following prototypes. */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 4)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+        {DYNAMIC_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the new ENGINE shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {DYNAMIC_CMD_NO_VCHECK,
+                "NO_VCHECK",
+                "Specifies to continue even if version checking fails (boolean)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {DYNAMIC_CMD_ID,
+                "ID",
+                "Specifies an ENGINE id name for loading",
+                ENGINE_CMD_FLAG_STRING},
+        {DYNAMIC_CMD_LIST_ADD,
+                "LIST_ADD",
+                "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {DYNAMIC_CMD_LOAD,
+                "LOAD",
+                "Load up the ENGINE specified by other settings",
+                ENGINE_CMD_FLAG_NO_INPUT},
+        {0, NULL, NULL, 0}
+        };
+static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
+        {0, NULL, NULL, 0}
+        };
+
+/* Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack. */
+struct st_dynamic_data_ctx
+        {
+        /* The DSO object we load that supplies the ENGINE code */
+        DSO *dynamic_dso;
+        /* The function pointer to the version checking shared library function */
+        dynamic_v_check_fn v_check;
+        /* The function pointer to the engine-binding shared library function */
+        dynamic_bind_engine bind_engine;
+        /* The default name/path for loading the shared library */
+        const char *DYNAMIC_LIBNAME;
+        /* Whether to continue loading on a version check failure */
+        int no_vcheck;
+        /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+        const char *engine_id;
+        /* If non-zero, a successfully loaded ENGINE should be added to the internal
+         * ENGINE list. If 2, the add must succeed or the entire load should fail. */
+        int list_add_value;
+        /* The symbol name for the version checking function */
+        const char *DYNAMIC_F1;
+        /* The symbol name for the "initialise ENGINE structure" function */
+        const char *DYNAMIC_F2;
+        };
+
+/* This is the "ex_data" index we obtain and reserve for use with our context
+ * structure. */
+static int dynamic_ex_data_idx = -1;
+
+/* Because our ex_data element may or may not get allocated depending on whether
+ * a "first-use" occurs before the ENGINE is freed, we have a memory leak
+ * problem to solve. We can't declare a "new" handler for the ex_data as we
+ * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
+ * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
+ * handler and that will get called if an ENGINE is being destroyed and there
+ * was an ex_data element corresponding to our context type. */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+                        CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
+        {
+        if(ptr)
+                {
+                dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+                if(ctx->dynamic_dso)
+                        DSO_free(ctx->dynamic_dso);
+                if(ctx->DYNAMIC_LIBNAME)
+                        OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+                if(ctx->engine_id)
+                        OPENSSL_free((void*)ctx->engine_id);
+                OPENSSL_free(ctx);
+                }
+        }
+
+/* Construct the per-ENGINE context. We create it blindly and then use a lock to
+ * check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse. */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+        {
+        dynamic_data_ctx *c;
+        c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
+        if(!c)
+                {
+                ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        memset(c, 0, sizeof(dynamic_data_ctx));
+        c->dynamic_dso = NULL;
+        c->v_check = NULL;
+        c->bind_engine = NULL;
+        c->DYNAMIC_LIBNAME = NULL;
+        c->no_vcheck = 0;
+        c->engine_id = NULL;
+        c->list_add_value = 0;
+        c->DYNAMIC_F1 = "v_check";
+        c->DYNAMIC_F2 = "bind_engine";
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+                                dynamic_ex_data_idx)) == NULL)
+                {
+                /* Good, we're the first */
+                ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+                *ctx = c;
+                c = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /* If we lost the race to set the context, c is non-NULL and *ctx is the
+         * context of the thread that won. */
+        if(c)
+                OPENSSL_free(c);
+        return 1;
+        }
+
+/* This function retrieves the context structure from an ENGINE's "ex_data", or
+ * if it doesn't exist yet, sets it up. */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+        {
+        dynamic_data_ctx *ctx;
+        if(dynamic_ex_data_idx < 0)
+                {
+                /* Create and register the ENGINE ex_data, and associate our
+                 * "free" function with it to ensure any allocated contexts get
+                 * freed when an ENGINE goes underground. */
+                int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+                                        dynamic_data_ctx_free_func);
+                if(new_idx == -1)
+                        {
+                        ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
+                        return NULL;
+                        }
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                /* Avoid a race by checking again inside this lock */
+                if(dynamic_ex_data_idx < 0)
+                        {
+                        /* Good, someone didn't beat us to it */
+                        dynamic_ex_data_idx = new_idx;
+                        new_idx = -1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                /* In theory we could "give back" the index here if
+                 * (new_idx>-1), but it's not possible and wouldn't gain us much
+                 * if it were. */
+                }
+        ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+        /* Check if the context needs to be created */
+        if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+                /* "set_data" will set errors if necessary */
+                return NULL;
+        return ctx;
+        }
+
+static ENGINE *engine_dynamic(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!ENGINE_set_id(ret, engine_dynamic_id) ||
+                        !ENGINE_set_name(ret, engine_dynamic_name) ||
+                        !ENGINE_set_init_function(ret, dynamic_init) ||
+                        !ENGINE_set_finish_function(ret, dynamic_finish) ||
+                        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+                        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+                        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_dynamic(void)
+        {
+        ENGINE *toadd = engine_dynamic();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        /* If the "add" worked, it gets a structural reference. So either way,
+         * we release our just-created reference. */
+        ENGINE_free(toadd);
+        /* If the "add" didn't work, it was probably a conflict because it was
+         * already added (eg. someone calling ENGINE_load_blah then calling
+         * ENGINE_load_builtin_engines() perhaps). */
+        ERR_clear_error();
+        }
+
+static int dynamic_init(ENGINE *e)
+        {
+        /* We always return failure - the "dyanamic" engine itself can't be used
+         * for anything. */
+        return 0;
+        }
+
+static int dynamic_finish(ENGINE *e)
+        {
+        /* This should never be called on account of "dynamic_init" always
+         * failing. */
+        return 0;
+        }
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+        int initialised;
+        
+        if(!ctx)
+                {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
+                return 0;
+                }
+        initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+        /* All our control commands require the ENGINE to be uninitialised */
+        if(initialised)
+                {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+                        ENGINE_R_ALREADY_LOADED);
+                return 0;
+                }
+        switch(cmd)
+                {
+        case DYNAMIC_CMD_SO_PATH:
+                /* a NULL 'p' or a string of zero-length is the same thing */
+                if(p && (strlen((const char *)p) < 1))
+                        p = NULL;
+                if(ctx->DYNAMIC_LIBNAME)
+                        OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+                if(p)
+                        ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
+                else
+                        ctx->DYNAMIC_LIBNAME = NULL;
+                return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+        case DYNAMIC_CMD_NO_VCHECK:
+                ctx->no_vcheck = ((i == 0) ? 0 : 1);
+                return 1;
+        case DYNAMIC_CMD_ID:
+                /* a NULL 'p' or a string of zero-length is the same thing */
+                if(p && (strlen((const char *)p) < 1))
+                        p = NULL;
+                if(ctx->engine_id)
+                        OPENSSL_free((void*)ctx->engine_id);
+                if(p)
+                        ctx->engine_id = BUF_strdup(p);
+                else
+                        ctx->engine_id = NULL;
+                return (ctx->engine_id ? 1 : 0);
+        case DYNAMIC_CMD_LIST_ADD:
+                if((i < 0) || (i > 2))
+                        {
+                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+                                ENGINE_R_INVALID_ARGUMENT);
+                        return 0;
+                        }
+                ctx->list_add_value = (int)i;
+                return 1;
+        case DYNAMIC_CMD_LOAD:
+                return dynamic_load(e, ctx);
+        default:
+                break;
+                }
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+        {
+        ENGINE cpy;
+        dynamic_fns fns;
+
+        if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL,
+                                ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL))
+                {
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                        ENGINE_R_DSO_NOT_FOUND);
+                return 0;
+                }
+        /* We have to find a bind function otherwise it'll always end badly */
+        if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
+                                        ctx->dynamic_dso, ctx->DYNAMIC_F2)))
+                {
+                ctx->bind_engine = NULL;
+                DSO_free(ctx->dynamic_dso);
+                ctx->dynamic_dso = NULL;
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                        ENGINE_R_DSO_FAILURE);
+                return 0;
+                }
+        /* Do we perform version checking? */
+        if(!ctx->no_vcheck)
+                {
+                unsigned long vcheck_res = 0;
+                /* Now we try to find a version checking function and decide how
+                 * to cope with failure if/when it fails. */
+                ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
+                                ctx->dynamic_dso, ctx->DYNAMIC_F1);
+                if(ctx->v_check)
+                        vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+                /* We fail if the version checker veto'd the load *or* if it is
+                 * deferring to us (by returning its version) and we think it is
+                 * too old. */
+                if(vcheck_res < OSSL_DYNAMIC_OLDEST)
+                        {
+                        /* Fail */
+                        ctx->bind_engine = NULL;
+                        ctx->v_check = NULL;
+                        DSO_free(ctx->dynamic_dso);
+                        ctx->dynamic_dso = NULL;
+                        ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                                ENGINE_R_VERSION_INCOMPATIBILITY);
+                        return 0;
+                        }
+                }
+        /* First binary copy the ENGINE structure so that we can roll back if
+         * the hand-over fails */
+        memcpy(&cpy, e, sizeof(ENGINE));
+        /* Provide the ERR, "ex_data", memory, and locking callbacks so the
+         * loaded library uses our state rather than its own. FIXME: As noted in
+         * engine.h, much of this would be simplified if each area of code
+         * provided its own "summary" structure of all related callbacks. It
+         * would also increase opaqueness. */
+        fns.err_fns = ERR_get_implementation();
+        fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
+        CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
+                                &fns.mem_fns.realloc_cb,
+                                &fns.mem_fns.free_cb);
+        fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
+        fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
+        fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
+        fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
+        fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
+        /* Now that we've loaded the dynamic engine, make sure no "dynamic"
+         * ENGINE elements will show through. */
+        engine_set_all_null(e);
+
+        /* Try to bind the ENGINE onto our own ENGINE structure */
+        if(!ctx->bind_engine(e, ctx->engine_id, &fns))
+                {
+                ctx->bind_engine = NULL;
+                ctx->v_check = NULL;
+                DSO_free(ctx->dynamic_dso);
+                ctx->dynamic_dso = NULL;
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
+                /* Copy the original ENGINE structure back */
+                memcpy(e, &cpy, sizeof(ENGINE));
+                return 0;
+                }
+        /* Do we try to add this ENGINE to the internal list too? */
+        if(ctx->list_add_value > 0)
+                {
+                if(!ENGINE_add(e))
+                        {
+                        /* Do we tolerate this or fail? */
+                        if(ctx->list_add_value > 1)
+                                {
+                                /* Fail - NB: By this time, it's too late to
+                                 * rollback, and trying to do so allows the
+                                 * bind_engine() code to have created leaks. We
+                                 * just have to fail where we are, after the
+                                 * ENGINE has changed. */
+                                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                                        ENGINE_R_CONFLICTING_ENGINE_ID);
+                                return 0;
+                                }
+                        /* Tolerate */
+                        ERR_clear_error();
+                        }
+                }
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
new file mode 100644
index 0000000000..814d95ee32
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -0,0 +1,166 @@
+/* crypto/engine/eng_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ENGINE_str_functs[]=
+        {
+{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0),   "DYNAMIC_CTRL"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0),   "DYNAMIC_GET_DATA_CTX"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0),   "DYNAMIC_LOAD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),     "ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),   "ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0),       "ENGINE_cmd_is_executable"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),    "ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0),        "ENGINE_ctrl_cmd"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),  "ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),    "ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0),      "ENGINE_get_cipher"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0),        "ENGINE_GET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0),      "ENGINE_get_digest"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),        "ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),        "ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),    "ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),        "ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),     "ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),        "ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0),     "ENGINE_MODULE_INIT"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),     "ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),  "ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0),      "ENGINE_set_default_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),        "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),  "ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),        "ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0),  "ENGINE_TABLE_REGISTER"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),      "ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0),  "ENGINE_up_ref"},
+{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),        "INT_CTRL_HELPER"},
+{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0),   "INT_ENGINE_CONFIGURE"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),    "LOG_MESSAGE"},
+{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0),   "SET_DATA_CTX"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA ENGINE_str_reasons[]=
+        {
+{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER       ,"argument is not a number"},
+{ENGINE_R_CMD_NOT_EXECUTABLE             ,"cmd not executable"},
+{ENGINE_R_COMMAND_TAKES_INPUT            ,"command takes input"},
+{ENGINE_R_COMMAND_TAKES_NO_INPUT         ,"command takes no input"},
+{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ENGINE_R_DH_NOT_IMPLEMENTED             ,"dh not implemented"},
+{ENGINE_R_DSA_NOT_IMPLEMENTED            ,"dsa not implemented"},
+{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ENGINE_R_DSO_NOT_FOUND                  ,"dso not found"},
+{ENGINE_R_ENGINES_SECTION_ERROR          ,"engines section error"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ENGINE_R_ENGINE_SECTION_ERROR           ,"engine section error"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_INVALID_ARGUMENT               ,"invalid argument"},
+{ENGINE_R_INVALID_CMD_NAME               ,"invalid cmd name"},
+{ENGINE_R_INVALID_CMD_NUMBER             ,"invalid cmd number"},
+{ENGINE_R_INVALID_INIT_VALUE             ,"invalid init value"},
+{ENGINE_R_INVALID_STRING                 ,"invalid string"},
+{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_INDEX                       ,"no index"},
+{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ENGINE_R_RSA_NOT_IMPLEMENTED            ,"rsa not implemented"},
+{ENGINE_R_UNIMPLEMENTED_CIPHER           ,"unimplemented cipher"},
+{ENGINE_R_UNIMPLEMENTED_DIGEST           ,"unimplemented digest"},
+{ENGINE_R_VERSION_INCOMPATIBILITY        ,"version incompatibility"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
new file mode 100644
index 0000000000..7ccf7022ee
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -0,0 +1,147 @@
+/* crypto/engine/eng_fat.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+        {
+        if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+                return 0;
+        if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
+                return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+        if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
+                return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+        if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
+                return 0;
+#endif
+        if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
+                return 0;
+        return 1;
+        }
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+        {
+        unsigned int *pflags = arg;
+        if (!strncmp(alg, "ALL", len))
+                *pflags |= ENGINE_METHOD_ALL;
+        else if (!strncmp(alg, "RSA", len))
+                *pflags |= ENGINE_METHOD_RSA;
+        else if (!strncmp(alg, "DSA", len))
+                *pflags |= ENGINE_METHOD_DSA;
+        else if (!strncmp(alg, "DH", len))
+                *pflags |= ENGINE_METHOD_DH;
+        else if (!strncmp(alg, "RAND", len))
+                *pflags |= ENGINE_METHOD_RAND;
+        else if (!strncmp(alg, "CIPHERS", len))
+                *pflags |= ENGINE_METHOD_CIPHERS;
+        else if (!strncmp(alg, "DIGESTS", len))
+                *pflags |= ENGINE_METHOD_DIGESTS;
+        else
+                return 0;
+        return 1;
+        }
+
+
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
+        {
+        unsigned int flags = 0;
+        if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+                                        ENGINE_R_INVALID_STRING);
+                ERR_add_error_data(2, "str=",def_list);
+                return 0;
+                }
+        return ENGINE_set_default(e, flags);
+        }
+
+int ENGINE_register_complete(ENGINE *e)
+        {
+        ENGINE_register_ciphers(e);
+        ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+        ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+        ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+        ENGINE_register_DH(e);
+#endif
+        ENGINE_register_RAND(e);
+        return 1;
+        }
+
+int ENGINE_register_all_complete(void)
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_complete(e);
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
new file mode 100644
index 0000000000..170c1791b3
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_init.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_init.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). This version is only used internally. */
+int engine_unlocked_init(ENGINE *e)
+        {
+        int to_return = 1;
+
+        if((e->funct_ref == 0) && e->init)
+                /* This is the first functional reference and the engine
+                 * requires initialisation so we do it now. */
+                to_return = e->init(e);
+        if(to_return)
+                {
+                /* OK, we return a functional reference which is also a
+                 * structural reference. */
+                e->struct_ref++;
+                e->funct_ref++;
+                engine_ref_debug(e, 0, 1)
+                engine_ref_debug(e, 1, 1)
+                }
+        return to_return;
+        }
+
+/* Free a functional reference to a engine type. This version is only used
+ * internally. */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+        {
+        int to_return = 1;
+
+        /* Reduce the functional reference count here so if it's the terminating
+         * case, we can release the lock safely and call the finish() handler
+         * without risk of a race. We get a race if we leave the count until
+         * after and something else is calling "finish" at the same time -
+         * there's a chance that both threads will together take the count from
+         * 2 to 0 without either calling finish(). */
+        e->funct_ref--;
+        engine_ref_debug(e, 1, -1);
+        if((e->funct_ref == 0) && e->finish)
+                {
+                if(unlock_for_handlers)
+                        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                to_return = e->finish(e);
+                if(unlock_for_handlers)
+                        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if(!to_return)
+                        return 0;
+                }
+#ifdef REF_CHECK
+        if(e->funct_ref < 0)
+                {
+                fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
+                abort();
+                }
+#endif
+        /* Release the structural reference too */
+        if(!engine_free_util(e, 0))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+                return 0;
+                }
+        return to_return;
+        }
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+        {
+        int ret;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ret = engine_unlocked_init(e);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+        {
+        int to_return = 1;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        to_return = engine_unlocked_finish(e, 1);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if(!to_return)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+                return 0;
+                }
+        return to_return;
+        }
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
new file mode 100644
index 0000000000..38335f99cd
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_int.h
@@ -0,0 +1,185 @@
+/* crypto/engine/eng_int.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+#define HEADER_ENGINE_INT_H
+
+/* Take public definitions from engine.h */
+#include <openssl/engine.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for each
+ * change. This prints the engine's pointer address (truncated to unsigned int),
+ * "struct" or "funct" to indicate the reference type, the before and after
+ * reference count, and the file:line-number pair. The "engine_ref_debug"
+ * statements must come *after* the change. */
+#ifdef ENGINE_REF_COUNT_DEBUG
+
+#define engine_ref_debug(e, isfunct, diff) \
+        fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+                (unsigned int)(e), (isfunct ? "funct" : "struct"), \
+                ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+                ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+                (__FILE__), (__LINE__));
+
+#else
+
+#define engine_ref_debug(e, isfunct, diff)
+
+#endif
+
+/* Any code that will need cleanup operations should use these functions to
+ * register callbacks. ENGINE_cleanup() will call all registered callbacks in
+ * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
+ * held (in "write" mode). */
+typedef void (ENGINE_CLEANUP_CB)(void);
+typedef struct st_engine_cleanup_item
+        {
+        ENGINE_CLEANUP_CB *cb;
+        } ENGINE_CLEANUP_ITEM;
+DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DECLARE_STACK_OF(ENGINE)
+
+/* If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
+ * functional references (etc), will display debugging summaries to stderr. */
+/* #define ENGINE_TABLE_DEBUG */
+
+/* This represents an implementation table. Dependent code should instantiate it
+ * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                ENGINE *e, const int *nids, int num_nids, int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
+#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+#endif
+
+/* Internal versions of API functions that have control over locking. These are
+ * used between C files when functionality needs to be shared but the caller may
+ * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int locked);
+
+/* This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all the
+ * ENGINE_set_***() functions with a NULL value. */
+void engine_set_all_null(ENGINE *e);
+
+/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
+ * in engine.h. */
+
+/* This is a structure for storing implementations of various crypto
+ * algorithms and functions. */
+struct engine_st
+        {
+        const char *id;
+        const char *name;
+        const RSA_METHOD *rsa_meth;
+        const DSA_METHOD *dsa_meth;
+        const DH_METHOD *dh_meth;
+        const RAND_METHOD *rand_meth;
+        /* Cipher handling is via this callback */
+        ENGINE_CIPHERS_PTR ciphers;
+        /* Digest handling is via this callback */
+        ENGINE_DIGESTS_PTR digests;
+
+
+        ENGINE_GEN_INT_FUNC_PTR destroy;
+
+        ENGINE_GEN_INT_FUNC_PTR init;
+        ENGINE_GEN_INT_FUNC_PTR finish;
+        ENGINE_CTRL_FUNC_PTR ctrl;
+        ENGINE_LOAD_KEY_PTR load_privkey;
+        ENGINE_LOAD_KEY_PTR load_pubkey;
+
+        const ENGINE_CMD_DEFN *cmd_defns;
+        int flags;
+        /* reference count on the structure itself */
+        int struct_ref;
+        /* reference count on usability of the engine type. NB: This
+         * controls the loading and initialisation of any functionlity
+         * required by this engine, whereas the previous count is
+         * simply to cope with (de)allocation of this structure. Hence,
+         * running_ref <= struct_ref at all times. */
+        int funct_ref;
+        /* A place to store per-ENGINE data */
+        CRYPTO_EX_DATA ex_data;
+        /* Used to maintain the linked-list of engines. */
+        struct engine_st *prev;
+        struct engine_st *next;
+        };
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
new file mode 100644
index 0000000000..a66d0f08af
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_lib.c
@@ -0,0 +1,321 @@
+/* crypto/engine/eng_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
+#include <openssl/engine.h>
+
+/* The "new"/"free" stuff first */
+
+ENGINE *ENGINE_new(void)
+        {
+        ENGINE *ret;
+
+        ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+        if(ret == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        memset(ret, 0, sizeof(ENGINE));
+        ret->struct_ref = 1;
+        engine_ref_debug(ret, 0, 1)
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+        return ret;
+        }
+
+/* Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here. */
+void engine_set_all_null(ENGINE *e)
+        {
+        e->id = NULL;
+        e->name = NULL;
+        e->rsa_meth = NULL;
+        e->dsa_meth = NULL;
+        e->dh_meth = NULL;
+        e->rand_meth = NULL;
+        e->ciphers = NULL;
+        e->digests = NULL;
+        e->destroy = NULL;
+        e->init = NULL;
+        e->finish = NULL;
+        e->ctrl = NULL;
+        e->load_privkey = NULL;
+        e->load_pubkey = NULL;
+        e->cmd_defns = NULL;
+        e->flags = 0;
+        }
+
+int engine_free_util(ENGINE *e, int locked)
+        {
+        int i;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_FREE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if(locked)
+                i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+        else
+                i = --e->struct_ref;
+        engine_ref_debug(e, 0, -1)
+        if (i > 0) return 1;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ENGINE_free, bad structural reference count\n");
+                abort();
+                }
+#endif
+        /* Give the ENGINE a chance to do any structural cleanup corresponding
+         * to allocation it did in its constructor (eg. unload error strings) */
+        if(e->destroy)
+                e->destroy(e);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+        OPENSSL_free(e);
+        return 1;
+        }
+
+int ENGINE_free(ENGINE *e)
+        {
+        return engine_free_util(e, 1);
+        }
+
+/* Cleanup stuff */
+
+/* ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get linker
+ * bloat by referring to all *possible* cleanups, but any linker bloat into code
+ * "X" will cause X's cleanup function to end up here. */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+        {
+        if(cleanup_stack) return 1;
+        if(!create) return 0;
+        cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+        return (cleanup_stack ? 1 : 0);
+        }
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+        {
+        ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
+                                        ENGINE_CLEANUP_ITEM));
+        if(!item) return NULL;
+        item->cb = cb;
+        return item;
+        }
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+        {
+        ENGINE_CLEANUP_ITEM *item;
+        if(!int_cleanup_check(1)) return;
+        item = int_cleanup_item(cb);
+        if(item)
+                sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+        }
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+        {
+        ENGINE_CLEANUP_ITEM *item;
+        if(!int_cleanup_check(1)) return;
+        item = int_cleanup_item(cb);
+        if(item)
+                sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+        }
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+        {
+        (*(item->cb))();
+        OPENSSL_free(item);
+        }
+void ENGINE_cleanup(void)
+        {
+        if(int_cleanup_check(0))
+                {
+                sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+                        engine_cleanup_cb_free);
+                cleanup_stack = NULL;
+                }
+        /* FIXME: This should be handled (somehow) through RAND, eg. by it
+         * registering a cleanup callback. */
+        RAND_set_rand_method(NULL);
+        }
+
+/* Now the "ex_data" support */
+
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+                        new_func, dup_func, free_func);
+        }
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+        }
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+        {
+        return(CRYPTO_get_ex_data(&e->ex_data, idx));
+        }
+
+/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself. */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+        {
+        if(id == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_ID,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->id = id;
+        return 1;
+        }
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+        {
+        if(name == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        e->name = name;
+        return 1;
+        }
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+        {
+        e->destroy = destroy_f;
+        return 1;
+        }
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+        {
+        e->init = init_f;
+        return 1;
+        }
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+        {
+        e->finish = finish_f;
+        return 1;
+        }
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+        {
+        e->ctrl = ctrl_f;
+        return 1;
+        }
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+        {
+        e->flags = flags;
+        return 1;
+        }
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+        {
+        e->cmd_defns = defns;
+        return 1;
+        }
+
+const char *ENGINE_get_id(const ENGINE *e)
+        {
+        return e->id;
+        }
+
+const char *ENGINE_get_name(const ENGINE *e)
+        {
+        return e->name;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+        {
+        return e->destroy;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+        {
+        return e->init;
+        }
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+        {
+        return e->finish;
+        }
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+        {
+        return e->ctrl;
+        }
+
+int ENGINE_get_flags(const ENGINE *e)
+        {
+        return e->flags;
+        }
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+        {
+        return e->cmd_defns;
+        }
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
new file mode 100644
index 0000000000..1cc3217f4c
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -0,0 +1,394 @@
+/* crypto/engine/eng_list.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* The linked-list of pointers to engine types. engine_list_head
+ * incorporates an implicit structural reference but engine_list_tail
+ * does not - the latter is a computational niceity and only points
+ * to something that is already pointed to by its predecessor in the
+ * list (or engine_list_head itself). In the same way, the use of the
+ * "prev" pointer in each ENGINE is to save excessive list iteration,
+ * it doesn't correspond to an extra structural reference. Hence,
+ * engine_list_head, and each non-null "next" pointer account for
+ * the list itself assuming exactly 1 structural reference on each
+ * list member. */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/* This cleanup function is only needed internally. If it should be called, we
+ * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
+
+static void engine_list_cleanup(void)
+        {
+        ENGINE *iterator = engine_list_head;
+
+        while(iterator != NULL)
+                {
+                ENGINE_remove(iterator);
+                iterator = engine_list_head;
+                }
+        return;
+        }
+
+/* These static functions starting with a lower case "engine_" always
+ * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+static int engine_list_add(ENGINE *e)
+        {
+        int conflict = 0;
+        ENGINE *iterator = NULL;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        iterator = engine_list_head;
+        while(iterator && !conflict)
+                {
+                conflict = (strcmp(iterator->id, e->id) == 0);
+                iterator = iterator->next;
+                }
+        if(conflict)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                        ENGINE_R_CONFLICTING_ENGINE_ID);
+                return 0;
+                }
+        if(engine_list_head == NULL)
+                {
+                /* We are adding to an empty list. */
+                if(engine_list_tail)
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                                ENGINE_R_INTERNAL_LIST_ERROR);
+                        return 0;
+                        }
+                engine_list_head = e;
+                e->prev = NULL;
+                /* The first time the list allocates, we should register the
+                 * cleanup. */
+                engine_cleanup_add_last(engine_list_cleanup);
+                }
+        else
+                {
+                /* We are adding to the tail of an existing list. */
+                if((engine_list_tail == NULL) ||
+                                (engine_list_tail->next != NULL))
+                        {
+                        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+                                ENGINE_R_INTERNAL_LIST_ERROR);
+                        return 0;
+                        }
+                engine_list_tail->next = e;
+                e->prev = engine_list_tail;
+                }
+        /* Having the engine in the list assumes a structural
+         * reference. */
+        e->struct_ref++;
+        engine_ref_debug(e, 0, 1)
+        /* However it came to be, e is the last item in the list. */
+        engine_list_tail = e;
+        e->next = NULL;
+        return 1;
+        }
+
+static int engine_list_remove(ENGINE *e)
+        {
+        ENGINE *iterator;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        /* We need to check that e is in our linked list! */
+        iterator = engine_list_head;
+        while(iterator && (iterator != e))
+                iterator = iterator->next;
+        if(iterator == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                        ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+                return 0;
+                }
+        /* un-link e from the chain. */
+        if(e->next)
+                e->next->prev = e->prev;
+        if(e->prev)
+                e->prev->next = e->next;
+        /* Correct our head/tail if necessary. */
+        if(engine_list_head == e)
+                engine_list_head = e->next;
+        if(engine_list_tail == e)
+                engine_list_tail = e->prev;
+        engine_free_util(e, 0);
+        return 1;
+        }
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+        {
+        ENGINE *ret;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ret = engine_list_head;
+        if(ret)
+                {
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+ENGINE *ENGINE_get_last(void)
+        {
+        ENGINE *ret;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ret = engine_list_tail;
+        if(ret)
+                {
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+        {
+        ENGINE *ret = NULL;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ret = e->next;
+        if(ret)
+                {
+                /* Return a valid structural refernce to the next ENGINE */
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /* Release the structural reference to the previous ENGINE */
+        ENGINE_free(e);
+        return ret;
+        }
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+        {
+        ENGINE *ret = NULL;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        ret = e->prev;
+        if(ret)
+                {
+                /* Return a valid structural reference to the next ENGINE */
+                ret->struct_ref++;
+                engine_ref_debug(ret, 0, 1)
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /* Release the structural reference to the previous ENGINE */
+        ENGINE_free(e);
+        return ret;
+        }
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+        {
+        int to_return = 1;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if((e->id == NULL) || (e->name == NULL))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ENGINE_R_ID_OR_NAME_MISSING);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!engine_list_add(e))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_ADD,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                to_return = 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return to_return;
+        }
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+        {
+        int to_return = 1;
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!engine_list_remove(e))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+                        ENGINE_R_INTERNAL_LIST_ERROR);
+                to_return = 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return to_return;
+        }
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+        {
+        dest->id = src->id;
+        dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+        dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+        dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+        dest->dh_meth = src->dh_meth;
+#endif
+        dest->rand_meth = src->rand_meth;
+        dest->ciphers = src->ciphers;
+        dest->digests = src->digests;
+        dest->destroy = src->destroy;
+        dest->init = src->init;
+        dest->finish = src->finish;
+        dest->ctrl = src->ctrl;
+        dest->load_privkey = src->load_privkey;
+        dest->load_pubkey = src->load_pubkey;
+        dest->cmd_defns = src->cmd_defns;
+        dest->flags = src->flags;
+        }
+
+ENGINE *ENGINE_by_id(const char *id)
+        {
+        ENGINE *iterator;
+        if(id == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        iterator = engine_list_head;
+        while(iterator && (strcmp(id, iterator->id) != 0))
+                iterator = iterator->next;
+        if(iterator)
+                {
+                /* We need to return a structural reference. If this is an
+                 * ENGINE type that returns copies, make a duplicate - otherwise
+                 * increment the existing ENGINE's reference count. */
+                if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
+                        {
+                        ENGINE *cp = ENGINE_new();
+                        if(!cp)
+                                iterator = NULL;
+                        else
+                                {
+                                engine_cpy(cp, iterator);
+                                iterator = cp;
+                                }
+                        }
+                else
+                        {
+                        iterator->struct_ref++;
+                        engine_ref_debug(iterator, 0, 1)
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if(iterator == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+                        ENGINE_R_NO_SUCH_ENGINE);
+                ERR_add_error_data(2, "id=", id);
+                }
+        return iterator;
+        }
+
+int ENGINE_up_ref(ENGINE *e)
+        {
+        if (e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
new file mode 100644
index 0000000000..54579eea2e
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_openssl.c
@@ -0,0 +1,361 @@
+/* crypto/engine/eng_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+/* This testing gunk is implemented (and explained) lower down. It also assumes
+ * the application explicitly calls "ENGINE_load_openssl()" because this is no
+ * longer automatic in ENGINE_load_builtin_engines(). */
+#define TEST_ENG_OPENSSL_RC4
+#define TEST_ENG_OPENSSL_PKEY
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#define TEST_ENG_OPENSSL_RC4_P_INIT
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+#undef TEST_ENG_OPENSSL_RC4
+#undef TEST_ENG_OPENSSL_RC4_OTHERS
+#undef TEST_ENG_OPENSSL_RC4_P_INIT
+#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
+#undef TEST_ENG_OPENSSL_SHA
+#undef TEST_ENG_OPENSSL_SHA_OTHERS
+#undef TEST_ENG_OPENSSL_SHA_P_INIT
+#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
+#undef TEST_ENG_OPENSSL_SHA_P_FINAL 
+#endif
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                                const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                                const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/* This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+        if(!ENGINE_set_id(e, engine_openssl_id)
+                        || !ENGINE_set_name(e, engine_openssl_name)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+#ifndef OPENSSL_NO_RSA
+                        || !ENGINE_set_RSA(e, RSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_DSA
+                        || !ENGINE_set_DSA(e, DSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_DH
+                        || !ENGINE_set_DH(e, DH_get_default_method())
+#endif
+                        || !ENGINE_set_RAND(e, RAND_SSLeay())
+#ifdef TEST_ENG_OPENSSL_RC4
+                        || !ENGINE_set_ciphers(e, openssl_ciphers)
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+                        || !ENGINE_set_digests(e, openssl_digests)
+#endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+                        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+                        )
+                return 0;
+        /* If we add errors to this ENGINE, ensure the error handling is setup here */
+        /* openssl_load_error_strings(); */
+        return 1;
+        }
+
+static ENGINE *engine_openssl(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void ENGINE_load_openssl(void)
+        {
+        ENGINE *toadd = engine_openssl();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        /* If the "add" worked, it gets a structural reference. So either way,
+         * we release our just-created reference. */
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_openssl_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#ifdef TEST_ENG_OPENSSL_RC4
+/* This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ *        we're asked for a cipher we don't support (should not happen).
+ *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ *        the "init_key" handler is called.
+ *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+#include <openssl/rc4.h>
+#define TEST_RC4_KEY_SIZE               16
+static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
+static int test_cipher_nids_number = 2;
+typedef struct {
+        unsigned char key[TEST_RC4_KEY_SIZE];
+        RC4_KEY ks;
+        } TEST_RC4_KEY;
+#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+        {
+#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+#endif
+        memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
+        RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+                test(ctx)->key);
+        return 1;
+        }
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, unsigned int inl)
+        {
+#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+#endif
+        RC4(&test(ctx)->ks,inl,in,out);
+        return 1;
+        }
+static const EVP_CIPHER test_r4_cipher=
+        {
+        NID_rc4,
+        1,TEST_RC4_KEY_SIZE,0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        test_rc4_init_key,
+        test_rc4_cipher,
+        NULL,
+        sizeof(TEST_RC4_KEY),
+        NULL,
+        NULL,
+        NULL
+        };
+static const EVP_CIPHER test_r4_40_cipher=
+        {
+        NID_rc4_40,
+        1,5 /* 40 bit */,0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        test_rc4_init_key,
+        test_rc4_cipher,
+        NULL,
+        sizeof(TEST_RC4_KEY),
+        NULL, 
+        NULL,
+        NULL
+        };
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                        const int **nids, int nid)
+        {
+        if(!cipher)
+                {
+                /* We are returning a list of supported nids */
+                *nids = test_cipher_nids;
+                return test_cipher_nids_number;
+                }
+        /* We are being asked for a specific cipher */
+        if(nid == NID_rc4)
+                *cipher = &test_r4_cipher;
+        else if(nid == NID_rc4_40)
+                *cipher = &test_r4_40_cipher;
+        else
+                {
+#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+                fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+                                "nid %d\n", nid);
+#endif
+                *cipher = NULL;
+                return 0;
+                }
+        return 1;
+        }
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+#include <openssl/sha.h>
+static int test_digest_nids[] = {NID_sha1};
+static int test_digest_nids_number = 1;
+static int test_sha1_init(EVP_MD_CTX *ctx)
+        {
+#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+#endif
+        return SHA1_Init(ctx->md_data);
+        }
+static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        {
+#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+#endif
+        return SHA1_Update(ctx->md_data,data,count);
+        }
+static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
+        {
+#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+#endif
+        return SHA1_Final(md,ctx->md_data);
+        }
+static const EVP_MD test_sha_md=
+        {
+        NID_sha1,
+        NID_sha1WithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        0,
+        test_sha1_init,
+        test_sha1_update,
+        test_sha1_final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                        const int **nids, int nid)
+        {
+        if(!digest)
+                {
+                /* We are returning a list of supported nids */
+                *nids = test_digest_nids;
+                return test_digest_nids_number;
+                }
+        /* We are being asked for a specific digest */
+        if(nid == NID_sha1)
+                *digest = &test_sha_md;
+        else
+                {
+#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+                fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+                                "nid %d\n", nid);
+#endif
+                *digest = NULL;
+                return 0;
+                }
+        return 1;
+        }
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        BIO *in;
+        EVP_PKEY *key;
+        fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
+        in = BIO_new_file(key_id, "r");
+        if (!in)
+                return NULL;
+        key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+        BIO_free(in);
+        return key;
+        }
+#endif
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
new file mode 100644
index 0000000000..8c69171511
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_pkey.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_pkey.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
+        {
+        e->load_privkey = loadpriv_f;
+        return 1;
+        }
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+        {
+        e->load_pubkey = loadpub_f;
+        return 1;
+        }
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+        {
+        return e->load_privkey;
+        }
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+        {
+        return e->load_pubkey;
+        }
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        EVP_PKEY *pkey;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->funct_ref == 0)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_NOT_INITIALISED);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if (!e->load_privkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_NO_LOAD_FUNCTION);
+                return 0;
+                }
+        pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+        if (!pkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                        ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                return 0;
+                }
+        return pkey;
+        }
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        EVP_PKEY *pkey;
+
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->funct_ref == 0)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_NOT_INITIALISED);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if (!e->load_pubkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_NO_LOAD_FUNCTION);
+                return 0;
+                }
+        pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+        if (!pkey)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                        ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                return 0;
+                }
+        return pkey;
+        }
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
new file mode 100644
index 0000000000..c69a84a8bf
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_table.c
@@ -0,0 +1,361 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
+ * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
+ * pointers. These pointers aren't references, because they're inserted and
+ * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
+ * that *exist* (ie. have a structural reference count greater than zero) rather
+ * than ENGINEs that are *functional*. Each pointer in those stacks are to
+ * ENGINEs that implements the algorithm corresponding to each 'nid'. */
+
+/* The type of the items in the table */
+typedef struct st_engine_pile
+        {
+        /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
+         * */
+        int nid;
+        /* A stack of ENGINE pointers for ENGINEs that support this
+         * algorithm/mode. In the event that 'funct' is NULL, the first entry in
+         * this stack that initialises will be set as 'funct' and assumed as the
+         * default for operations of this type. */
+        STACK_OF(ENGINE) *sk;
+        /* The default ENGINE to perform this algorithm/mode. */
+        ENGINE *funct;
+        /* This value optimises engine_table_select(). If it is called it sets
+         * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
+         * As such, no ENGINE_init() thrashing is done unless ENGINEs
+         * continually register (and/or unregister). */
+        int uptodate;
+        } ENGINE_PILE;
+
+/* The type of the hash table of ENGINE_PILE structures such that each are
+ * unique and keyed by the 'nid' value. */
+struct st_engine_table
+        {
+        LHASH piles;
+        }; /* ENGINE_TABLE */
+
+/* This value stores global options controlling behaviour of (mostly) the
+ * engine_table_select() function. It's a bitmask of flag values of the form
+ * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
+ * ENGINE_[get|set]_table_flags() function. */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+        {
+        return table_flags;
+        }
+void ENGINE_set_table_flags(unsigned int flags)
+        {
+        table_flags = flags;
+        }
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+        {
+        return c->nid;
+        }
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+        {
+        return a->nid - b->nid;
+        }
+static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static int int_table_check(ENGINE_TABLE **t, int create)
+        {
+        LHASH *lh;
+        if(*t)
+                return 1;
+        if(!create)
+                return 0;
+        if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+                        LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+                return 0;
+        *t = (ENGINE_TABLE *)lh;
+        return 1;
+        }
+
+/* Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                ENGINE *e, const int *nids, int num_nids, int setdefault)
+        {
+        int ret = 0, added = 0;
+        ENGINE_PILE tmplate, *fnd;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(!(*table))
+                added = 1;
+        if(!int_table_check(table, 1))
+                goto end;
+        if(added)
+                /* The cleanup callback needs to be added */
+                engine_cleanup_add_first(cleanup);
+        while(num_nids--)
+                {
+                tmplate.nid = *nids;
+                fnd = lh_retrieve(&(*table)->piles, &tmplate);
+                if(!fnd)
+                        {
+                        fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+                        if(!fnd)
+                                goto end;
+                        fnd->uptodate = 1;
+                        fnd->nid = *nids;
+                        fnd->sk = sk_ENGINE_new_null();
+                        if(!fnd->sk)
+                                {
+                                OPENSSL_free(fnd);
+                                goto end;
+                                }
+                        fnd->funct= NULL;
+                        lh_insert(&(*table)->piles, fnd);
+                        }
+                /* A registration shouldn't add duplciate entries */
+                sk_ENGINE_delete_ptr(fnd->sk, e);
+                /* if 'setdefault', this ENGINE goes to the head of the list */
+                if(!sk_ENGINE_push(fnd->sk, e))
+                        goto end;
+                /* "touch" this ENGINE_PILE */
+                fnd->uptodate = 0;
+                if(setdefault)
+                        {
+                        if(!engine_unlocked_init(e))
+                                {
+                                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+                                                ENGINE_R_INIT_FAILED);
+                                goto end;
+                                }
+                        if(fnd->funct)
+                                engine_unlocked_finish(fnd->funct, 0);
+                        fnd->funct = e;
+                        }
+                nids++;
+                }
+        ret = 1;
+end:
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return ret;
+        }
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+        {
+        int n;
+        /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+        while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
+                {
+                sk_ENGINE_delete(pile->sk, n);
+                /* "touch" this ENGINE_CIPHER */
+                pile->uptodate = 0;
+                }
+        if(pile->funct == e)
+                {
+                engine_unlocked_finish(e, 0);
+                pile->funct = NULL;
+                }
+        }
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(int_table_check(table, 0))
+                lh_doall_arg(&(*table)->piles,
+                        LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        }
+
+static void int_cleanup_cb(ENGINE_PILE *p)
+        {
+        sk_ENGINE_free(p->sk);
+        if(p->funct)
+                engine_unlocked_finish(p->funct, 0);
+        OPENSSL_free(p);
+        }
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+void engine_table_cleanup(ENGINE_TABLE **table)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(*table)
+                {
+                lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+                lh_free(&(*table)->piles);
+                *table = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
+#endif
+        {
+        ENGINE *ret = NULL;
+        ENGINE_PILE tmplate, *fnd=NULL;
+        int initres, loop = 0;
+
+        /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
+         * ENGINEs have registered any implementations! */
+        if(!(*table))
+                {
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                        "registered for anything!\n", f, l, nid);
+#endif
+                return NULL;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        /* Check again inside the lock otherwise we could race against cleanup
+         * operations. But don't worry about a fprintf(stderr). */
+        if(!int_table_check(table, 0))
+                goto end;
+        tmplate.nid = nid;
+        fnd = lh_retrieve(&(*table)->piles, &tmplate);
+        if(!fnd)
+                goto end;
+        if(fnd->funct && engine_unlocked_init(fnd->funct))
+                {
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                        "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+                ret = fnd->funct;
+                goto end;
+                }
+        if(fnd->uptodate)
+                {
+                ret = fnd->funct;
+                goto end;
+                }
+trynext:
+        ret = sk_ENGINE_value(fnd->sk, loop++);
+        if(!ret)
+                {
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                                "registered implementations would initialise\n",
+                                f, l, nid);
+#endif
+                goto end;
+                }
+#if 0
+        /* Don't need to get a reference if we hold the lock. If the locking has
+         * to change in future, that would be different ... */
+        ret->struct_ref++; engine_ref_debug(ret, 0, 1)
+#endif
+        /* Try and initialise the ENGINE if it's already functional *or* if the
+         * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
+        if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+                initres = engine_unlocked_init(ret);
+        else
+                initres = 0;
+#if 0
+        /* Release the structural reference */
+        ret->struct_ref--; engine_ref_debug(ret, 0, -1);
+#endif
+        if(initres)
+                {
+                /* If we didn't have a default (functional reference) for this
+                 * 'nid' (or we had one but for whatever reason we're now
+                 * initialising a different one), use this opportunity to set
+                 * 'funct'. */
+                if((fnd->funct != ret) && engine_unlocked_init(ret))
+                        {
+                        /* If there was a previous default we release it. */
+                        if(fnd->funct)
+                                engine_unlocked_finish(fnd->funct, 0);
+                        /* We got an extra functional reference for the
+                         * per-'nid' default */
+                        fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+                        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+                                "setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+                        }
+#ifdef ENGINE_TABLE_DEBUG
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                                "newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+                goto end;
+                }
+        goto trynext;
+end:
+        /* Whatever happened - we should "untouch" our uptodate file seeing as
+         * we have tried our best to find a functional reference for 'nid'. If
+         * it failed, it is unlikely to succeed again until some future
+         * registrations (or unregistrations) have taken place that affect that
+         * 'nid'. */
+        if(fnd)
+                fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+        if(ret)
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                                "ENGINE '%s'\n", f, l, nid, ret->id);
+        else
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                                "'no matching ENGINE'\n", f, l, nid);
+#endif
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /* Whatever happened, any failed init()s are not failures in this
+         * context, so clear our error state. */
+        ERR_clear_error();
+        return ret;
+        }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
new file mode 100644
index 0000000000..900f75ce8d
--- /dev/null
+++ b/src/lib/libcrypto/engine/engine.h
@@ -0,0 +1,729 @@
+/* openssl/engine.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ENGINE_H
+#define HEADER_ENGINE_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_ENGINE
+#error ENGINE is disabled.
+#endif
+
+#include <openssl/ossl_typ.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/ui.h>
+#include <openssl/symhacks.h>
+#include <openssl/err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Fixups for missing algorithms */
+#ifdef OPENSSL_NO_RSA
+typedef void RSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DSA
+typedef void DSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DH
+typedef void DH_METHOD;
+#endif
+
+/* These flags are used to control combinations of algorithm (methods)
+ * by bitwise "OR"ing. */
+#define ENGINE_METHOD_RSA               (unsigned int)0x0001
+#define ENGINE_METHOD_DSA               (unsigned int)0x0002
+#define ENGINE_METHOD_DH                (unsigned int)0x0004
+#define ENGINE_METHOD_RAND              (unsigned int)0x0008
+#define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
+#define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
+/* Obvious all-or-nothing cases. */
+#define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+#define ENGINE_METHOD_NONE              (unsigned int)0x0000
+
+/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be set
+ * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised. */
+#define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* #define ENGINE_FLAGS_MALLOCED        0x0001 */ /* Not used */
+
+/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles these
+ * control commands on behalf of the ENGINE using their "cmd_defns" data. */
+#define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
+
+/* This flag is for ENGINEs who return new duplicate structures when found via
+ * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
+ * commands are called in sequence as part of some stateful process like
+ * key-generation setup and execution), it can set this flag - then each attempt
+ * to obtain the ENGINE will result in it being copied into a new structure.
+ * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
+ * the existing ENGINE's structural reference count. */
+#define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+
+/* ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
+ * command expects. Currently only numeric and string input is supported. If a
+ * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
+ * then it is regarded as an "internal" control command - and not for use in
+ * config setting situations. As such, they're not available to the
+ * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
+ * this list of 'command types' should be reflected carefully in
+ * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
+/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
+ * ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
+/* Indicates that the control command takes *no* input. Ie. the control command
+ * is unparameterised. */
+#define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
+/* Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function. */
+#define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
+
+/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
+ * relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate the
+ * same functionality to their own ENGINE-specific control functions that can be
+ * "discovered" by calling applications. The fact these control commands
+ * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
+ * fact that application code can find and use them without requiring per-ENGINE
+ * hacking. */
+
+/* These flags are used to tell the ctrl function what should be done.
+ * All command numbers are shared between all engines, even if some don't
+ * make sense to some engines.  In such a case, they do nothing but return
+ * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+#define ENGINE_CTRL_SET_LOGSTREAM               1
+#define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+#define ENGINE_CTRL_HUP                         3 /* Close and reinitialise any
+                                                     handles/connections etc. */
+#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
+#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
+                                                     when calling the password
+                                                     callback and the user
+                                                     interface */
+
+/* These control commands allow an application to deal with an arbitrary engine
+ * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
+ * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
+ * including ENGINE-specific command types, return zero for an error.
+ *
+ * An ENGINE can choose to implement these ctrl functions, and can internally
+ * manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
+ * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
+ * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
+ * handler need only implement its own commands - the above "meta" commands will
+ * be taken care of. */
+
+/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
+ * all the remaining control commands will return failure, so it is worth
+ * checking this first if the caller is trying to "discover" the engine's
+ * capabilities and doesn't want errors generated unnecessarily. */
+#define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
+/* Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported. */
+#define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
+/* The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more. */
+#define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
+/* The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it. */
+#define ENGINE_CTRL_GET_CMD_FROM_NAME           13
+/* The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
+ * case, the return value is the length of the command name (not counting a
+ * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
+ * large enough, and it will be populated with the name of the command (WITH a
+ * trailing EOL). */
+#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
+#define ENGINE_CTRL_GET_NAME_FROM_CMD           15
+/* The next two are similar but give a "short description" of a command. */
+#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
+#define ENGINE_CTRL_GET_DESC_FROM_CMD           17
+/* With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects. */
+#define ENGINE_CTRL_GET_CMD_FLAGS               18
+
+/* ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
+#define ENGINE_CMD_BASE         200
+
+/* NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before these
+ * are removed. */
+
+/* Flags specific to the nCipher "chil" engine */
+#define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+        /* Depending on the value of the (long)i argument, this sets or
+         * unsets the SimpleForkCheck flag in the CHIL API to enable or
+         * disable checking and workarounds for applications that fork().
+         */
+#define ENGINE_CTRL_CHIL_NO_LOCKING             101
+        /* This prevents the initialisation function from providing mutex
+         * callbacks to the nCipher library. */
+
+/* If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
+ * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
+ * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
+ * supports the stated commands (ie. the "cmd_num" entries as described by the
+ * array). NB: The array must be ordered in increasing order of cmd_num.
+ * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
+ * to zero and/or cmd_name set to NULL. */
+typedef struct ENGINE_CMD_DEFN_st
+        {
+        unsigned int cmd_num; /* The command number */
+        const char *cmd_name; /* The command name itself */
+        const char *cmd_desc; /* A short description of the command */
+        unsigned int cmd_flags; /* The input the command expects */
+        } ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
+/* Generic load_key function pointer */
+typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+        UI_METHOD *ui_method, void *callback_data);
+/* These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/* Returns to a pointer to the array of supported cipher 'nid's. If the second
+ * parameter is non-NULL it is set to the size of the returned array. */
+typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
+
+/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
+ * structures where the pointers have a "structural reference". This means that
+ * their reference is to allowed access to the structure but it does not imply
+ * that the structure is functional. To simply increment or decrement the
+ * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
+ * required when iterating using ENGINE_get_next as it will automatically
+ * decrement the structural reference count of the "current" ENGINE and
+ * increment the structural reference count of the ENGINE it returns (unless it
+ * is NULL). */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+/* Add all the built-in engines. */
+void ENGINE_load_openssl(void);
+void ENGINE_load_dynamic(void);
+void ENGINE_load_cswift(void);
+void ENGINE_load_chil(void);
+void ENGINE_load_atalla(void);
+void ENGINE_load_nuron(void);
+void ENGINE_load_ubsec(void);
+void ENGINE_load_aep(void);
+void ENGINE_load_sureware(void);
+void ENGINE_load_4758cca(void);
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_builtin_engines(void);
+
+/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling. */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/* Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required, so
+ * ENGINE_cleanup() will reverse any "register" operations. */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+/* These functions register all support from the above categories. Note, use of
+ * these functions can result in static linkage of code your application may not
+ * need. If you only need a subset of functionality, consider using more
+ * selective initialisation. */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/* Send parametrised control commands to the engine. The possibilities to send
+ * down an integer, a pointer to data or a function pointer are provided. Any of
+ * the parameters may or may not be NULL, depending on the command number. In
+ * actuality, this function only requires a structural (rather than functional)
+ * reference to an engine, but many control commands may require the engine be
+ * functional. The caller should be aware of trying commands that require an
+ * operational ENGINE, and only use functional references in such situations. */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* This function tests if an ENGINE-specific command is usable as a "setting".
+ * Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/* This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional commands.
+ * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
+ * use the cmd_name and cmd_optional. */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional);
+
+/* This function passes a command-name and argument to an ENGINE. The cmd_name
+ * is converted to a command number and the control command is called using
+ * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
+ * which case no control command is called). The command is checked for input
+ * flags, and if necessary the argument will be converted to a numeric value. If
+ * cmd_optional is non-zero, then if the ENGINE doesn't support the given
+ * cmd_name the return value will be success anyway. This function is intended
+ * for applications to use so that users (or config files) can supply
+ * engine-specific config data to the ENGINE at run-time to control behaviour of
+ * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
+ * functions that return data, deal with binary data, or that are otherwise
+ * supposed to be used directly through ENGINE_ctrl() in application code. Any
+ * "return" data from an ENGINE_ctrl() operation in this function will be lost -
+ * the return value is interpreted as failure if the return value is zero,
+ * success otherwise, and this function returns a boolean value as a result. In
+ * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
+ * implementations with parameterisations that work in this scheme, so that
+ * compliant ENGINE-based applications can work consistently with the same
+ * configuration for the same ENGINE-enabled devices, across applications. */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                                int cmd_optional);
+
+/* These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an ENGINE
+ * structure with personalised implementations of things prior to using it
+ * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
+ * here so that the ENGINE structure doesn't have to be exposed and break binary
+ * compatibility! */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions (and the "get" function lower down) allow control over any
+ * per-structure ENGINE data. */
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+
+/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
+ * automatically ensures the list cleanup function is registered to be called
+ * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
+ * ENGINE_cleanup() will clean up after them. */
+void ENGINE_cleanup(void);
+
+/* These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic! */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+/* FUNCTIONAL functions. These functions deal with ENGINE structures
+ * that have (or will) be initialised for use. Broadly speaking, the
+ * structural functions are useful for iterating the list of available
+ * engine types, creating new engine types, and other "list" operations.
+ * These functions actually deal with ENGINEs that are to be used. As
+ * such these functions can fail (if applicable) when particular
+ * engines are unavailable - eg. if a hardware accelerator is not
+ * attached or not functioning correctly. Each ENGINE has 2 reference
+ * counts; structural and functional. Every time a functional reference
+ * is obtained or released, a corresponding structural reference is
+ * automatically obtained or released too. */
+
+/* Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently
+ * operational and cannot initialise. */
+int ENGINE_init(ENGINE *e);
+/* Free a functional reference to a engine type. This does not require
+ * a corresponding call to ENGINE_free as it also releases a structural
+ * reference. */
+int ENGINE_finish(ENGINE *e);
+
+/* The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever. */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+
+/* This returns a pointer for the current ENGINE structure that
+ * is (by default) performing any RSA operations. The value returned
+ * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * before it is discarded. */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/* These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid". */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+
+/* This sets a new default ENGINE structure for performing RSA
+ * operations. If the result is non-zero (success) then the ENGINE
+ * structure will have had its reference count up'd so the caller
+ * should still free their own reference 'e'. */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+
+/* The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions. */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+#define OSSL_DYNAMIC_VERSION            (unsigned long)0x00010200
+/* Binary versions older than this are too old for us (whether we're a loader or
+ * a loadee) */
+#define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00010200
+
+/* When compiling an ENGINE entirely as an external shared library, loadable by
+ * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
+ * type provides the calling application's (or library's) error functionality
+ * and memory management function pointers to the loaded library. These should
+ * be used/set in the loaded library code so that the loading application's
+ * 'state' will be used/changed in all operations. */
+typedef void *(*dyn_MEM_malloc_cb)(size_t);
+typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
+typedef void (*dyn_MEM_free_cb)(void *);
+typedef struct st_dynamic_MEM_fns {
+        dyn_MEM_malloc_cb                       malloc_cb;
+        dyn_MEM_realloc_cb                      realloc_cb;
+        dyn_MEM_free_cb                         free_cb;
+        } dynamic_MEM_fns;
+/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
+ * these types so we (and any other dependant code) can simplify a bit?? */
+typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
+typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
+                                                const char *,int);
+typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
+                                                const char *,int);
+typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
+                                                const char *,int);
+typedef struct st_dynamic_LOCK_fns {
+        dyn_lock_locking_cb                     lock_locking_cb;
+        dyn_lock_add_lock_cb                    lock_add_lock_cb;
+        dyn_dynlock_create_cb                   dynlock_create_cb;
+        dyn_dynlock_lock_cb                     dynlock_lock_cb;
+        dyn_dynlock_destroy_cb                  dynlock_destroy_cb;
+        } dynamic_LOCK_fns;
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+        const ERR_FNS                           *err_fns;
+        const CRYPTO_EX_DATA_IMPL               *ex_data_fns;
+        dynamic_MEM_fns                         mem_fns;
+        dynamic_LOCK_fns                        lock_fns;
+        } dynamic_fns;
+
+/* The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
+ * If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's version
+ * is unsatisfactory and could veto the load. The function is expected to
+ * be implemented with the symbol name "v_check", and a default implementation
+ * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
+typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
+#define IMPLEMENT_DYNAMIC_CHECK_FN() \
+        unsigned long v_check(unsigned long v) { \
+                if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+                return 0; }
+
+/* This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load will
+ * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
+ * structure, and (c) the shared library will be unloaded. So implementations
+ * should do their own internal cleanup in failure circumstances otherwise they
+ * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
+ * the loader is looking for. If this is NULL, the shared library can choose to
+ * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
+ * library must initialise only an ENGINE matching the passed 'id'. The function
+ * is expected to be implemented with the symbol name "bind_engine". A standard
+ * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
+ * the parameter 'fn' is a callback function that populates the ENGINE structure
+ * and returns an int value (zero for failure). 'fn' should have prototype;
+ *    [static] int fn(ENGINE *e, const char *id); */
+typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
+                                const dynamic_fns *fns);
+#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+                if (ERR_get_implementation() != fns->err_fns) \
+                        { \
+                        if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+                                fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+                                return 0; \
+                        CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+                        CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+                        CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+                        CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+                        CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+                        if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+                                return 0; \
+                        if(!ERR_set_implementation(fns->err_fns)) return 0; \
+                        } \
+                if(!fn(e,id)) return 0; \
+                return 1; }
+
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+void ENGINE_setup_bsd_cryptodev(void);
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ENGINE_strings(void);
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+#define ENGINE_F_DYNAMIC_CTRL                            180
+#define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
+#define ENGINE_F_DYNAMIC_LOAD                            182
+#define ENGINE_F_ENGINE_ADD                              105
+#define ENGINE_F_ENGINE_BY_ID                            106
+#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
+#define ENGINE_F_ENGINE_CTRL                             142
+#define ENGINE_F_ENGINE_CTRL_CMD                         178
+#define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
+#define ENGINE_F_ENGINE_FINISH                           107
+#define ENGINE_F_ENGINE_FREE                             108
+#define ENGINE_F_ENGINE_GET_CIPHER                       185
+#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
+#define ENGINE_F_ENGINE_GET_DIGEST                       186
+#define ENGINE_F_ENGINE_GET_NEXT                         115
+#define ENGINE_F_ENGINE_GET_PREV                         116
+#define ENGINE_F_ENGINE_INIT                             119
+#define ENGINE_F_ENGINE_LIST_ADD                         120
+#define ENGINE_F_ENGINE_LIST_REMOVE                      121
+#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#define ENGINE_F_ENGINE_MODULE_INIT                      187
+#define ENGINE_F_ENGINE_NEW                              122
+#define ENGINE_F_ENGINE_REMOVE                           123
+#define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
+#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE                 126
+#define ENGINE_F_ENGINE_SET_ID                           129
+#define ENGINE_F_ENGINE_SET_NAME                         130
+#define ENGINE_F_ENGINE_TABLE_REGISTER                   184
+#define ENGINE_F_ENGINE_UNLOAD_KEY                       152
+#define ENGINE_F_ENGINE_UP_REF                           190
+#define ENGINE_F_INT_CTRL_HELPER                         172
+#define ENGINE_F_INT_ENGINE_CONFIGURE                    188
+#define ENGINE_F_LOG_MESSAGE                             141
+#define ENGINE_F_SET_DATA_CTX                            183
+
+/* Reason codes. */
+#define ENGINE_R_ALREADY_LOADED                          100
+#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
+#define ENGINE_R_CMD_NOT_EXECUTABLE                      134
+#define ENGINE_R_COMMAND_TAKES_INPUT                     135
+#define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
+#define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+#define ENGINE_R_DH_NOT_IMPLEMENTED                      139
+#define ENGINE_R_DSA_NOT_IMPLEMENTED                     140
+#define ENGINE_R_DSO_FAILURE                             104
+#define ENGINE_R_DSO_NOT_FOUND                           132
+#define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+#define ENGINE_R_ENGINE_SECTION_ERROR                    149
+#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+#define ENGINE_R_FINISH_FAILED                           106
+#define ENGINE_R_GET_HANDLE_FAILED                       107
+#define ENGINE_R_ID_OR_NAME_MISSING                      108
+#define ENGINE_R_INIT_FAILED                             109
+#define ENGINE_R_INTERNAL_LIST_ERROR                     110
+#define ENGINE_R_INVALID_ARGUMENT                        143
+#define ENGINE_R_INVALID_CMD_NAME                        137
+#define ENGINE_R_INVALID_CMD_NUMBER                      138
+#define ENGINE_R_INVALID_INIT_VALUE                      151
+#define ENGINE_R_INVALID_STRING                          150
+#define ENGINE_R_NOT_INITIALISED                         117
+#define ENGINE_R_NOT_LOADED                              112
+#define ENGINE_R_NO_CONTROL_FUNCTION                     120
+#define ENGINE_R_NO_INDEX                                144
+#define ENGINE_R_NO_LOAD_FUNCTION                        125
+#define ENGINE_R_NO_REFERENCE                            130
+#define ENGINE_R_NO_SUCH_ENGINE                          116
+#define ENGINE_R_NO_UNLOAD_FUNCTION                      126
+#define ENGINE_R_PROVIDE_PARAMETERS                      113
+#define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
+#define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
+#define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#define ENGINE_R_VERSION_INCOMPATIBILITY                 145
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
index 5f1772ea99..8b8380a582 100644
--- a/src/lib/libcrypto/engine/hw_aep.c
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -474,7 +474,6 @@ static int aep_init(ENGINE *e)
 
         if(aep_dso)
                 DSO_free(aep_dso);
-        aep_dso = NULL;
                 
         p_AEP_OpenConnection    = NULL;
         p_AEP_ModExp            = NULL;
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
index 2b8342bbdd..e9eff9fad1 100644
--- a/src/lib/libcrypto/engine/hw_atalla.c
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -375,7 +375,6 @@ static int atalla_init(ENGINE *e)
 err:
         if(atalla_dso)
                 DSO_free(atalla_dso);
-        atalla_dso = NULL;
         p_Atalla_GetHardwareConfig = NULL;
         p_Atalla_RSAPrivateKeyOpFn = NULL;
         p_Atalla_GetPerformanceStatistics = NULL;
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
index 3e7fff1c1e..d3b186c132 100644
--- a/src/lib/libcrypto/engine/hw_cryptodev.c
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -1,6 +1,6 @@
 /*
+ * Copyright (c) 2002-2004 Theo de Raadt
  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
  * Copyright (c) 2002 Markus Friedl
  * All rights reserved.
  *
@@ -49,11 +49,12 @@ ENGINE_load_cryptodev(void)
         return;
 }
 
-#else 
+#else
 
 #include <sys/types.h>
 #include <crypto/cryptodev.h>
 #include <sys/ioctl.h>
+
 #include <errno.h>
 #include <stdio.h>
 #include <unistd.h>
@@ -63,19 +64,34 @@ ENGINE_load_cryptodev(void)
 #include <errno.h>
 #include <string.h>
 
+#ifdef __i386__
+#include <sys/sysctl.h>
+#include <machine/cpu.h>
+#include <machine/specialreg.h>
+
+#include <ssl/aes.h>
+
+static int check_viac3aes(void);
+#endif
+
 struct dev_crypto_state {
         struct session_op d_sess;
         int d_fd;
 };
 
+struct dev_crypto_cipher {
+        int     c_id;
+        int     c_nid;
+        int     c_ivmax;
+        int     c_keylen;
+};
+
 static u_int32_t cryptodev_asymfeat = 0;
 
 static int get_asym_dev_crypto(void);
 static int open_dev_crypto(void);
 static int get_dev_crypto(void);
-static int cryptodev_max_iv(int cipher);
-static int cryptodev_key_length_valid(int cipher, int len);
-static int cipher_nid_to_cryptodev(int nid);
+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
 static int get_cryptodev_ciphers(const int **cnids);
 /*static int get_cryptodev_digests(const int **cnids);*/
 static int cryptodev_usable_ciphers(const int **nids);
@@ -122,15 +138,12 @@ static const ENGINE_CMD_DEFN cryptodev_defns[] = {
         { 0, NULL, NULL, 0 }
 };
 
-static struct {
-        int     id;
-        int     nid;
-        int     ivmax;
-        int     keylen;
-} ciphers[] = {
+static struct dev_crypto_cipher ciphers[] = {
         { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
         { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
         { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
         { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
         { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
         { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
@@ -153,7 +166,7 @@ static struct {
 #endif
 
 /*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ * Return a fd if /dev/crypto seems usable, -1 otherwise.
  */
 static int
 open_dev_crypto(void)
@@ -180,8 +193,10 @@ get_dev_crypto(void)
 
         if ((fd = open_dev_crypto()) == -1)
                 return (-1);
-        if (ioctl(fd, CRIOGET, &retfd) == -1)
+        if (ioctl(fd, CRIOGET, &retfd) == -1) {
+                close(fd);
                 return (-1);
+        }
 
         /* close on exec */
         if (fcntl(retfd, F_SETFD, 1) == -1) {
@@ -202,48 +217,16 @@ get_asym_dev_crypto(void)
         return fd;
 }
 
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card.
- */
-static int
-cryptodev_max_iv(int cipher)
-{
-        int i;
-
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].ivmax);
-        return (0);
-}
-
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card. For now, fake it out - but most of these
- * for real devices should return 1 for the supported key
- * sizes the device can handle.
- */
-static int
-cryptodev_key_length_valid(int cipher, int len)
-{
-        int i;
-
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].id == cipher)
-                        return (ciphers[i].keylen == len);
-        return (0);
-}
-
 /* convert libcrypto nids to cryptodev */
-static int
+static struct dev_crypto_cipher *
 cipher_nid_to_cryptodev(int nid)
 {
         int i;
 
-        for (i = 0; ciphers[i].id; i++)
-                if (ciphers[i].nid == nid)
-                        return (ciphers[i].id);
-        return (0);
+        for (i = 0; ciphers[i].c_id; i++)
+                if (ciphers[i].c_nid == nid)
+                        return (&ciphers[i]);
+        return (NULL);
 }
 
 /*
@@ -266,18 +249,45 @@ get_cryptodev_ciphers(const int **cnids)
         memset(&sess, 0, sizeof(sess));
         sess.key = (caddr_t)"123456781234567812345678";
 
-        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-                if (ciphers[i].nid == NID_undef)
+        for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].c_nid == NID_undef)
                         continue;
-                sess.cipher = ciphers[i].id;
-                sess.keylen = ciphers[i].keylen;
+                sess.cipher = ciphers[i].c_id;
+                sess.keylen = ciphers[i].c_keylen;
                 sess.mac = 0;
                 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
                     ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-                        nids[count++] = ciphers[i].nid;
+                        nids[count++] = ciphers[i].c_nid;
         }
         close(fd);
 
+#if defined(__i386__)
+        /*
+         * On i386, always check for the VIA C3 AES instructions;
+         * even if /dev/crypto is disabled.
+         */
+        if (check_viac3aes() >= 1) {
+                int have_NID_aes_128_cbc = 0;
+                int have_NID_aes_192_cbc = 0;
+                int have_NID_aes_256_cbc = 0;
+
+                for (i = 0; i < count; i++) {
+                        if (nids[i] == NID_aes_128_cbc)
+                                have_NID_aes_128_cbc = 1;
+                        if (nids[i] == NID_aes_192_cbc)
+                                have_NID_aes_192_cbc = 1;
+                        if (nids[i] == NID_aes_256_cbc)
+                                have_NID_aes_256_cbc = 1;
+                }
+                if (!have_NID_aes_128_cbc)
+                        nids[count++] = NID_aes_128_cbc;
+                if (!have_NID_aes_192_cbc)
+                        nids[count++] = NID_aes_192_cbc;
+                if (!have_NID_aes_256_cbc)
+                        nids[count++] = NID_aes_256_cbc;
+        }
+#endif
+
         if (count > 0)
                 *cnids = nids;
         else
@@ -429,15 +439,15 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 {
         struct dev_crypto_state *state = ctx->cipher_data;
         struct session_op *sess = &state->d_sess;
-        int cipher;
+        struct dev_crypto_cipher *cipher;
 
-        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
                 return (0);
 
-        if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+        if (ctx->cipher->iv_len > cipher->c_ivmax)
                 return (0);
 
-        if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+        if (ctx->key_len != cipher->c_keylen)
                 return (0);
 
         memset(sess, 0, sizeof(struct session_op));
@@ -447,7 +457,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
         sess->key = (unsigned char *)key;
         sess->keylen = ctx->key_len;
-        sess->cipher = cipher;
+        sess->cipher = cipher->c_id;
 
         if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
                 close(state->d_fd);
@@ -552,7 +562,7 @@ const EVP_CIPHER cryptodev_cast_cbc = {
         NULL
 };
 
-const EVP_CIPHER cryptodev_aes_cbc = {
+EVP_CIPHER cryptodev_aes_128_cbc = {
         NID_aes_128_cbc,
         16, 16, 16,
         EVP_CIPH_CBC_MODE,
@@ -565,6 +575,209 @@ const EVP_CIPHER cryptodev_aes_cbc = {
         NULL
 };
 
+EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+
+#if defined(__i386__)
+
+static inline void
+viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep,
+    void *iv)
+{
+#ifdef notdef
+        printf("cw %x[%x %x %x %x] src %x dst %x key %x rep %x iv %x\n",
+            cw, cw[0], cw[1], cw[2], cw[3],
+            src, dst, key, rep, iv);
+#endif
+        /*
+         * Clear bit 30 of EFLAGS.
+         */
+        __asm __volatile("pushfl; popfl");
+
+        /*
+         * Cannot simply place key into "b" register, since the compiler
+         * -pic mode uses that register; so instead we must dance a little.
+         */
+        __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcrypt-cbc; popl %%ebx" :
+            : "mr" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst)
+            : "memory", "cc");
+}
+
+#define ISUNALIGNED(x)  ((long)(x)) & 15
+#define DOALIGN(v)      ((void *)(((long)(v) + 15) & ~15))
+
+static int
+xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+        unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *save_iv = DOALIGN(save_iv_store);
+        unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *ivs = DOALIGN(ivs_store);
+        void *iiv, *iv = NULL, *ivp = NULL;
+        const void *usein = in;
+        void *useout = out, *spare;
+        int cws[4 + 3], *cw = DOALIGN(cws);
+
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+
+        if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
+                spare = malloc(inl);
+                if (spare == NULL)
+                        return (0);
+
+                if (ISUNALIGNED(in)) {
+                        bcopy(in, spare, inl);
+                        usein = spare;
+                }
+                if (ISUNALIGNED(out))
+                        useout = spare;
+        }
+
+        cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW |
+            C3_CRYPT_CWLO_NORMAL;
+        cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT;
+        cw[1] = cw[2] = cw[3] = 0;
+
+        switch (ctx->key_len * 8) {
+        case 128:
+                cw[0] |= C3_CRYPT_CWLO_KEY128;
+                break;
+        case 192:
+                cw[0] |= C3_CRYPT_CWLO_KEY192;
+                break;
+        case 256:
+                cw[0] |= C3_CRYPT_CWLO_KEY256;
+                break;
+        }
+
+        if (ctx->cipher->iv_len) {
+                iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        }
+
+        ivp = iv;
+        if (ISUNALIGNED(iv)) {
+                bcopy(iv, ivs, ctx->cipher->iv_len);
+                ivp = ivs;
+        }
+
+        viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data,  inl / 16, ivp);
+
+        if (ISUNALIGNED(out)) {
+                bcopy(spare, out, inl);
+                free(spare);
+        }
+
+        if (ivp == ivs)
+                bcopy(ivp, iv, ctx->cipher->iv_len);
+
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+
+static int
+xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        AES_KEY *k = ctx->cipher_data;
+#ifndef AES_ASM
+        int i;
+#endif
+
+        bzero(k, sizeof *k);
+        if (enc)
+                AES_set_encrypt_key(key, ctx->key_len * 8, k);
+        else
+                AES_set_decrypt_key(key, ctx->key_len * 8, k);
+
+#ifndef AES_ASM
+        /*
+         * XXX Damn OpenSSL byte swaps the expanded key!!
+         *
+         * XXX But only if we're using the C implementation of AES
+         */
+        for (i = 0; i < 4 * (AES_MAXNR + 1); i++)
+                k->rd_key[i] = htonl(k->rd_key[i]);
+#endif
+
+        return (1);
+}
+
+static int
+xcrypt_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        bzero(ctx->cipher_data, ctx->cipher->ctx_size);
+        return (1);
+}
+
+static int
+check_viac3aes(void)
+{
+        int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value;
+        size_t size = sizeof(value);
+
+        if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size,
+            NULL, 0) < 0)
+                return (0);
+        if (value == 0)
+                return (0);
+
+        if (value & C3_HAS_AES) {
+                cryptodev_aes_128_cbc.init = xcrypt_init_key;
+                cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY);
+
+                cryptodev_aes_192_cbc.init = xcrypt_init_key;
+                cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY);
+
+                cryptodev_aes_256_cbc.init = xcrypt_init_key;
+                cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY);
+        }
+        return (value);
+}
+#endif /* __i386__ */
+
 /*
  * Registered by the ENGINE when used to find out how to deal with
  * a particular NID in the ENGINE. this says what we'll do at the
@@ -591,7 +804,13 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
                 *cipher = &cryptodev_cast_cbc;
                 break;
         case NID_aes_128_cbc:
-                *cipher = &cryptodev_aes_cbc;
+                *cipher = &cryptodev_aes_128_cbc;
+                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
                 break;
         default:
                 *cipher = NULL;
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index 1411fd8333..f128ee5a68 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -90,7 +90,6 @@ static int cswift_destroy(ENGINE *e);
 static int cswift_init(ENGINE *e);
 static int cswift_finish(ENGINE *e);
 static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
 
 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -404,10 +403,7 @@ static int cswift_init(ENGINE *e)
         return 1;
 err:
         if(cswift_dso)
-        {
                 DSO_free(cswift_dso);
-                cswift_dso = NULL;
-        }
         p_CSwift_AcquireAccContext = NULL;
         p_CSwift_AttachKeyParam = NULL;
         p_CSwift_SimpleRequest = NULL;
@@ -557,29 +553,6 @@ err:
         return to_return;
         }
 
-
-int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
-{
-        int mod;
-        int numbytes = BN_num_bytes(in);
-
-        mod = 0;
-        while( ((out->nbytes = (numbytes+mod)) % 32) )
-        {
-                mod++;
-        }
-        out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
-        if(!out->value)
-        {
-                return 0;
-        }
-        BN_bn2bin(in, &out->value[mod]);
-        if(mod)
-                memset(out->value, 0, mod);
-
-        return 1;
-}
-
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                         const BIGNUM *q, const BIGNUM *dmp1,
@@ -589,16 +562,15 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
         SW_LARGENUMBER arg, res;
         SW_PARAM sw_param;
         SW_CONTEXT_HANDLE hac;
-        BIGNUM *result = NULL;
+        BIGNUM *rsa_p = NULL;
+        BIGNUM *rsa_q = NULL;
+        BIGNUM *rsa_dmp1 = NULL;
+        BIGNUM *rsa_dmq1 = NULL;
+        BIGNUM *rsa_iqmp = NULL;
         BIGNUM *argument = NULL;
+        BIGNUM *result = NULL;
         int to_return = 0; /* expect failure */
         int acquired = 0;
-
-        sw_param.up.crt.p.value = NULL;
-        sw_param.up.crt.q.value = NULL;
-        sw_param.up.crt.dmp1.value = NULL;
-        sw_param.up.crt.dmq1.value = NULL;
-        sw_param.up.crt.iqmp.value = NULL;
  
         if(!get_context(&hac))
                 {
@@ -606,55 +578,44 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                 goto err;
                 }
         acquired = 1;
-
         /* Prepare the params */
-        argument = BN_new();
-        result = BN_new();
-        if(!result || !argument)
+        BN_CTX_start(ctx);
+        rsa_p = BN_CTX_get(ctx);
+        rsa_q = BN_CTX_get(ctx);
+        rsa_dmp1 = BN_CTX_get(ctx);
+        rsa_dmq1 = BN_CTX_get(ctx);
+        rsa_iqmp = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!result)
                 {
                 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
                 goto err;
                 }
-
-
-        sw_param.type = SW_ALG_CRT;
-        /************************************************************************/
-        /* 04/02/2003                                                           */
-        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
-        /* limitation of cswift with values not a multiple of 32                */
-        /************************************************************************/
-        if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(     !bn_wexpand(argument, a->top) ||
+        if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+                        !bn_wexpand(rsa_dmp1, dmp1->top) ||
+                        !bn_wexpand(rsa_dmq1, dmq1->top) ||
+                        !bn_wexpand(rsa_iqmp, iqmp->top) ||
+                        !bn_wexpand(argument, a->top) ||
                         !bn_wexpand(result, p->top + q->top))
                 {
                 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
                 goto err;
                 }
-
+        sw_param.type = SW_ALG_CRT;
+        sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
+        sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
+        sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
+        sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
+        sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
+                (unsigned char *)rsa_dmp1->d);
+        sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
+        sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
+                (unsigned char *)rsa_dmq1->d);
+        sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
+        sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
+                (unsigned char *)rsa_iqmp->d);
+        sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
         /* Attach the key params */
         sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
         switch(sw_status)
@@ -693,22 +654,9 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
         BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
         to_return = 1;
 err:
-        if(sw_param.up.crt.p.value)
-                OPENSSL_free(sw_param.up.crt.p.value);
-        if(sw_param.up.crt.q.value)
-                OPENSSL_free(sw_param.up.crt.q.value);
-        if(sw_param.up.crt.dmp1.value)
-                OPENSSL_free(sw_param.up.crt.dmp1.value);
-        if(sw_param.up.crt.dmq1.value)
-                OPENSSL_free(sw_param.up.crt.dmq1.value);
-        if(sw_param.up.crt.iqmp.value)
-                OPENSSL_free(sw_param.up.crt.iqmp.value);
-        if(result)
-                BN_free(result);
-        if(argument)
-                BN_free(argument);
         if(acquired)
                 release_context(hac);
+        BN_CTX_end(ctx);
         return to_return;
         }
  
@@ -717,27 +665,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
         {
         BN_CTX *ctx;
         int to_return = 0;
-        const RSA_METHOD * def_rsa_method;
-
-        /* Try the limits of RSA (2048 bits) */
-        if(BN_num_bytes(rsa->p) > 128 ||
-                BN_num_bytes(rsa->q) > 128 ||
-                BN_num_bytes(rsa->dmp1) > 128 ||
-                BN_num_bytes(rsa->dmq1) > 128 ||
-                BN_num_bytes(rsa->iqmp) > 128)
-        {
-#ifdef RSA_NULL
-                def_rsa_method=RSA_null_method();
-#else
-#if 0
-                def_rsa_method=RSA_PKCS1_RSAref();
-#else
-                def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
-                if(def_rsa_method)
-                        return def_rsa_method->rsa_mod_exp(r0, I, rsa);
-        }
 
         if((ctx = BN_CTX_new()) == NULL)
                 goto err;
@@ -759,26 +686,6 @@ err:
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
         {
-        const RSA_METHOD * def_rsa_method;
-
-        /* Try the limits of RSA (2048 bits) */
-        if(BN_num_bytes(r) > 256 ||
-                BN_num_bytes(a) > 256 ||
-                BN_num_bytes(m) > 256)
-        {
-#ifdef RSA_NULL
-                def_rsa_method=RSA_null_method();
-#else
-#if 0
-                def_rsa_method=RSA_PKCS1_RSAref();
-#else
-                def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
-                if(def_rsa_method)
-                        return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
-        }
-
         return cswift_mod_exp(r, a, p, m, ctx);
         }
 
@@ -1023,10 +930,9 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
         SW_CONTEXT_HANDLE hac;
         SW_STATUS swrc;
         SW_LARGENUMBER largenum;
+        size_t nbytes = 0;
         int acquired = 0;
         int to_return = 0; /* assume failure */
-        unsigned char buf32[1024];
-
 
         if (!get_context(&hac))
         {
@@ -1035,19 +941,17 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
         }
         acquired = 1;
 
-        /************************************************************************/
-        /* 04/02/2003                                                           */
-        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
-        /* limitation of cswift with values not a multiple of 32                */
-        /************************************************************************/
-
-        while(num >= sizeof(buf32))
+        while (nbytes < (size_t)num)
         {
-                largenum.value = buf;
-                largenum.nbytes = sizeof(buf32);
                 /* tell CryptoSwift how many bytes we want and where we want it.
                  * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
                  *       - CryptoSwift can only do multiple of 32-bits. */
+                largenum.value = (SW_BYTE *) buf + nbytes;
+                if (4096 > num - nbytes)
+                        largenum.nbytes = num - nbytes;
+                else
+                        largenum.nbytes = 4096;
+
                 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
                 if (swrc != SW_OK)
                 {
@@ -1057,30 +961,14 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
                         ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
                         goto err;
                 }
-                buf += sizeof(buf32);
-                num -= sizeof(buf32);
-        }
-        if(num)
-        {
-                largenum.nbytes = sizeof(buf32);
-                largenum.value = buf32;
-                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
-                if (swrc != SW_OK)
-                {
-                        char tmpbuf[20];
-                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
-                        sprintf(tmpbuf, "%ld", swrc);
-                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-                        goto err;
-                }
-                memcpy(buf, largenum.value, num);
-        }
 
+                nbytes += largenum.nbytes;
+        }
         to_return = 1;  /* success */
+
 err:
         if (acquired)
                 release_context(hac);
-
         return to_return;
 }
 
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index 8fb834af31..5234a08a07 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -454,7 +454,6 @@ static int ubsec_init(ENGINE *e)
 err:
         if(ubsec_dso)
                 DSO_free(ubsec_dso);
-        ubsec_dso = NULL;
         p_UBSEC_ubsec_bytes_to_bits = NULL;
         p_UBSEC_ubsec_bits_to_bytes = NULL;
         p_UBSEC_ubsec_open = NULL;
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
new file mode 100644
index 0000000000..50b3cec1fa
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_cipher.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
+ * is used by EVP to hook in cipher code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_CIPHER_DEBUG */
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+        {
+        engine_table_unregister(&cipher_table, e);
+        }
+
+static void engine_unregister_all_ciphers(void)
+        {
+        engine_table_cleanup(&cipher_table);
+        }
+
+int ENGINE_register_ciphers(ENGINE *e)
+        {
+        if(e->ciphers)
+                {
+                const int *nids;
+                int num_nids = e->ciphers(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&cipher_table,
+                                        engine_unregister_all_ciphers, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_ciphers()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_ciphers(e);
+        }
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+        {
+        if(e->ciphers)
+                {
+                const int *nids;
+                int num_nids = e->ciphers(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&cipher_table,
+                                        engine_unregister_all_ciphers, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+        {
+        return engine_table_select(&cipher_table, nid);
+        }
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+        {
+        const EVP_CIPHER *ret;
+        ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
+                                ENGINE_R_UNIMPLEMENTED_CIPHER);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+        {
+        return e->ciphers;
+        }
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+        {
+        e->ciphers = f;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
new file mode 100644
index 0000000000..e290e1702b
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_dh.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
+ * used by DH to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DH_DEBUG */
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+        {
+        engine_table_unregister(&dh_table, e);
+        }
+
+static void engine_unregister_all_DH(void)
+        {
+        engine_table_cleanup(&dh_table);
+        }
+
+int ENGINE_register_DH(ENGINE *e)
+        {
+        if(e->dh_meth)
+                return engine_table_register(&dh_table,
+                                engine_unregister_all_DH, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_DH()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_DH(e);
+        }
+
+int ENGINE_set_default_DH(ENGINE *e)
+        {
+        if(e->dh_meth)
+                return engine_table_register(&dh_table,
+                                engine_unregister_all_DH, e, &dummy_nid, 1, 1);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DH(void)
+        {
+        return engine_table_select(&dh_table, dummy_nid);
+        }
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+        {
+        return e->dh_meth;
+        }
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+        {
+        e->dh_meth = dh_meth;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
new file mode 100644
index 0000000000..e82d2a17c9
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_digest.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
+ * is used by EVP to hook in digest code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DIGEST_DEBUG */
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+        {
+        engine_table_unregister(&digest_table, e);
+        }
+
+static void engine_unregister_all_digests(void)
+        {
+        engine_table_cleanup(&digest_table);
+        }
+
+int ENGINE_register_digests(ENGINE *e)
+        {
+        if(e->digests)
+                {
+                const int *nids;
+                int num_nids = e->digests(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&digest_table,
+                                        engine_unregister_all_digests, e, nids,
+                                        num_nids, 0);
+                }
+        return 1;
+        }
+
+void ENGINE_register_all_digests()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_digests(e);
+        }
+
+int ENGINE_set_default_digests(ENGINE *e)
+        {
+        if(e->digests)
+                {
+                const int *nids;
+                int num_nids = e->digests(e, NULL, &nids, 0);
+                if(num_nids > 0)
+                        return engine_table_register(&digest_table,
+                                        engine_unregister_all_digests, e, nids,
+                                        num_nids, 1);
+                }
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid' */
+ENGINE *ENGINE_get_digest_engine(int nid)
+        {
+        return engine_table_select(&digest_table, nid);
+        }
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+        {
+        const EVP_MD *ret;
+        ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+        if(!fn || !fn(e, &ret, NULL, nid))
+                {
+                ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
+                                ENGINE_R_UNIMPLEMENTED_DIGEST);
+                return NULL;
+                }
+        return ret;
+        }
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+        {
+        return e->digests;
+        }
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+        {
+        e->digests = f;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
new file mode 100644
index 0000000000..80170591f2
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_dsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
+ * used by DSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DSA_DEBUG */
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+        {
+        engine_table_unregister(&dsa_table, e);
+        }
+
+static void engine_unregister_all_DSA(void)
+        {
+        engine_table_cleanup(&dsa_table);
+        }
+
+int ENGINE_register_DSA(ENGINE *e)
+        {
+        if(e->dsa_meth)
+                return engine_table_register(&dsa_table,
+                                engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_DSA()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_DSA(e);
+        }
+
+int ENGINE_set_default_DSA(ENGINE *e)
+        {
+        if(e->dsa_meth)
+                return engine_table_register(&dsa_table,
+                                engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DSA(void)
+        {
+        return engine_table_select(&dsa_table, dummy_nid);
+        }
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+        {
+        return e->dsa_meth;
+        }
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+        {
+        e->dsa_meth = dsa_meth;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
new file mode 100644
index 0000000000..69b67111bc
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_rand.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
+ * used by RAND to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RAND_DEBUG */
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+        {
+        engine_table_unregister(&rand_table, e);
+        }
+
+static void engine_unregister_all_RAND(void)
+        {
+        engine_table_cleanup(&rand_table);
+        }
+
+int ENGINE_register_RAND(ENGINE *e)
+        {
+        if(e->rand_meth)
+                return engine_table_register(&rand_table,
+                                engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_RAND()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_RAND(e);
+        }
+
+int ENGINE_set_default_RAND(ENGINE *e)
+        {
+        if(e->rand_meth)
+                return engine_table_register(&rand_table,
+                                engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RAND(void)
+        {
+        return engine_table_select(&rand_table, dummy_nid);
+        }
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+        {
+        return e->rand_meth;
+        }
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+        {
+        e->rand_meth = rand_meth;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
new file mode 100644
index 0000000000..fee4867f52
--- /dev/null
+++ b/src/lib/libcrypto/engine/tb_rsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
+ * used by RSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RSA_DEBUG */
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+        {
+        engine_table_unregister(&rsa_table, e);
+        }
+
+static void engine_unregister_all_RSA(void)
+        {
+        engine_table_cleanup(&rsa_table);
+        }
+
+int ENGINE_register_RSA(ENGINE *e)
+        {
+        if(e->rsa_meth)
+                return engine_table_register(&rsa_table,
+                                engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
+        return 1;
+        }
+
+void ENGINE_register_all_RSA()
+        {
+        ENGINE *e;
+
+        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+                ENGINE_register_RSA(e);
+        }
+
+int ENGINE_set_default_RSA(ENGINE *e)
+        {
+        if(e->rsa_meth)
+                return engine_table_register(&rsa_table,
+                                engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
+        return 1;
+        }
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RSA(void)
+        {
+        return engine_table_select(&rsa_table, dummy_nid);
+        }
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+        {
+        return e->rsa_meth;
+        }
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+        {
+        e->rsa_meth = rsa_meth;
+        return 1;
+        }
diff --git a/src/lib/libcrypto/err/Makefile.ssl b/src/lib/libcrypto/err/Makefile.ssl
new file mode 100644
index 0000000000..b253061d07
--- /dev/null
+++ b/src/lib/libcrypto/err/Makefile.ssl
@@ -0,0 +1,119 @@
+#
+# SSLeay/crypto/err/Makefile
+#
+
+DIR=    err
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= err.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err.o: ../../include/openssl/symhacks.h ../cryptlib.h err.c
+err_all.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+err_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+err_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_prn.o: ../../e_os.h ../../include/openssl/bio.h
+err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_prn.o: ../cryptlib.h err_prn.c
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
new file mode 100644
index 0000000000..c78790a54c
--- /dev/null
+++ b/src/lib/libcrypto/err/err.c
@@ -0,0 +1,1077 @@
+/* crypto/err/err.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
+
+static void ERR_STATE_free(ERR_STATE *s);
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+        {
+{ERR_PACK(ERR_LIB_NONE,0,0)             ,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)              ,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)              ,"PEM routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)              ,"dsa routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)             ,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)             ,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)             ,"configuration file routines"},
+{ERR_PACK(ERR_LIB_CRYPTO,0,0)           ,"common libcrypto routines"},
+{ERR_PACK(ERR_LIB_EC,0,0)               ,"elliptic curve routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)              ,"SSL routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)            ,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)           ,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)           ,"PKCS12 routines"},
+{ERR_PACK(ERR_LIB_RAND,0,0)             ,"random number generator"},
+{ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)             ,"OCSP routines"},
+{ERR_PACK(ERR_LIB_FIPS,0,0)             ,"FIPS routines"},
+{0,NULL},
+        };
+
+static ERR_STRING_DATA ERR_str_functs[]=
+        {
+        {ERR_PACK(0,SYS_F_FOPEN,0),             "fopen"},
+        {ERR_PACK(0,SYS_F_CONNECT,0),           "connect"},
+        {ERR_PACK(0,SYS_F_GETSERVBYNAME,0),     "getservbyname"},
+        {ERR_PACK(0,SYS_F_SOCKET,0),            "socket"}, 
+        {ERR_PACK(0,SYS_F_IOCTLSOCKET,0),       "ioctlsocket"},
+        {ERR_PACK(0,SYS_F_BIND,0),              "bind"},
+        {ERR_PACK(0,SYS_F_LISTEN,0),            "listen"},
+        {ERR_PACK(0,SYS_F_ACCEPT,0),            "accept"},
+#ifdef OPENSSL_SYS_WINDOWS
+        {ERR_PACK(0,SYS_F_WSASTARTUP,0),        "WSAstartup"},
+#endif
+        {ERR_PACK(0,SYS_F_OPENDIR,0),           "opendir"},
+        {ERR_PACK(0,SYS_F_FREAD,0),             "fread"},
+        {ERR_PACK(0,SYS_F_GETADDRINFO,0),       "getaddrinfo"},
+        {0,NULL},
+        };
+
+static ERR_STRING_DATA ERR_str_reasons[]=
+        {
+{ERR_R_SYS_LIB                          ,"system lib"},
+{ERR_R_BN_LIB                           ,"BN lib"},
+{ERR_R_RSA_LIB                          ,"RSA lib"},
+{ERR_R_DH_LIB                           ,"DH lib"},
+{ERR_R_EVP_LIB                          ,"EVP lib"},
+{ERR_R_BUF_LIB                          ,"BUF lib"},
+{ERR_R_OBJ_LIB                          ,"OBJ lib"},
+{ERR_R_PEM_LIB                          ,"PEM lib"},
+{ERR_R_DSA_LIB                          ,"DSA lib"},
+{ERR_R_X509_LIB                         ,"X509 lib"},
+{ERR_R_ASN1_LIB                         ,"ASN1 lib"},
+{ERR_R_CONF_LIB                         ,"CONF lib"},
+{ERR_R_CRYPTO_LIB                       ,"CRYPTO lib"},
+{ERR_R_EC_LIB                           ,"EC lib"},
+{ERR_R_SSL_LIB                          ,"SSL lib"},
+{ERR_R_BIO_LIB                          ,"BIO lib"},
+{ERR_R_PKCS7_LIB                        ,"PKCS7 lib"},
+{ERR_R_X509V3_LIB                       ,"X509V3 lib"},
+{ERR_R_PKCS12_LIB                       ,"PKCS12 lib"},
+{ERR_R_RAND_LIB                         ,"RAND lib"},
+{ERR_R_DSO_LIB                          ,"DSO lib"},
+{ERR_R_ENGINE_LIB                       ,"ENGINE lib"},
+{ERR_R_OCSP_LIB                         ,"OCSP lib"},
+
+{ERR_R_NESTED_ASN1_ERROR                ,"nested asn1 error"},
+{ERR_R_BAD_ASN1_OBJECT_HEADER           ,"bad asn1 object header"},
+{ERR_R_BAD_GET_ASN1_OBJECT_CALL         ,"bad get asn1 object call"},
+{ERR_R_EXPECTING_AN_ASN1_SEQUENCE       ,"expecting an asn1 sequence"},
+{ERR_R_ASN1_LENGTH_MISMATCH             ,"asn1 length mismatch"},
+{ERR_R_MISSING_ASN1_EOS                 ,"missing asn1 eos"},
+
+{ERR_R_FATAL                            ,"fatal"},
+{ERR_R_MALLOC_FAILURE                   ,"malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER            ,"passed a null parameter"},
+{ERR_R_INTERNAL_ERROR                   ,"internal error"},
+
+{0,NULL},
+        };
+#endif
+
+
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS
+        {
+        /* Works on the "error_hash" string table */
+        LHASH *(*cb_err_get)(int create);
+        void (*cb_err_del)(void);
+        ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
+        /* Works on the "thread_hash" error-state table */
+        LHASH *(*cb_thread_get)(int create);
+        void (*cb_thread_release)(LHASH **hash);
+        ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
+        ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
+        void (*cb_thread_del_item)(const ERR_STATE *);
+        /* Returns the next available error "library" numbers */
+        int (*cb_get_next_lib)(void);
+        };
+
+/* Predeclarations of the "err_defaults" functions */
+static LHASH *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH *int_thread_get(int create);
+static void int_thread_release(LHASH **hash);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults =
+        {
+        int_err_get,
+        int_err_del,
+        int_err_get_item,
+        int_err_set_item,
+        int_err_del_item,
+        int_thread_get,
+        int_thread_release,
+        int_thread_get_item,
+        int_thread_set_item,
+        int_thread_del_item,
+        int_err_get_next_lib
+        };
+
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+
+/* The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer all
+ * ERR state operation (together with requisite locking) to the implementations
+ * and state in the loading application. */
+static LHASH *int_error_hash = NULL;
+static LHASH *int_thread_hash = NULL;
+static int int_thread_hash_references = 0;
+static int int_err_library_number= ERR_LIB_USER;
+
+/* Internal function that checks whether "err_fns" is set and if not, sets it to
+ * the defaults. */
+static void err_fns_check(void)
+        {
+        if (err_fns) return;
+        
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!err_fns)
+                err_fns = &err_defaults;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+
+/* API functions to get or set the underlying ERR functions. */
+
+const ERR_FNS *ERR_get_implementation(void)
+        {
+        err_fns_check();
+        return err_fns;
+        }
+
+int ERR_set_implementation(const ERR_FNS *fns)
+        {
+        int ret = 0;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
+         * an error is there?! */
+        if (!err_fns)
+                {
+                err_fns = fns;
+                ret = 1;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+
+/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
+ * internal to the "err_defaults" implementation. */
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a); */
+static unsigned long err_hash(const void *a_void);
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
+static int err_cmp(const void *a_void, const void *b_void);
+/* static unsigned long pid_hash(ERR_STATE *pid); */
+static unsigned long pid_hash(const void *pid_void);
+/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
+static int pid_cmp(const void *a_void,const void *pid_void);
+static unsigned long get_error_values(int inc,int top,const char **file,int *line,
+                                      const char **data,int *flags);
+
+/* The internal functions used in the "err_defaults" implementation */
+
+static LHASH *int_err_get(int create)
+        {
+        LHASH *ret = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_error_hash && create)
+                {
+                CRYPTO_push_info("int_err_get (err.c)");
+                int_error_hash = lh_new(err_hash, err_cmp);
+                CRYPTO_pop_info();
+                }
+        if (int_error_hash)
+                ret = int_error_hash;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return ret;
+        }
+
+static void int_err_del(void)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (int_error_hash)
+                {
+                lh_free(int_error_hash);
+                int_error_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(1);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_delete(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static LHASH *int_thread_get(int create)
+        {
+        LHASH *ret = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_thread_hash && create)
+                {
+                CRYPTO_push_info("int_thread_get (err.c)");
+                int_thread_hash = lh_new(pid_hash, pid_cmp);
+                CRYPTO_pop_info();
+                }
+        if (int_thread_hash)
+                {
+                int_thread_hash_references++;
+                ret = int_thread_hash;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+
+static void int_thread_release(LHASH **hash)
+        {
+        int i;
+
+        if (hash == NULL || *hash == NULL)
+                return;
+
+        i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+
+#ifdef REF_PRINT
+        fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"int_thread_release, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        *hash = NULL;
+        }
+
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(1);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+
+static void int_thread_del_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_delete(hash, d);
+        /* make sure we don't leak memory */
+        if (int_thread_hash_references == 1
+                && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
+                {
+                lh_free(int_thread_hash);
+                int_thread_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        if (p)
+                ERR_STATE_free(p);
+        }
+
+static int int_err_get_next_lib(void)
+        {
+        int ret;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        ret = int_err_library_number++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return ret;
+        }
+
+
+#ifndef OPENSSL_NO_ERR
+#define NUM_SYS_STR_REASONS 127
+#define LEN_SYS_STR_REASON 32
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/* SYS_str_reasons is filled with copies of strerror() results at
+ * initialization.
+ * 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string.
+ * It is crucial that we have something for each reason code
+ * that occurs in ERR_str_reasons, or bogus reason strings
+ * will be returned for SYSerr(), which always gets an errno
+ * value and never one of those 'standard' reason codes. */
+
+static void build_SYS_str_reasons()
+        {
+        /* OPENSSL_malloc cannot be used here, use static storage instead */
+        static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+        int i;
+        static int init = 1;
+
+        if (!init) return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+
+        for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
+                {
+                ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+                str->error = (unsigned long)i;
+                if (str->string == NULL)
+                        {
+                        char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+                        char *src = strerror(i);
+                        if (src != NULL)
+                                {
+                                strncpy(*dest, src, sizeof *dest);
+                                (*dest)[sizeof *dest - 1] = '\0';
+                                str->string = *dest;
+                                }
+                        }
+                if (str->string == NULL)
+                        str->string = "unknown";
+                }
+
+        /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
+         * as required by ERR_load_strings. */
+
+        init = 0;
+        
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+#endif
+
+#define err_clear_data(p,i) \
+        if (((p)->err_data[i] != NULL) && \
+                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+                {  \
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i]=NULL; \
+                } \
+        (p)->err_data_flags[i]=0;
+
+static void ERR_STATE_free(ERR_STATE *s)
+        {
+        int i;
+
+        if (s == NULL)
+            return;
+
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                err_clear_data(s,i);
+                }
+        OPENSSL_free(s);
+        }
+
+void ERR_load_ERR_strings(void)
+        {
+        err_fns_check();
+#ifndef OPENSSL_NO_ERR
+        err_load_strings(0,ERR_str_libraries);
+        err_load_strings(0,ERR_str_reasons);
+        err_load_strings(ERR_LIB_SYS,ERR_str_functs);
+        build_SYS_str_reasons();
+        err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
+#endif
+        }
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_set_item)(str);
+                str++;
+                }
+        }
+
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        ERR_load_ERR_strings();
+        err_load_strings(lib, str);
+        }
+
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_del_item)(str);
+                str++;
+                }
+        }
+
+void ERR_free_strings(void)
+        {
+        err_fns_check();
+        ERRFN(err_del)();
+        }
+
+/********************************************************/
+
+void ERR_put_error(int lib, int func, int reason, const char *file,
+             int line)
+        {
+        ERR_STATE *es;
+
+#ifdef _OSD_POSIX
+        /* In the BS2000-OSD POSIX subsystem, the compiler generates
+         * path names in the form "*POSIX(/etc/passwd)".
+         * This dirty hack strips them to something sensible.
+         * @@@ We shouldn't modify a const string, though.
+         */
+        if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
+                char *end;
+
+                /* Skip the "*POSIX(" prefix */
+                file += sizeof("*POSIX(")-1;
+                end = &file[strlen(file)-1];
+                if (*end == ')')
+                        *end = '\0';
+                /* Optional: use the basename of the path only. */
+                if ((end = strrchr(file, '/')) != NULL)
+                        file = &end[1];
+        }
+#endif
+        es=ERR_get_state();
+
+        es->top=(es->top+1)%ERR_NUM_ERRORS;
+        if (es->top == es->bottom)
+                es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
+        es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
+        es->err_file[es->top]=file;
+        es->err_line[es->top]=line;
+        err_clear_data(es,es->top);
+        }
+
+void ERR_clear_error(void)
+        {
+        int i;
+        ERR_STATE *es;
+
+        es=ERR_get_state();
+
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                es->err_buffer[i]=0;
+                err_clear_data(es,i);
+                es->err_file[i]=NULL;
+                es->err_line[i]= -1;
+                }
+        es->top=es->bottom=0;
+        }
+
+
+unsigned long ERR_get_error(void)
+        { return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }
+
+unsigned long ERR_get_error_line(const char **file,
+             int *line)
+        { return(get_error_values(1,0,file,line,NULL,NULL)); }
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+             const char **data, int *flags)
+        { return(get_error_values(1,0,file,line,data,flags)); }
+
+
+unsigned long ERR_peek_error(void)
+        { return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }
+
+unsigned long ERR_peek_error_line(const char **file, int *line)
+        { return(get_error_values(0,0,file,line,NULL,NULL)); }
+
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+             const char **data, int *flags)
+        { return(get_error_values(0,0,file,line,data,flags)); }
+
+
+unsigned long ERR_peek_last_error(void)
+        { return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }
+
+unsigned long ERR_peek_last_error_line(const char **file, int *line)
+        { return(get_error_values(0,1,file,line,NULL,NULL)); }
+
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+             const char **data, int *flags)
+        { return(get_error_values(0,1,file,line,data,flags)); }
+
+
+static unsigned long get_error_values(int inc, int top, const char **file, int *line,
+             const char **data, int *flags)
+        {       
+        int i=0;
+        ERR_STATE *es;
+        unsigned long ret;
+
+        es=ERR_get_state();
+
+        if (inc && top)
+                {
+                if (file) *file = "";
+                if (line) *line = 0;
+                if (data) *data = "";
+                if (flags) *flags = 0;
+                        
+                return ERR_R_INTERNAL_ERROR;
+                }
+
+        if (es->bottom == es->top) return 0;
+        if (top)
+                i=es->top;                       /* last error */
+        else
+                i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
+
+        ret=es->err_buffer[i];
+        if (inc)
+                {
+                es->bottom=i;
+                es->err_buffer[i]=0;
+                }
+
+        if ((file != NULL) && (line != NULL))
+                {
+                if (es->err_file[i] == NULL)
+                        {
+                        *file="NA";
+                        if (line != NULL) *line=0;
+                        }
+                else
+                        {
+                        *file=es->err_file[i];
+                        if (line != NULL) *line=es->err_line[i];
+                        }
+                }
+
+        if (data == NULL)
+                {
+                if (inc)
+                        {
+                        err_clear_data(es, i);
+                        }
+                }
+        else
+                {
+                if (es->err_data[i] == NULL)
+                        {
+                        *data="";
+                        if (flags != NULL) *flags=0;
+                        }
+                else
+                        {
+                        *data=es->err_data[i];
+                        if (flags != NULL) *flags=es->err_data_flags[i];
+                        }
+                }
+        return ret;
+        }
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+        {
+        char lsbuf[64], fsbuf[64], rsbuf[64];
+        const char *ls,*fs,*rs;
+        unsigned long l,f,r;
+
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        r=ERR_GET_REASON(e);
+
+        ls=ERR_lib_error_string(e);
+        fs=ERR_func_error_string(e);
+        rs=ERR_reason_error_string(e);
+
+        if (ls == NULL) 
+                BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+        if (fs == NULL)
+                BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+        if (rs == NULL)
+                BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+
+        BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
+                fs?fs:fsbuf, rs?rs:rsbuf);
+        if (strlen(buf) == len-1)
+                {
+                /* output may be truncated; make sure we always have 5 
+                 * colon-separated fields, i.e. 4 colons ... */
+#define NUM_COLONS 4
+                if (len > NUM_COLONS) /* ... if possible */
+                        {
+                        int i;
+                        char *s = buf;
+                        
+                        for (i = 0; i < NUM_COLONS; i++)
+                                {
+                                char *colon = strchr(s, ':');
+                                if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
+                                        {
+                                        /* set colon no. i at last possible position
+                                         * (buf[len-1] is the terminating 0)*/
+                                        colon = &buf[len-1] - NUM_COLONS + i;
+                                        *colon = ':';
+                                        }
+                                s = colon + 1;
+                                }
+                        }
+                }
+        }
+
+/* BAD for multi-threading: uses a local buffer if ret == NULL */
+/* ERR_error_string_n should be used instead for ret != NULL
+ * as ERR_error_string cannot know how large the buffer is */
+char *ERR_error_string(unsigned long e, char *ret)
+        {
+        static char buf[256];
+
+        if (ret == NULL) ret=buf;
+        ERR_error_string_n(e, ret, 256);
+
+        return ret;
+        }
+
+LHASH *ERR_get_string_table(void)
+        {
+        err_fns_check();
+        return ERRFN(err_get)(0);
+        }
+
+LHASH *ERR_get_err_state_table(void)
+        {
+        err_fns_check();
+        return ERRFN(thread_get)(0);
+        }
+
+void ERR_release_err_state_table(LHASH **hash)
+        {
+        err_fns_check();
+        ERRFN(thread_release)(hash);
+        }
+
+const char *ERR_lib_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        d.error=ERR_PACK(l,0,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+
+const char *ERR_func_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l,f;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        d.error=ERR_PACK(l,f,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+
+const char *ERR_reason_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l,r;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        r=ERR_GET_REASON(e);
+        d.error=ERR_PACK(l,0,r);
+        p=ERRFN(err_get_item)(&d);
+        if (!p)
+                {
+                d.error=ERR_PACK(0,0,r);
+                p=ERRFN(err_get_item)(&d);
+                }
+        return((p == NULL)?NULL:p->string);
+        }
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a) */
+static unsigned long err_hash(const void *a_void)
+        {
+        unsigned long ret,l;
+
+        l=((ERR_STRING_DATA *)a_void)->error;
+        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+        return(ret^ret%19*13);
+        }
+
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
+static int err_cmp(const void *a_void, const void *b_void)
+        {
+        return((int)(((ERR_STRING_DATA *)a_void)->error -
+                        ((ERR_STRING_DATA *)b_void)->error));
+        }
+
+/* static unsigned long pid_hash(ERR_STATE *a) */
+static unsigned long pid_hash(const void *a_void)
+        {
+        return(((ERR_STATE *)a_void)->pid*13);
+        }
+
+/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
+static int pid_cmp(const void *a_void, const void *b_void)
+        {
+        return((int)((long)((ERR_STATE *)a_void)->pid -
+                        (long)((ERR_STATE *)b_void)->pid));
+        }
+
+void ERR_remove_state(unsigned long pid)
+        {
+        ERR_STATE tmp;
+
+        err_fns_check();
+        if (pid == 0)
+                pid=(unsigned long)CRYPTO_thread_id();
+        tmp.pid=pid;
+        /* thread_del_item automatically destroys the LHASH if the number of
+         * items reaches zero. */
+        ERRFN(thread_del_item)(&tmp);
+        }
+
+ERR_STATE *ERR_get_state(void)
+        {
+        static ERR_STATE fallback;
+        ERR_STATE *ret,tmp,*tmpp=NULL;
+        int i;
+        unsigned long pid;
+
+        err_fns_check();
+        pid=(unsigned long)CRYPTO_thread_id();
+        tmp.pid=pid;
+        ret=ERRFN(thread_get_item)(&tmp);
+
+        /* ret == the error state, if NULL, make a new one */
+        if (ret == NULL)
+                {
+                ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
+                if (ret == NULL) return(&fallback);
+                ret->pid=pid;
+                ret->top=0;
+                ret->bottom=0;
+                for (i=0; i<ERR_NUM_ERRORS; i++)
+                        {
+                        ret->err_data[i]=NULL;
+                        ret->err_data_flags[i]=0;
+                        }
+                tmpp = ERRFN(thread_set_item)(ret);
+                /* To check if insertion failed, do a get. */
+                if (ERRFN(thread_get_item)(ret) != ret)
+                        {
+                        ERR_STATE_free(ret); /* could not insert it */
+                        return(&fallback);
+                        }
+                /* If a race occured in this function and we came second, tmpp
+                 * is the first one that we just replaced. */
+                if (tmpp)
+                        ERR_STATE_free(tmpp);
+                }
+        return ret;
+        }
+
+int ERR_get_next_error_library(void)
+        {
+        err_fns_check();
+        return ERRFN(get_next_lib)();
+        }
+
+void ERR_set_error_data(char *data, int flags)
+        {
+        ERR_STATE *es;
+        int i;
+
+        es=ERR_get_state();
+
+        i=es->top;
+        if (i == 0)
+                i=ERR_NUM_ERRORS-1;
+
+        err_clear_data(es,i);
+        es->err_data[i]=data;
+        es->err_data_flags[i]=flags;
+        }
+
+void ERR_add_error_data(int num, ...)
+        {
+        va_list args;
+        int i,n,s;
+        char *str,*p,*a;
+
+        s=80;
+        str=OPENSSL_malloc(s+1);
+        if (str == NULL) return;
+        str[0]='\0';
+
+        va_start(args, num);
+        n=0;
+        for (i=0; i<num; i++)
+                {
+                a=va_arg(args, char*);
+                /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
+                if (a != NULL)
+                        {
+                        n+=strlen(a);
+                        if (n > s)
+                                {
+                                s=n+20;
+                                p=OPENSSL_realloc(str,s+1);
+                                if (p == NULL)
+                                        {
+                                        OPENSSL_free(str);
+                                        goto err;
+                                        }
+                                else
+                                        str=p;
+                                }
+                        BUF_strlcat(str,a,s+1);
+                        }
+                }
+        ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
+
+err:
+        va_end(args);
+        }
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
new file mode 100644
index 0000000000..2efa18866a
--- /dev/null
+++ b/src/lib/libcrypto/err/err.h
@@ -0,0 +1,302 @@
+/* crypto/err/err.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ERR_H
+#define HEADER_ERR_H
+
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h>
+#include <stdlib.h>
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_LHASH
+#include <openssl/lhash.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifndef OPENSSL_NO_ERR
+#define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
+#else
+#define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
+#endif
+
+#include <errno.h>
+
+#define ERR_TXT_MALLOCED        0x01
+#define ERR_TXT_STRING          0x02
+
+#define ERR_NUM_ERRORS  16
+typedef struct err_state_st
+        {
+        unsigned long pid;
+        unsigned long err_buffer[ERR_NUM_ERRORS];
+        char *err_data[ERR_NUM_ERRORS];
+        int err_data_flags[ERR_NUM_ERRORS];
+        const char *err_file[ERR_NUM_ERRORS];
+        int err_line[ERR_NUM_ERRORS];
+        int top,bottom;
+        } ERR_STATE;
+
+/* library */
+#define ERR_LIB_NONE            1
+#define ERR_LIB_SYS             2
+#define ERR_LIB_BN              3
+#define ERR_LIB_RSA             4
+#define ERR_LIB_DH              5
+#define ERR_LIB_EVP             6
+#define ERR_LIB_BUF             7
+#define ERR_LIB_OBJ             8
+#define ERR_LIB_PEM             9
+#define ERR_LIB_DSA             10
+#define ERR_LIB_X509            11
+/* #define ERR_LIB_METH         12 */
+#define ERR_LIB_ASN1            13
+#define ERR_LIB_CONF            14
+#define ERR_LIB_CRYPTO          15
+#define ERR_LIB_EC              16
+#define ERR_LIB_SSL             20
+/* #define ERR_LIB_SSL23        21 */
+/* #define ERR_LIB_SSL2         22 */
+/* #define ERR_LIB_SSL3         23 */
+/* #define ERR_LIB_RSAREF       30 */
+/* #define ERR_LIB_PROXY        31 */
+#define ERR_LIB_BIO             32
+#define ERR_LIB_PKCS7           33
+#define ERR_LIB_X509V3          34
+#define ERR_LIB_PKCS12          35
+#define ERR_LIB_RAND            36
+#define ERR_LIB_DSO             37
+#define ERR_LIB_ENGINE          38
+#define ERR_LIB_OCSP            39
+#define ERR_LIB_UI              40
+#define ERR_LIB_COMP            41
+#define ERR_LIB_FIPS            42
+
+#define ERR_LIB_USER            128
+
+#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
+#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
+#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
+#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
+#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
+#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
+#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
+#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
+#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
+#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
+#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
+#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
+#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
+#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
+#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
+#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
+#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
+#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
+#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
+#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
+#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
+#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
+#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
+#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
+#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
+#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
+
+/* Borland C seems too stupid to be able to shift and do longs in
+ * the pre-processor :-( */
+#define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)*0x1000000)| \
+                                ((((unsigned long)f)&0xfffL)*0x1000)| \
+                                ((((unsigned long)r)&0xfffL)))
+#define ERR_GET_LIB(l)          (int)((((unsigned long)l)>>24L)&0xffL)
+#define ERR_GET_FUNC(l)         (int)((((unsigned long)l)>>12L)&0xfffL)
+#define ERR_GET_REASON(l)       (int)((l)&0xfffL)
+#define ERR_FATAL_ERROR(l)      (int)((l)&ERR_R_FATAL)
+
+
+/* OS functions */
+#define SYS_F_FOPEN             1
+#define SYS_F_CONNECT           2
+#define SYS_F_GETSERVBYNAME     3
+#define SYS_F_SOCKET            4
+#define SYS_F_IOCTLSOCKET       5
+#define SYS_F_BIND              6
+#define SYS_F_LISTEN            7
+#define SYS_F_ACCEPT            8
+#define SYS_F_WSASTARTUP        9 /* Winsock stuff */
+#define SYS_F_OPENDIR           10
+#define SYS_F_FREAD             11
+#define SYS_F_GETADDRINFO       12
+
+
+/* reasons */
+#define ERR_R_SYS_LIB   ERR_LIB_SYS       /* 2 */
+#define ERR_R_BN_LIB    ERR_LIB_BN        /* 3 */
+#define ERR_R_RSA_LIB   ERR_LIB_RSA       /* 4 */
+#define ERR_R_DH_LIB    ERR_LIB_DH        /* 5 */
+#define ERR_R_EVP_LIB   ERR_LIB_EVP       /* 6 */
+#define ERR_R_BUF_LIB   ERR_LIB_BUF       /* 7 */
+#define ERR_R_OBJ_LIB   ERR_LIB_OBJ       /* 8 */
+#define ERR_R_PEM_LIB   ERR_LIB_PEM       /* 9 */
+#define ERR_R_DSA_LIB   ERR_LIB_DSA      /* 10 */
+#define ERR_R_X509_LIB  ERR_LIB_X509     /* 11 */
+#define ERR_R_ASN1_LIB  ERR_LIB_ASN1     /* 13 */
+#define ERR_R_CONF_LIB  ERR_LIB_CONF     /* 14 */
+#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */
+#define ERR_R_EC_LIB    ERR_LIB_EC       /* 16 */
+#define ERR_R_SSL_LIB   ERR_LIB_SSL      /* 20 */
+#define ERR_R_BIO_LIB   ERR_LIB_BIO      /* 32 */
+#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7    /* 33 */
+#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */
+#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */
+#define ERR_R_RAND_LIB  ERR_LIB_RAND     /* 36 */
+#define ERR_R_DSO_LIB   ERR_LIB_DSO      /* 37 */
+#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */
+#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */
+#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */
+#define ERR_R_COMP_LIB  ERR_LIB_COMP     /* 41 */
+
+#define ERR_R_NESTED_ASN1_ERROR                 58
+#define ERR_R_BAD_ASN1_OBJECT_HEADER            59
+#define ERR_R_BAD_GET_ASN1_OBJECT_CALL          60
+#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE        61
+#define ERR_R_ASN1_LENGTH_MISMATCH              62
+#define ERR_R_MISSING_ASN1_EOS                  63
+
+/* fatal error */
+#define ERR_R_FATAL                             64
+#define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
+#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
+#define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
+#define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
+
+/* 99 is the maximum possible ERR_R_... code, higher values
+ * are reserved for the individual libraries */
+
+
+typedef struct ERR_string_data_st
+        {
+        unsigned long error;
+        const char *string;
+        } ERR_STRING_DATA;
+
+void ERR_put_error(int lib, int func,int reason,const char *file,int line);
+void ERR_set_error_data(char *data,int flags);
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_line(const char **file,int *line);
+unsigned long ERR_get_error_line_data(const char **file,int *line,
+                                      const char **data, int *flags);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_error_line(const char **file,int *line);
+unsigned long ERR_peek_error_line_data(const char **file,int *line,
+                                       const char **data,int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file,int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file,int *line,
+                                       const char **data,int *flags);
+void ERR_clear_error(void );
+char *ERR_error_string(unsigned long e,char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+                         void *u);
+#ifndef OPENSSL_NO_FP_API
+void ERR_print_errors_fp(FILE *fp);
+#endif
+#ifndef OPENSSL_NO_BIO
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data(int num, ...);
+#endif
+void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
+void ERR_load_ERR_strings(void);
+void ERR_load_crypto_strings(void);
+void ERR_free_strings(void);
+
+void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+ERR_STATE *ERR_get_state(void);
+
+#ifndef OPENSSL_NO_LHASH
+LHASH *ERR_get_string_table(void);
+LHASH *ERR_get_err_state_table(void);
+void ERR_release_err_state_table(LHASH **hash);
+#endif
+
+int ERR_get_next_error_library(void);
+
+/* This opaque type encapsulates the low-level error-state functions */
+typedef struct st_ERR_FNS ERR_FNS;
+/* An application can use this function and provide the return value to loaded
+ * modules that should use the application's ERR state/functionality */
+const ERR_FNS *ERR_get_implementation(void);
+/* A loaded module should call this function prior to any ERR operations using
+ * the application's "ERR_FNS". */
+int ERR_set_implementation(const ERR_FNS *fns);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
new file mode 100644
index 0000000000..4dc9300892
--- /dev/null
+++ b/src/lib/libcrypto/err/err_all.c
@@ -0,0 +1,137 @@
+/* crypto/err/err_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/pem2.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/conf.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rand.h>
+#include <openssl/dso.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+void ERR_load_crypto_strings(void)
+        {
+        static int done=0;
+
+        if (done) return;
+        done=1;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_ERR_strings(); /* include error strings for SYSerr */
+        ERR_load_BN_strings();
+#ifndef OPENSSL_NO_RSA
+        ERR_load_RSA_strings();
+#endif
+#ifndef OPENSSL_NO_DH
+        ERR_load_DH_strings();
+#endif
+        ERR_load_EVP_strings();
+        ERR_load_BUF_strings();
+        ERR_load_OBJ_strings();
+        ERR_load_PEM_strings();
+#ifndef OPENSSL_NO_DSA
+        ERR_load_DSA_strings();
+#endif
+        ERR_load_X509_strings();
+        ERR_load_ASN1_strings();
+        ERR_load_CONF_strings();
+        ERR_load_CRYPTO_strings();
+#ifndef OPENSSL_NO_EC
+        ERR_load_EC_strings();
+#endif
+        /* skip ERR_load_SSL_strings() because it is not in this library */
+        ERR_load_BIO_strings();
+        ERR_load_PKCS7_strings();       
+        ERR_load_X509V3_strings();
+        ERR_load_PKCS12_strings();
+        ERR_load_RAND_strings();
+        ERR_load_DSO_strings();
+#ifndef OPENSSL_NO_ENGINE
+        ERR_load_ENGINE_strings();
+#endif
+        ERR_load_OCSP_strings();
+        ERR_load_UI_strings();
+#endif
+#ifdef OPENSSL_FIPS
+        ERR_load_FIPS_strings();
+#endif
+        }
diff --git a/src/lib/libcrypto/err/err_prn.c b/src/lib/libcrypto/err/err_prn.c
new file mode 100644
index 0000000000..81e34bd6ce
--- /dev/null
+++ b/src/lib/libcrypto/err/err_prn.c
@@ -0,0 +1,106 @@
+/* crypto/err/err_prn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+                         void *u)
+        {
+        unsigned long l;
+        char buf[256];
+        char buf2[4096];
+        const char *file,*data;
+        int line,flags;
+        unsigned long es;
+
+        es=CRYPTO_thread_id();
+        while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
+                {
+                ERR_error_string_n(l, buf, sizeof buf);
+                BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
+                        file, line, (flags & ERR_TXT_STRING) ? data : "");
+                cb(buf2, strlen(buf2), u);
+                }
+        }
+
+#ifndef OPENSSL_NO_FP_API
+static int print_fp(const char *str, size_t len, void *fp)
+        {
+        return fprintf((FILE *)fp, "%s", str);
+        }
+void ERR_print_errors_fp(FILE *fp)
+        {
+        ERR_print_errors_cb(print_fp, fp);
+        }
+#endif
+
+static int print_bio(const char *str, size_t len, void *bp)
+        {
+        return BIO_write((BIO *)bp, str, len);
+        }
+void ERR_print_errors(BIO *bp)
+        {
+        ERR_print_errors_cb(print_bio, bp);
+        }
+
+        
diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec
new file mode 100644
index 0000000000..447a7f87ed
--- /dev/null
+++ b/src/lib/libcrypto/err/openssl.ec
@@ -0,0 +1,82 @@
+# crypto/err/openssl.ec
+
+# configuration file for util/mkerr.pl
+
+# files that may have to be rewritten by util/mkerr.pl
+L ERR           NONE                            NONE
+L BN            crypto/bn/bn.h                  crypto/bn/bn_err.c
+L RSA           crypto/rsa/rsa.h                crypto/rsa/rsa_err.c
+L DH            crypto/dh/dh.h                  crypto/dh/dh_err.c
+L EVP           crypto/evp/evp.h                crypto/evp/evp_err.c
+L BUF           crypto/buffer/buffer.h          crypto/buffer/buf_err.c
+L OBJ           crypto/objects/objects.h        crypto/objects/obj_err.c
+L PEM           crypto/pem/pem.h                crypto/pem/pem_err.c
+L DSA           crypto/dsa/dsa.h                crypto/dsa/dsa_err.c
+L X509          crypto/x509/x509.h              crypto/x509/x509_err.c
+L ASN1          crypto/asn1/asn1.h              crypto/asn1/asn1_err.c
+L CONF          crypto/conf/conf.h              crypto/conf/conf_err.c
+L CRYPTO        crypto/crypto.h                 crypto/cpt_err.c
+L EC            crypto/ec/ec.h                  crypto/ec/ec_err.c
+L SSL           ssl/ssl.h                       ssl/ssl_err.c
+L BIO           crypto/bio/bio.h                crypto/bio/bio_err.c
+L PKCS7         crypto/pkcs7/pkcs7.h            crypto/pkcs7/pkcs7err.c
+L X509V3        crypto/x509v3/x509v3.h          crypto/x509v3/v3err.c
+L PKCS12        crypto/pkcs12/pkcs12.h          crypto/pkcs12/pk12err.c
+L RAND          crypto/rand/rand.h              crypto/rand/rand_err.c
+L DSO           crypto/dso/dso.h                crypto/dso/dso_err.c
+L ENGINE        crypto/engine/engine.h          crypto/engine/eng_err.c
+L OCSP          crypto/ocsp/ocsp.h              crypto/ocsp/ocsp_err.c
+L UI            crypto/ui/ui.h                  crypto/ui/ui_err.c
+L FIPS          fips/fips.h                     fips/fips_err.h
+
+# additional header files to be scanned for function names
+L NONE          crypto/x509/x509_vfy.h          NONE
+L NONE          crypto/ec/ec_lcl.h              NONE
+
+
+F RSAREF_F_RSA_BN2BIN
+F RSAREF_F_RSA_PRIVATE_DECRYPT
+F RSAREF_F_RSA_PRIVATE_ENCRYPT
+F RSAREF_F_RSA_PUBLIC_DECRYPT
+F RSAREF_F_RSA_PUBLIC_ENCRYPT
+#F SSL_F_CLIENT_CERTIFICATE
+
+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE          1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC              1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED           1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW             1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE       1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE           1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE              1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE             1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE     1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED         1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED         1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN         1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER           1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA                  1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED               1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR                1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR               1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION          1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION            1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY       1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR              1080
+R SSL_R_TLSV1_ALERT_USER_CANCELLED              1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION            1100
+
+R RSAREF_R_CONTENT_ENCODING                     0x0400
+R RSAREF_R_DATA                                 0x0401
+R RSAREF_R_DIGEST_ALGORITHM                     0x0402
+R RSAREF_R_ENCODING                             0x0403
+R RSAREF_R_KEY                                  0x0404
+R RSAREF_R_KEY_ENCODING                         0x0405
+R RSAREF_R_LEN                                  0x0406
+R RSAREF_R_MODULUS_LEN                          0x0407
+R RSAREF_R_NEED_RANDOM                          0x0408
+R RSAREF_R_PRIVATE_KEY                          0x0409
+R RSAREF_R_PUBLIC_KEY                           0x040a
+R RSAREF_R_SIGNATURE                            0x040b
+R RSAREF_R_SIGNATURE_ENCODING                   0x040c
+R RSAREF_R_ENCRYPTION_ALGORITHM                 0x040d
+
diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl
new file mode 100644
index 0000000000..f33aebd33a
--- /dev/null
+++ b/src/lib/libcrypto/evp/Makefile.ssl
@@ -0,0 +1,1059 @@
+#
+# SSLeay/crypto/evp/Makefile
+#
+
+DIR=    evp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=evp_test.c
+TESTDATA=evptests.txt
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+        e_des.c e_bf.c e_idea.c e_des3.c \
+        e_rc4.c e_aes.c names.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+        e_des.o e_bf.o e_idea.o e_des3.o \
+        e_rc4.o e_aes.o names.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \
+        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        cp $(TESTDATA) ../../test
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../e_os.h ../../include/openssl/aes.h
+bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_b64.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_b64.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_b64.o: ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/aes.h
+bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_enc.o: ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_md.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_md.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_md.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_md.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+bio_md.o: ../../include/openssl/ui_compat.h ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_ok.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_ok.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_ok.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_ok.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_ok.o: ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_all.o: ../../include/openssl/ui_compat.h ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_allc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_allc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_allc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_allc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_allc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_allc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_alld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_alld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_alld.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_alld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_alld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_alld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_alld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+digest.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+digest.o: ../../include/openssl/ui_compat.h ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_aes.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_aes.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_aes.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_aes.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_aes.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_aes.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_aes.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_aes.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_aes.c
+e_aes.o: evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_bf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_bf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_bf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_bf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_bf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_bf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_bf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_bf.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_bf.c evp_locl.h
+e_cast.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_cast.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_cast.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_cast.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_cast.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cast.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_cast.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_cast.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_cast.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_cast.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des3.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des3.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des3.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_idea.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_idea.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_idea.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_idea.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_idea.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_idea.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_null.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_null.c
+e_rc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc2.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c
+e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc5.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc5.c evp_locl.h
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/aes.h
+e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_xcbc_d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_xcbc_d.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_xcbc_d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_xcbc_d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+encode.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+encode.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+encode.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+encode.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+encode.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+encode.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+encode.o: ../../include/openssl/ui_compat.h ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/aes.h
+evp_acnf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_acnf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
+evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+evp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+evp_err.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_err.o: evp_err.c
+evp_key.o: ../../e_os.h ../../include/openssl/aes.h
+evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_lib.o: ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pbe.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss.o: ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss1.o: ../cryptlib.h m_dss1.c
+m_md2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md2.o: ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../cryptlib.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../cryptlib.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_mdc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_mdc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_mdc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_mdc2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_mdc2.o: ../cryptlib.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/aes.h
+m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ripemd.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+m_ripemd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_ripemd.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_ripemd.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_ripemd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ripemd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ripemd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ripemd.o: ../cryptlib.h m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha1.o: ../cryptlib.h m_sha1.c
+names.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+names.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+names.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+names.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+names.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+names.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+names.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p5_crpt2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_crpt2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_crpt2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt2.o: ../cryptlib.h p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_dec.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_dec.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_dec.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_dec.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_dec.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_dec.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_dec.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_enc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_open.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_open.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_open.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_open.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_open.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_open.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_open.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_seal.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_seal.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_seal.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_seal.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_seal.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_seal.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/aes.h
+p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_verify.o: ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_verify.o: ../cryptlib.h p_verify.c
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
new file mode 100644
index 0000000000..33349c2f98
--- /dev/null
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -0,0 +1,567 @@
+/* crypto/evp/bio_b64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int b64_write(BIO *h, const char *buf, int num);
+static int b64_read(BIO *h, char *buf, int size);
+/*static int b64_puts(BIO *h, const char *str); */
+/*static int b64_gets(BIO *h, char *str, int size); */
+static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int b64_new(BIO *h);
+static int b64_free(BIO *data);
+static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
+#define B64_BLOCK_SIZE  1024
+#define B64_BLOCK_SIZE2 768
+#define B64_NONE        0
+#define B64_ENCODE      1
+#define B64_DECODE      2
+
+typedef struct b64_struct
+        {
+        /*BIO *bio; moved to the BIO structure */
+        int buf_len;
+        int buf_off;
+        int tmp_len;            /* used to find the start when decoding */
+        int tmp_nl;             /* If true, scan until '\n' */
+        int encode;
+        int start;              /* have we started decoding yet? */
+        int cont;               /* <= 0 when finished */
+        EVP_ENCODE_CTX base64;
+        char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];
+        char tmp[B64_BLOCK_SIZE];
+        } BIO_B64_CTX;
+
+static BIO_METHOD methods_b64=
+        {
+        BIO_TYPE_BASE64,"base64 encoding",
+        b64_write,
+        b64_read,
+        NULL, /* b64_puts, */
+        NULL, /* b64_gets, */
+        b64_ctrl,
+        b64_new,
+        b64_free,
+        b64_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_base64(void)
+        {
+        return(&methods_b64);
+        }
+
+static int b64_new(BIO *bi)
+        {
+        BIO_B64_CTX *ctx;
+
+        ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
+        if (ctx == NULL) return(0);
+
+        ctx->buf_len=0;
+        ctx->tmp_len=0;
+        ctx->tmp_nl=0;
+        ctx->buf_off=0;
+        ctx->cont=1;
+        ctx->start=1;
+        ctx->encode=0;
+
+        bi->init=1;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int b64_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int b64_read(BIO *b, char *out, int outl)
+        {
+        int ret=0,i,ii,j,k,x,n,num,ret_code=0;
+        BIO_B64_CTX *ctx;
+        unsigned char *p,*q;
+
+        if (out == NULL) return(0);
+        ctx=(BIO_B64_CTX *)b->ptr;
+
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+        if (ctx->encode != B64_DECODE)
+                {
+                ctx->encode=B64_DECODE;
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                ctx->tmp_len=0;
+                EVP_DecodeInit(&(ctx->base64));
+                }
+
+        /* First check if there are bytes decoded/encoded */
+        if (ctx->buf_len > 0)
+                {
+                i=ctx->buf_len-ctx->buf_off;
+                if (i > outl) i=outl;
+                OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
+                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+                ret=i;
+                out+=i;
+                outl-=i;
+                ctx->buf_off+=i;
+                if (ctx->buf_len == ctx->buf_off)
+                        {
+                        ctx->buf_len=0;
+                        ctx->buf_off=0;
+                        }
+                }
+
+        /* At this point, we have room of outl bytes and an empty
+         * buffer, so we should read in some more. */
+
+        ret_code=0;
+        while (outl > 0)
+                {
+
+                if (ctx->cont <= 0)
+                        break;
+
+                i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
+                        B64_BLOCK_SIZE-ctx->tmp_len);
+
+                if (i <= 0)
+                        {
+                        ret_code=i;
+
+                        /* Should be continue next time we are called? */
+                        if (!BIO_should_retry(b->next_bio))
+                                {
+                                ctx->cont=i;
+                                /* If buffer empty break */
+                                if(ctx->tmp_len == 0)
+                                        break;
+                                /* Fall through and process what we have */
+                                else
+                                        i = 0;
+                                }
+                        /* else we retry and add more data to buffer */
+                        else
+                                break;
+                        }
+                i+=ctx->tmp_len;
+                ctx->tmp_len = i;
+
+                /* We need to scan, a line at a time until we
+                 * have a valid line if we are starting. */
+                if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
+                        {
+                        /* ctx->start=1; */
+                        ctx->tmp_len=0;
+                        }
+                else if (ctx->start)
+                        {
+                        q=p=(unsigned char *)ctx->tmp;
+                        for (j=0; j<i; j++)
+                                {
+                                if (*(q++) != '\n') continue;
+
+                                /* due to a previous very long line,
+                                 * we need to keep on scanning for a '\n'
+                                 * before we even start looking for
+                                 * base64 encoded stuff. */
+                                if (ctx->tmp_nl)
+                                        {
+                                        p=q;
+                                        ctx->tmp_nl=0;
+                                        continue;
+                                        }
+
+                                k=EVP_DecodeUpdate(&(ctx->base64),
+                                        (unsigned char *)ctx->buf,
+                                        &num,p,q-p);
+                                if ((k <= 0) && (num == 0) && (ctx->start))
+                                        EVP_DecodeInit(&ctx->base64);
+                                else 
+                                        {
+                                        if (p != (unsigned char *)
+                                                &(ctx->tmp[0]))
+                                                {
+                                                i-=(p- (unsigned char *)
+                                                        &(ctx->tmp[0]));
+                                                for (x=0; x < i; x++)
+                                                        ctx->tmp[x]=p[x];
+                                                }
+                                        EVP_DecodeInit(&ctx->base64);
+                                        ctx->start=0;
+                                        break;
+                                        }
+                                p=q;
+                                }
+
+                        /* we fell off the end without starting */
+                        if (j == i)
+                                {
+                                /* Is this is one long chunk?, if so, keep on
+                                 * reading until a new line. */
+                                if (p == (unsigned char *)&(ctx->tmp[0]))
+                                        {
+                                        /* Check buffer full */
+                                        if (i == B64_BLOCK_SIZE)
+                                                {
+                                                ctx->tmp_nl=1;
+                                                ctx->tmp_len=0;
+                                                }
+                                        }
+                                else if (p != q) /* finished on a '\n' */
+                                        {
+                                        n=q-p;
+                                        for (ii=0; ii<n; ii++)
+                                                ctx->tmp[ii]=p[ii];
+                                        ctx->tmp_len=n;
+                                        }
+                                /* else finished on a '\n' */
+                                continue;
+                                }
+                        else
+                                ctx->tmp_len=0;
+                        }
+                /* If buffer isn't full and we can retry then
+                 * restart to read in more data.
+                 */
+                else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
+                        continue;
+
+                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+                        {
+                        int z,jj;
+
+                        jj=(i>>2)<<2;
+                        z=EVP_DecodeBlock((unsigned char *)ctx->buf,
+                                (unsigned char *)ctx->tmp,jj);
+                        if (jj > 2)
+                                {
+                                if (ctx->tmp[jj-1] == '=')
+                                        {
+                                        z--;
+                                        if (ctx->tmp[jj-2] == '=')
+                                                z--;
+                                        }
+                                }
+                        /* z is now number of output bytes and jj is the
+                         * number consumed */
+                        if (jj != i)
+                                {
+                                memcpy((unsigned char *)ctx->tmp,
+                                        (unsigned char *)&(ctx->tmp[jj]),i-jj);
+                                ctx->tmp_len=i-jj;
+                                }
+                        ctx->buf_len=0;
+                        if (z > 0)
+                                {
+                                ctx->buf_len=z;
+                                i=1;
+                                }
+                        else
+                                i=z;
+                        }
+                else
+                        {
+                        i=EVP_DecodeUpdate(&(ctx->base64),
+                                (unsigned char *)ctx->buf,&ctx->buf_len,
+                                (unsigned char *)ctx->tmp,i);
+                        ctx->tmp_len = 0;
+                        }
+                ctx->buf_off=0;
+                if (i < 0)
+                        {
+                        ret_code=0;
+                        ctx->buf_len=0;
+                        break;
+                        }
+
+                if (ctx->buf_len <= outl)
+                        i=ctx->buf_len;
+                else
+                        i=outl;
+
+                memcpy(out,ctx->buf,i);
+                ret+=i;
+                ctx->buf_off=i;
+                if (ctx->buf_off == ctx->buf_len)
+                        {
+                        ctx->buf_len=0;
+                        ctx->buf_off=0;
+                        }
+                outl-=i;
+                out+=i;
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return((ret == 0)?ret_code:ret);
+        }
+
+static int b64_write(BIO *b, const char *in, int inl)
+        {
+        int ret=inl,n,i;
+        BIO_B64_CTX *ctx;
+
+        ctx=(BIO_B64_CTX *)b->ptr;
+        BIO_clear_retry_flags(b);
+
+        if (ctx->encode != B64_ENCODE)
+                {
+                ctx->encode=B64_ENCODE;
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                ctx->tmp_len=0;
+                EVP_EncodeInit(&(ctx->base64));
+                }
+
+        n=ctx->buf_len-ctx->buf_off;
+        while (n > 0)
+                {
+                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->buf_off+=i;
+                n-=i;
+                }
+        /* at this point all pending data has been written */
+        ctx->buf_off=0;
+        ctx->buf_len=0;
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+
+        while (inl > 0)
+                {
+                n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
+
+                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+                        {
+                        if (ctx->tmp_len > 0)
+                                {
+                                n=3-ctx->tmp_len;
+                                /* There's a teoretical possibility for this */
+                                if (n > inl) 
+                                        n=inl;
+                                memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
+                                ctx->tmp_len+=n;
+                                if (ctx->tmp_len < 3)
+                                        break;
+                                ctx->buf_len=EVP_EncodeBlock(
+                                        (unsigned char *)ctx->buf,
+                                        (unsigned char *)ctx->tmp,
+                                        ctx->tmp_len);
+                                /* Since we're now done using the temporary
+                                   buffer, the length should be 0'd */
+                                ctx->tmp_len=0;
+                                }
+                        else
+                                {
+                                if (n < 3)
+                                        {
+                                        memcpy(&(ctx->tmp[0]),in,n);
+                                        ctx->tmp_len=n;
+                                        break;
+                                        }
+                                n-=n%3;
+                                ctx->buf_len=EVP_EncodeBlock(
+                                        (unsigned char *)ctx->buf,
+                                        (unsigned char *)in,n);
+                                }
+                        }
+                else
+                        {
+                        EVP_EncodeUpdate(&(ctx->base64),
+                                (unsigned char *)ctx->buf,&ctx->buf_len,
+                                (unsigned char *)in,n);
+                        }
+                inl-=n;
+                in+=n;
+
+                ctx->buf_off=0;
+                n=ctx->buf_len;
+                while (n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                return((ret == 0)?i:ret);
+                                }
+                        n-=i;
+                        ctx->buf_off+=i;
+                        }
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                }
+        return(ret);
+        }
+
+static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO_B64_CTX *ctx;
+        long ret=1;
+        int i;
+
+        ctx=(BIO_B64_CTX *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->cont=1;
+                ctx->start=1;
+                ctx->encode=B64_NONE;
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_WPENDING: /* More to write in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if ((ret == 0) && (ctx->encode != B64_NONE)
+                        && (ctx->base64.num != 0))
+                        ret=1;
+                else if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+again:
+                while (ctx->buf_len != ctx->buf_off)
+                        {
+                        i=b64_write(b,NULL,0);
+                        if (i < 0)
+                                return i;
+                        }
+                if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
+                        {
+                        if (ctx->tmp_len != 0)
+                                {
+                                ctx->buf_len=EVP_EncodeBlock(
+                                        (unsigned char *)ctx->buf,
+                                        (unsigned char *)ctx->tmp,
+                                        ctx->tmp_len);
+                                ctx->buf_off=0;
+                                ctx->tmp_len=0;
+                                goto again;
+                                }
+                        }
+                else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
+                        {
+                        ctx->buf_off=0;
+                        EVP_EncodeFinal(&(ctx->base64),
+                                (unsigned char *)ctx->buf,
+                                &(ctx->buf_len));
+                        /* push out the bytes */
+                        goto again;
+                        }
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+
+        case BIO_CTRL_DUP:
+                break;
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_SET:
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+
+static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
new file mode 100644
index 0000000000..ab81851503
--- /dev/null
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -0,0 +1,426 @@
+/* crypto/evp/bio_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int enc_write(BIO *h, const char *buf, int num);
+static int enc_read(BIO *h, char *buf, int size);
+/*static int enc_puts(BIO *h, const char *str); */
+/*static int enc_gets(BIO *h, char *str, int size); */
+static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int enc_new(BIO *h);
+static int enc_free(BIO *data);
+static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
+#define ENC_BLOCK_SIZE  (1024*4)
+#define BUF_OFFSET      EVP_MAX_BLOCK_LENGTH
+
+typedef struct enc_struct
+        {
+        int buf_len;
+        int buf_off;
+        int cont;               /* <= 0 when finished */
+        int finished;
+        int ok;                 /* bad decrypt */
+        EVP_CIPHER_CTX cipher;
+        /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
+         * can return up to a block more data than is presented to it
+         */
+        char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];
+        } BIO_ENC_CTX;
+
+static BIO_METHOD methods_enc=
+        {
+        BIO_TYPE_CIPHER,"cipher",
+        enc_write,
+        enc_read,
+        NULL, /* enc_puts, */
+        NULL, /* enc_gets, */
+        enc_ctrl,
+        enc_new,
+        enc_free,
+        enc_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_cipher(void)
+        {
+        return(&methods_enc);
+        }
+
+static int enc_new(BIO *bi)
+        {
+        BIO_ENC_CTX *ctx;
+
+        ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
+        if (ctx == NULL) return(0);
+        EVP_CIPHER_CTX_init(&ctx->cipher);
+
+        ctx->buf_len=0;
+        ctx->buf_off=0;
+        ctx->cont=1;
+        ctx->finished=0;
+        ctx->ok=1;
+
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int enc_free(BIO *a)
+        {
+        BIO_ENC_CTX *b;
+
+        if (a == NULL) return(0);
+        b=(BIO_ENC_CTX *)a->ptr;
+        EVP_CIPHER_CTX_cleanup(&(b->cipher));
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int enc_read(BIO *b, char *out, int outl)
+        {
+        int ret=0,i;
+        BIO_ENC_CTX *ctx;
+
+        if (out == NULL) return(0);
+        ctx=(BIO_ENC_CTX *)b->ptr;
+
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+        /* First check if there are bytes decoded/encoded */
+        if (ctx->buf_len > 0)
+                {
+                i=ctx->buf_len-ctx->buf_off;
+                if (i > outl) i=outl;
+                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+                ret=i;
+                out+=i;
+                outl-=i;
+                ctx->buf_off+=i;
+                if (ctx->buf_len == ctx->buf_off)
+                        {
+                        ctx->buf_len=0;
+                        ctx->buf_off=0;
+                        }
+                }
+
+        /* At this point, we have room of outl bytes and an empty
+         * buffer, so we should read in some more. */
+
+        while (outl > 0)
+                {
+                if (ctx->cont <= 0) break;
+
+                /* read in at IV offset, read the EVP_Cipher
+                 * documentation about why */
+                i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);
+
+                if (i <= 0)
+                        {
+                        /* Should be continue next time we are called? */
+                        if (!BIO_should_retry(b->next_bio))
+                                {
+                                ctx->cont=i;
+                                i=EVP_CipherFinal_ex(&(ctx->cipher),
+                                        (unsigned char *)ctx->buf,
+                                        &(ctx->buf_len));
+                                ctx->ok=i;
+                                ctx->buf_off=0;
+                                }
+                        else 
+                                {
+                                ret=(ret == 0)?i:ret;
+                                break;
+                                }
+                        }
+                else
+                        {
+                        EVP_CipherUpdate(&(ctx->cipher),
+                                (unsigned char *)ctx->buf,&ctx->buf_len,
+                                (unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
+                        ctx->cont=1;
+                        /* Note: it is possible for EVP_CipherUpdate to
+                         * decrypt zero bytes because this is or looks like
+                         * the final block: if this happens we should retry
+                         * and either read more data or decrypt the final
+                         * block
+                         */
+                        if(ctx->buf_len == 0) continue;
+                        }
+
+                if (ctx->buf_len <= outl)
+                        i=ctx->buf_len;
+                else
+                        i=outl;
+                if (i <= 0) break;
+                memcpy(out,ctx->buf,i);
+                ret+=i;
+                ctx->buf_off=i;
+                outl-=i;
+                out+=i;
+                }
+
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return((ret == 0)?ctx->cont:ret);
+        }
+
+static int enc_write(BIO *b, const char *in, int inl)
+        {
+        int ret=0,n,i;
+        BIO_ENC_CTX *ctx;
+
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        ret=inl;
+
+        BIO_clear_retry_flags(b);
+        n=ctx->buf_len-ctx->buf_off;
+        while (n > 0)
+                {
+                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->buf_off+=i;
+                n-=i;
+                }
+        /* at this point all pending data has been written */
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+
+        ctx->buf_off=0;
+        while (inl > 0)
+                {
+                n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+                EVP_CipherUpdate(&(ctx->cipher),
+                        (unsigned char *)ctx->buf,&ctx->buf_len,
+                        (unsigned char *)in,n);
+                inl-=n;
+                in+=n;
+
+                ctx->buf_off=0;
+                n=ctx->buf_len;
+                while (n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                return (ret == inl) ? i : ret - inl;
+                                }
+                        n-=i;
+                        ctx->buf_off+=i;
+                        }
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                }
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO *dbio;
+        BIO_ENC_CTX *ctx,*dctx;
+        long ret=1;
+        int i;
+        EVP_CIPHER_CTX **c_ctx;
+
+        ctx=(BIO_ENC_CTX *)b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->ok=1;
+                ctx->finished=0;
+                EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
+                        ctx->cipher.encrypt);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+again:
+                while (ctx->buf_len != ctx->buf_off)
+                        {
+                        i=enc_write(b,NULL,0);
+                        if (i < 0)
+                                return i;
+                        }
+
+                if (!ctx->finished)
+                        {
+                        ctx->finished=1;
+                        ctx->buf_off=0;
+                        ret=EVP_CipherFinal_ex(&(ctx->cipher),
+                                (unsigned char *)ctx->buf,
+                                &(ctx->buf_len));
+                        ctx->ok=(int)ret;
+                        if (ret <= 0) break;
+
+                        /* push out the bytes */
+                        goto again;
+                        }
+                
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_GET_CIPHER_STATUS:
+                ret=(long)ctx->ok;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_C_GET_CIPHER_CTX:
+                c_ctx=(EVP_CIPHER_CTX **)ptr;
+                (*c_ctx)= &(ctx->cipher);
+                b->init=1;
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                dctx=(BIO_ENC_CTX *)dbio->ptr;
+                memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+                dbio->init=1;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+
+static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+        {
+        if (b == NULL) return;
+
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
+*/
+
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
+             unsigned char *i, int e)
+        {
+        BIO_ENC_CTX *ctx;
+
+        if (b == NULL) return;
+
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
+        }
+
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
new file mode 100644
index 0000000000..f4aa41ac4b
--- /dev/null
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -0,0 +1,264 @@
+/* crypto/evp/bio_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+/* BIO_put and BIO_get both add to the digest,
+ * BIO_gets returns the digest */
+
+static int md_write(BIO *h, char const *buf, int num);
+static int md_read(BIO *h, char *buf, int size);
+/*static int md_puts(BIO *h, const char *str); */
+static int md_gets(BIO *h, char *str, int size);
+static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int md_new(BIO *h);
+static int md_free(BIO *data);
+static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
+
+static BIO_METHOD methods_md=
+        {
+        BIO_TYPE_MD,"message digest",
+        md_write,
+        md_read,
+        NULL, /* md_puts, */
+        md_gets,
+        md_ctrl,
+        md_new,
+        md_free,
+        md_callback_ctrl,
+        };
+
+BIO_METHOD *BIO_f_md(void)
+        {
+        return(&methods_md);
+        }
+
+static int md_new(BIO *bi)
+        {
+        EVP_MD_CTX *ctx;
+
+        ctx=EVP_MD_CTX_create();
+        if (ctx == NULL) return(0);
+
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+
+static int md_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        EVP_MD_CTX_destroy(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int md_read(BIO *b, char *out, int outl)
+        {
+        int ret=0;
+        EVP_MD_CTX *ctx;
+
+        if (out == NULL) return(0);
+        ctx=b->ptr;
+
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+        ret=BIO_read(b->next_bio,out,outl);
+        if (b->init)
+                {
+                if (ret > 0)
+                        {
+                        EVP_DigestUpdate(ctx,(unsigned char *)out,
+                                (unsigned int)ret);
+                        }
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static int md_write(BIO *b, const char *in, int inl)
+        {
+        int ret=0;
+        EVP_MD_CTX *ctx;
+
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx=b->ptr;
+
+        if ((ctx != NULL) && (b->next_bio != NULL))
+                ret=BIO_write(b->next_bio,in,inl);
+        if (b->init)
+                {
+                if (ret > 0)
+                        {
+                        EVP_DigestUpdate(ctx,(unsigned char *)in,
+                                (unsigned int)ret);
+                        }
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+
+static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        EVP_MD_CTX *ctx,*dctx,**pctx;
+        const EVP_MD **ppmd;
+        EVP_MD *md;
+        long ret=1;
+        BIO *dbio;
+
+        ctx=b->ptr;
+
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                if (b->init)
+                        ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
+                else
+                        ret=0;
+                if (ret > 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_GET_MD:
+                if (b->init)
+                        {
+                        ppmd=ptr;
+                        *ppmd=ctx->digest;
+                        }
+                else
+                        ret=0;
+                break;
+        case BIO_C_GET_MD_CTX:
+                pctx=ptr;
+                *pctx=ctx;
+                break;
+        case BIO_C_SET_MD_CTX:
+                if (b->init)
+                        b->ptr=ptr;
+                else
+                        ret=0;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+
+        case BIO_C_SET_MD:
+                md=ptr;
+                ret = EVP_DigestInit_ex(ctx,md, NULL);
+                if (ret > 0)
+                        b->init=1;
+                break;
+        case BIO_CTRL_DUP:
+                dbio=ptr;
+                dctx=dbio->ptr;
+                EVP_MD_CTX_copy_ex(dctx,ctx);
+                b->init=1;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+
+static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+
+static int md_gets(BIO *bp, char *buf, int size)
+        {
+        EVP_MD_CTX *ctx;
+        unsigned int ret;
+
+
+        ctx=bp->ptr;
+        if (size < ctx->digest->md_size)
+                return(0);
+        EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
+        return((int)ret);
+        }
+
+/*
+static int md_puts(bp,str)
+BIO *bp;
+char *str;
+        {
+        return(-1);
+        }
+*/
+
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
new file mode 100644
index 0000000000..fa60a73ead
--- /dev/null
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -0,0 +1,84 @@
+/* crypto/evp/c_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+#if 0
+#undef OpenSSL_add_all_algorithms
+
+void OpenSSL_add_all_algorithms(void)
+        {
+        OPENSSL_add_all_algorithms_noconf();
+        }
+#endif
+
+void OPENSSL_add_all_algorithms_noconf(void)
+        {
+        OpenSSL_add_all_ciphers();
+        OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
+# if defined(__OpenBSD__) || defined(__FreeBSD__)
+        ENGINE_setup_bsd_cryptodev();
+# endif
+#endif
+        }
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index 929ea56a3e..aae7bf7482 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -100,14 +100,4 @@ void OpenSSL_add_all_digests(void)
         EVP_add_digest_alias(SN_ripemd160,"ripemd");
         EVP_add_digest_alias(SN_ripemd160,"rmd160");
 #endif
-#ifdef OPENSSL_FIPS
-#ifndef OPENSSL_NO_SHA256
-        EVP_add_digest(EVP_sha224());
-        EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
-        EVP_add_digest(EVP_sha384());
-        EVP_add_digest(EVP_sha512());
-#endif
-#endif
         }
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
new file mode 100644
index 0000000000..f21c63842c
--- /dev/null
+++ b/src/lib/libcrypto/evp/digest.c
@@ -0,0 +1,379 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+        {
+        memset(ctx,'\0',sizeof *ctx);
+        }
+
+EVP_MD_CTX *EVP_MD_CTX_create(void)
+        {
+        EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
+
+        EVP_MD_CTX_init(ctx);
+
+        return ctx;
+        }
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+        {
+        EVP_MD_CTX_init(ctx);
+        return EVP_DigestInit_ex(ctx, type, NULL);
+        }
+
+#ifdef OPENSSL_FIPS
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_MD_CTX *ctx)
+        { FIPS_ERROR_IGNORED("Digest init"); return 0;}
+
+static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { FIPS_ERROR_IGNORED("Digest update"); return 0;}
+
+static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
+        { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
+
+static const EVP_MD bad_md =
+        {
+        0,
+        0,
+        0,
+        0,
+        bad_init,
+        bad_update,
+        bad_final,
+        NULL,
+        NULL,
+        NULL,
+        0,
+        {0,0,0,0},
+        };
+
+#endif
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+        {
+        EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
+         * reinitialisation, when it may all be unecessary. */
+        if (ctx->engine && ctx->digest && (!type ||
+                        (type && (type->type == ctx->digest->type))))
+                goto skip_to_init;
+        if (type)
+                {
+                /* Ensure an ENGINE left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_MD could be used). */
+                if(ctx->engine)
+                        ENGINE_finish(ctx->engine);
+                if(impl)
+                        {
+                        if (!ENGINE_init(impl))
+                                {
+                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        /* Ask if an ENGINE is reserved for this job */
+                        impl = ENGINE_get_digest_engine(type->type);
+                if(impl)
+                        {
+                        /* There's an ENGINE for this job ... (apparently) */
+                        const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+                        if(!d)
+                                {
+                                /* Same comment from evp_enc.c */
+                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        /* We'll use the ENGINE's private digest definition */
+                        type = d;
+                        /* Store the ENGINE functional reference so we know
+                         * 'type' came from an ENGINE and we need to release
+                         * it when done. */
+                        ctx->engine = impl;
+                        }
+                else
+                        ctx->engine = NULL;
+                }
+        else
+        if(!ctx->digest)
+                {
+                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
+                return 0;
+                }
+#endif
+        if (ctx->digest != type)
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        {
+                        if (!(type->flags & EVP_MD_FLAG_FIPS) 
+                         && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
+                                {
+                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
+                                ctx->digest = &bad_md;
+                                return 0;
+                                }
+                        }
+#endif
+                if (ctx->digest && ctx->digest->ctx_size)
+                        OPENSSL_free(ctx->md_data);
+                ctx->digest=type;
+                if (type->ctx_size)
+                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
+                }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+        return ctx->digest->init(ctx);
+        }
+
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
+             unsigned int count)
+        {
+        return ctx->digest->update(ctx,data,(unsigned long)count);
+        }
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+        {
+        int ret;
+        ret = EVP_DigestFinal_ex(ctx, md, size);
+        EVP_MD_CTX_cleanup(ctx);
+        return ret;
+        }
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+        {
+        int ret;
+
+        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+        ret=ctx->digest->final(ctx,md);
+        if (size != NULL)
+                *size=ctx->digest->md_size;
+        if (ctx->digest->cleanup)
+                {
+                ctx->digest->cleanup(ctx);
+                EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+                }
+        memset(ctx->md_data,0,ctx->digest->ctx_size);
+        return ret;
+        }
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+        {
+        EVP_MD_CTX_init(out);
+        return EVP_MD_CTX_copy_ex(out, in);
+        }
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+        {
+        unsigned char *tmp_buf;
+        if ((in == NULL) || (in->digest == NULL))
+                {
+                EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+                return 0;
+                }
+#ifndef OPENSSL_NO_ENGINE
+        /* Make sure it's safe to copy a digest context using an ENGINE */
+        if (in->engine && !ENGINE_init(in->engine))
+                {
+                EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
+                return 0;
+                }
+#endif
+
+        if (out->digest == in->digest)
+                {
+                tmp_buf = out->md_data;
+                EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
+                }
+        else tmp_buf = NULL;
+        EVP_MD_CTX_cleanup(out);
+        memcpy(out,in,sizeof *out);
+
+        if (out->digest->ctx_size)
+                {
+                if (tmp_buf) out->md_data = tmp_buf;
+                else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+                memcpy(out->md_data,in->md_data,out->digest->ctx_size);
+                }
+
+        if (out->digest->copy)
+                return out->digest->copy(out,in);
+        
+        return 1;
+        }
+
+int EVP_Digest(void *data, unsigned int count,
+                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
+        {
+        EVP_MD_CTX ctx;
+        int ret;
+
+        EVP_MD_CTX_init(&ctx);
+        EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+        ret=EVP_DigestInit_ex(&ctx, type, impl)
+          && EVP_DigestUpdate(&ctx, data, count)
+          && EVP_DigestFinal_ex(&ctx, md, size);
+        EVP_MD_CTX_cleanup(&ctx);
+
+        return ret;
+        }
+
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+        {
+        EVP_MD_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+        }
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+        {
+        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
+         * because sometimes only copies of the context are ever finalised.
+         */
+        if (ctx->digest && ctx->digest->cleanup
+            && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
+                ctx->digest->cleanup(ctx);
+        if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+            && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
+                {
+                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
+                OPENSSL_free(ctx->md_data);
+                }
+#ifndef OPENSSL_NO_ENGINE
+        if(ctx->engine)
+                /* The EVP_MD we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                ENGINE_finish(ctx->engine);
+#endif
+        memset(ctx,'\0',sizeof *ctx);
+
+        return 1;
+        }
diff --git a/src/lib/libcrypto/evp/e_acss.c b/src/lib/libcrypto/evp/e_acss.c
new file mode 100644
index 0000000000..a16b85c627
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_acss.c
@@ -0,0 +1,85 @@
+/*      $Id: e_acss.c,v 1.2 2004/02/13 10:05:44 hshoexer Exp $  */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef OPENSSL_NO_ACSS
+
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/acss.h>
+
+typedef struct {
+    ACSS_KEY ks;
+} EVP_ACSS_KEY;
+
+#define data(ctx) EVP_C_DATA(EVP_ACSS_KEY,ctx)
+
+static int acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                const unsigned char *iv, int enc);
+static int acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                const unsigned char *in, unsigned int inl);
+static int acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+static const EVP_CIPHER acss_cipher = {
+        NID_undef,
+        1,5,0,
+        0,
+        acss_init_key,
+        acss_ciph,
+        NULL,
+        sizeof(EVP_ACSS_KEY),
+        NULL,
+        NULL,
+        acss_ctrl,
+        NULL
+};
+
+const
+EVP_CIPHER *EVP_acss(void)
+{
+        return(&acss_cipher);
+}
+
+static int
+acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                const unsigned char *iv, int enc)
+{
+        acss_setkey(&data(ctx)->ks,key,enc,ACSS_MODE1);
+        return 1;
+}
+
+static int
+acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
+                unsigned int inl)
+{
+        acss(&data(ctx)->ks,inl,in,out);
+        return 1;
+}
+
+static int
+acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        switch(type) {
+        case EVP_CTRL_SET_ACSS_MODE:
+                data(ctx)->ks.mode = arg;
+                return 1;
+
+        default:
+                return -1;
+        }
+}
+#endif
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
new file mode 100644
index 0000000000..f35036c9d7
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -0,0 +1,118 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef OPENSSL_NO_AES
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <openssl/aes.h>
+#include "evp_locl.h"
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                        const unsigned char *iv, int enc);
+
+typedef struct
+        {
+        AES_KEY ks;
+        } EVP_AES_KEY;
+
+#define data(ctx)       EVP_C_DATA(EVP_AES_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
+                       NID_aes_128, 16, 16, 16, 128,
+                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
+                       EVP_CIPHER_set_asn1_iv,
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
+IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
+                       NID_aes_192, 16, 24, 16, 128,
+                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
+                       EVP_CIPHER_set_asn1_iv,
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
+IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
+                       NID_aes_256, 16, 32, 16, 128,
+                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
+                       EVP_CIPHER_set_asn1_iv,
+                       EVP_CIPHER_get_asn1_iv,
+                       NULL)
+
+#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)   IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
+
+IMPLEMENT_AES_CFBR(128,1,0)
+IMPLEMENT_AES_CFBR(192,1,0)
+IMPLEMENT_AES_CFBR(256,1,0)
+
+IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                   const unsigned char *iv, int enc)
+        {
+        int ret;
+
+        if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
+            || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
+            || enc) 
+                ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+        else
+                ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+
+        if(ret < 0)
+                {
+                EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
+                return 0;
+                }
+
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
new file mode 100644
index 0000000000..e74337567b
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -0,0 +1,88 @@
+/* crypto/evp/e_bf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_BF
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+#include <openssl/blowfish.h>
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc);
+
+typedef struct
+        {
+        BF_KEY ks;
+        } EVP_BF_KEY;
+
+#define data(ctx)       EVP_C_DATA(EVP_BF_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
+                        EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+        
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+        {
+        BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
new file mode 100644
index 0000000000..3400fef187
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -0,0 +1,90 @@
+/* crypto/evp/e_cast.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_CAST
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/cast.h>
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv,int enc);
+
+typedef struct
+        {
+        CAST_KEY ks;
+        } EVP_CAST_KEY;
+
+#define data(ctx)       EVP_C_DATA(EVP_CAST_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 
+                        NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
+                        EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+                        
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+        {
+        CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
new file mode 100644
index 0000000000..46e2899825
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -0,0 +1,154 @@
+/* crypto/evp/e_des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_DES
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/des.h>
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+
+/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
+
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+{
+        BLOCK_CIPHER_ecb_loop()
+                DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
+        return 1;
+}
+
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+{
+        DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
+        return 1;
+}
+
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, unsigned int inl)
+{
+        DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+                         (DES_cblock *)ctx->iv, ctx->encrypt);
+        return 1;
+}
+
+static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, unsigned int inl)
+{
+        DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+                          (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+        return 1;
+}
+
+/* Although we have a CFB-r implementation for DES, it doesn't pack the right
+   way, so wrap it here */
+static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl)
+    {
+    unsigned int n;
+    unsigned char c[1],d[1];
+
+    for(n=0 ; n < inl ; ++n)
+        {
+        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
+                        ctx->encrypt);
+        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+        }
+    return 1;
+    }
+
+static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl)
+    {
+    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
+                    ctx->encrypt);
+    return 1;
+    }
+
+BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
+                        EVP_CIPH_FLAG_FIPS, des_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
+                     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,NULL)
+
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
+                     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,NULL)
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+        {
+        DES_cblock *deskey = (DES_cblock *)key;
+
+        DES_set_key_unchecked(deskey,ctx->cipher_data);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
new file mode 100644
index 0000000000..677322bf02
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -0,0 +1,232 @@
+/* crypto/evp/e_des3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_DES
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/des.h>
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv,int enc);
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv,int enc);
+
+typedef struct
+    {
+    DES_key_schedule ks1;/* key schedule */
+    DES_key_schedule ks2;/* key schedule (for ede) */
+    DES_key_schedule ks3;/* key schedule (for ede3) */
+    } DES_EDE_KEY;
+
+#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+
+/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+        BLOCK_CIPHER_ecb_loop()
+                DES_ecb3_encrypt(in + i,out + i, 
+                                 &data(ctx)->ks1, &data(ctx)->ks2,
+                                 &data(ctx)->ks3,
+                                 ctx->encrypt);
+        return 1;
+}
+
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+        DES_ede3_ofb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                               (DES_cblock *)ctx->iv, &ctx->num);
+        return 1;
+}
+
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+#ifdef KSSL_DEBUG
+        {
+        int i;
+        char *cp;
+        printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
+        printf("\t iv= ");
+        for(i=0;i<8;i++)
+                printf("%02X",ctx->iv[i]);
+        printf("\n");
+        }
+#endif    /* KSSL_DEBUG */
+        DES_ede3_cbc_encrypt(in, out, (long)inl,
+                             &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                             (DES_cblock *)ctx->iv, ctx->encrypt);
+        return 1;
+}
+
+static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, unsigned int inl)
+{
+        DES_ede3_cfb64_encrypt(in, out, (long)inl, 
+                               &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                               (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+        return 1;
+}
+
+/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
+   way, so wrap it here */
+static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, unsigned int inl)
+    {
+    unsigned int n;
+    unsigned char c[1],d[1];
+
+    for(n=0 ; n < inl ; ++n)
+        {
+        c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+        DES_ede3_cfb_encrypt(c,d,1,1,
+                             &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
+                             (DES_cblock *)ctx->iv,ctx->encrypt);
+        out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
+        }
+
+    return 1;
+    }
+
+static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, unsigned int inl)
+    {
+    DES_ede3_cfb_encrypt(in,out,8,inl,
+                         &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
+                         (DES_cblock *)ctx->iv,ctx->encrypt);
+    return 1;
+    }
+
+BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+                        EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+#define des_ede3_ofb_cipher des_ede_ofb_cipher
+#define des_ede3_cbc_cipher des_ede_cbc_cipher
+#define des_ede3_ecb_cipher des_ede_ecb_cipher
+
+BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+                        EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
+                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,NULL)
+
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
+                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,NULL)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+        {
+        DES_cblock *deskey = (DES_cblock *)key;
+
+        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
+        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+        memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
+               sizeof(data(ctx)->ks1));
+        return 1;
+        }
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+        {
+        DES_cblock *deskey = (DES_cblock *)key;
+#ifdef KSSL_DEBUG
+        {
+        int i;
+        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
+        printf("\tKEY= ");
+        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
+        printf("\t IV= ");
+        for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
+        }
+#endif  /* KSSL_DEBUG */
+
+        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
+        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+        DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
+
+        return 1;
+        }
+
+const EVP_CIPHER *EVP_des_ede(void)
+{
+        return &des_ede_ecb;
+}
+
+const EVP_CIPHER *EVP_des_ede3(void)
+{
+        return &des_ede3_ecb;
+}
+#endif
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
new file mode 100644
index 0000000000..b9efa75ae7
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -0,0 +1,118 @@
+/* crypto/evp/e_idea.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_IDEA
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/idea.h>
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv,int enc);
+
+/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
+ * case 
+ */
+
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl)
+{
+        BLOCK_CIPHER_ecb_loop()
+                idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+        return 1;
+}
+
+/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
+
+typedef struct
+        {
+        IDEA_KEY_SCHEDULE ks;
+        } EVP_IDEA_KEY;
+
+BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
+
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+                        0, idea_init_key, NULL, 
+                        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+        {
+        if(!enc) {
+                if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
+                else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
+        }
+        if (enc) idea_set_encrypt_key(key,ctx->cipher_data);
+        else
+                {
+                IDEA_KEY_SCHEDULE tmp;
+
+                idea_set_encrypt_key(key,&tmp);
+                idea_set_decrypt_key(&tmp,ctx->cipher_data);
+                OPENSSL_cleanse((unsigned char *)&tmp,
+                                sizeof(IDEA_KEY_SCHEDULE));
+                }
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
new file mode 100644
index 0000000000..a84b0f14b1
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -0,0 +1,101 @@
+/* crypto/evp/e_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+        const unsigned char *iv,int enc);
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+        const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER n_cipher=
+        {
+        NID_undef,
+        1,0,0,
+        EVP_CIPH_FLAG_FIPS,
+        null_init_key,
+        null_cipher,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+
+const EVP_CIPHER *EVP_enc_null(void)
+        {
+        return(&n_cipher);
+        }
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+             const unsigned char *iv, int enc)
+        {
+        /*      memset(&(ctx->c),0,sizeof(ctx->c));*/
+        return 1;
+        }
+
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+             const unsigned char *in, unsigned int inl)
+        {
+        if (in != out)
+                memcpy((char *)out,(char *)in,(int)inl);
+        return 1;
+        }
+
diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c
new file mode 100644
index 0000000000..92dc498945
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_old.c
@@ -0,0 +1,108 @@
+/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+
+/* Define some deprecated functions, so older programs
+   don't crash and burn too quickly.  On Windows and VMS,
+   these will never be used, since functions and variables
+   in shared libraries are selected by entry point location,
+   not by name.  */
+
+#ifndef OPENSSL_NO_BF
+#undef EVP_bf_cfb
+const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
+#endif
+
+#ifndef OPENSSL_NO_DES
+#undef EVP_des_cfb
+const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
+#undef EVP_des_ede3_cfb
+const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
+#undef EVP_des_ede_cfb
+const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+#undef EVP_idea_cfb
+const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
+#endif
+
+#ifndef OPENSSL_NO_RC2
+#undef EVP_rc2_cfb
+const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
+#endif
+
+#ifndef OPENSSL_NO_CAST
+#undef EVP_cast5_cfb
+const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
+#endif
+
+#ifndef OPENSSL_NO_RC5
+#undef EVP_rc5_32_12_16_cfb
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
+#endif
+
+#ifndef OPENSSL_NO_AES
+#undef EVP_aes_128_cfb
+const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
+#undef EVP_aes_192_cfb
+const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
+#undef EVP_aes_256_cfb
+const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
+#endif
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
new file mode 100644
index 0000000000..d42cbfd17e
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -0,0 +1,230 @@
+/* crypto/evp/e_rc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_RC2
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/rc2.h>
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv,int enc);
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
+static int rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct
+        {
+        int key_bits;   /* effective key bits */
+        RC2_KEY ks;     /* key schedule */
+        } EVP_RC2_KEY;
+
+#define data(ctx)       ((EVP_RC2_KEY *)(ctx)->cipher_data)
+
+IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
+                        8,
+                        RC2_KEY_LENGTH, 8, 64,
+                        EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                        rc2_init_key, NULL,
+                        rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 
+                        rc2_ctrl)
+
+#define RC2_40_MAGIC    0xa0
+#define RC2_64_MAGIC    0x78
+#define RC2_128_MAGIC   0x3a
+
+static const EVP_CIPHER r2_64_cbc_cipher=
+        {
+        NID_rc2_64_cbc,
+        8,8 /* 64 bit */,8,
+        EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+        rc2_init_key,
+        rc2_cbc_cipher,
+        NULL,
+        sizeof(EVP_RC2_KEY),
+        rc2_set_asn1_type_and_iv,
+        rc2_get_asn1_type_and_iv,
+        rc2_ctrl,
+        NULL
+        };
+
+static const EVP_CIPHER r2_40_cbc_cipher=
+        {
+        NID_rc2_40_cbc,
+        8,5 /* 40 bit */,8,
+        EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+        rc2_init_key,
+        rc2_cbc_cipher,
+        NULL,
+        sizeof(EVP_RC2_KEY),
+        rc2_set_asn1_type_and_iv,
+        rc2_get_asn1_type_and_iv,
+        rc2_ctrl,
+        NULL
+        };
+
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
+        {
+        return(&r2_64_cbc_cipher);
+        }
+
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
+        {
+        return(&r2_40_cbc_cipher);
+        }
+        
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+        {
+        RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+                    key,data(ctx)->key_bits);
+        return 1;
+        }
+
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
+        {
+        int i;
+
+        EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+        if      (i == 128) return(RC2_128_MAGIC);
+        else if (i == 64)  return(RC2_64_MAGIC);
+        else if (i == 40)  return(RC2_40_MAGIC);
+        else return(0);
+        }
+
+static int rc2_magic_to_meth(int i)
+        {
+        if      (i == RC2_128_MAGIC) return 128;
+        else if (i == RC2_64_MAGIC)  return 64;
+        else if (i == RC2_40_MAGIC)  return 40;
+        else
+                {
+                EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
+                return(0);
+                }
+        }
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        long num=0;
+        int i=0,l;
+        int key_bits;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+
+        if (type != NULL)
+                {
+                l=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(l <= sizeof iv);
+                i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
+                if (i != l)
+                        return(-1);
+                key_bits =rc2_magic_to_meth((int)num);
+                if (!key_bits)
+                        return(-1);
+                if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
+                EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+                EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
+                }
+        return(i);
+        }
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        long num;
+        int i=0,j;
+
+        if (type != NULL)
+                {
+                num=rc2_meth_to_magic(c);
+                j=EVP_CIPHER_CTX_iv_length(c);
+                i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
+                }
+        return(i);
+        }
+
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+        {
+        switch(type)
+                {
+        case EVP_CTRL_INIT:
+                data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+                return 1;
+
+        case EVP_CTRL_GET_RC2_KEY_BITS:
+                *(int *)ptr = data(c)->key_bits;
+                return 1;
+                        
+        case EVP_CTRL_SET_RC2_KEY_BITS:
+                if(arg > 0)
+                        {
+                        data(c)->key_bits = arg;
+                        return 1;
+                        }
+                return 0;
+
+        default:
+                return -1;
+                }
+        }
+
+#endif
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
new file mode 100644
index 0000000000..8aa70585b9
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -0,0 +1,134 @@
+/* crypto/evp/e_rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_RC4
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/rc4.h>
+
+/* FIXME: surely this is available elsewhere? */
+#define EVP_RC4_KEY_SIZE                16
+
+typedef struct
+    {
+    RC4_KEY ks; /* working key */
+    } EVP_RC4_KEY;
+
+#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv,int enc);
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER r4_cipher=
+        {
+        NID_rc4,
+        1,EVP_RC4_KEY_SIZE,0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        rc4_init_key,
+        rc4_cipher,
+        NULL,
+        sizeof(EVP_RC4_KEY),
+        NULL,
+        NULL,
+        NULL
+        };
+
+static const EVP_CIPHER r4_40_cipher=
+        {
+        NID_rc4_40,
+        1,5 /* 40 bit */,0,
+        EVP_CIPH_VARIABLE_LENGTH,
+        rc4_init_key,
+        rc4_cipher,
+        NULL,
+        sizeof(EVP_RC4_KEY),
+        NULL, 
+        NULL,
+        NULL
+        };
+
+const EVP_CIPHER *EVP_rc4(void)
+        {
+        return(&r4_cipher);
+        }
+
+const EVP_CIPHER *EVP_rc4_40(void)
+        {
+        return(&r4_40_cipher);
+        }
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+        {
+        RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+                    key);
+        return 1;
+        }
+
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, unsigned int inl)
+        {
+        RC4(&data(ctx)->ks,inl,in,out);
+        return 1;
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
new file mode 100644
index 0000000000..a6f849e93d
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -0,0 +1,122 @@
+/* crypto/evp/e_xcbc_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_DES
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/des.h>
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv,int enc);
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl);
+
+
+typedef struct
+    {
+    DES_key_schedule ks;/* key schedule */
+    DES_cblock inw;
+    DES_cblock outw;
+    } DESX_CBC_KEY;
+
+#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
+
+static const EVP_CIPHER d_xcbc_cipher=
+        {
+        NID_desx_cbc,
+        8,24,8,
+        EVP_CIPH_CBC_MODE,
+        desx_cbc_init_key,
+        desx_cbc_cipher,
+        NULL,
+        sizeof(DESX_CBC_KEY),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+        };
+
+const EVP_CIPHER *EVP_desx_cbc(void)
+        {
+        return(&d_xcbc_cipher);
+        }
+        
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+        {
+        DES_cblock *deskey = (DES_cblock *)key;
+
+        DES_set_key_unchecked(deskey,&data(ctx)->ks);
+        memcpy(&data(ctx)->inw[0],&key[8],8);
+        memcpy(&data(ctx)->outw[0],&key[16],8);
+
+        return 1;
+        }
+
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, unsigned int inl)
+        {
+        DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
+                         (DES_cblock *)&(ctx->iv[0]),
+                         &data(ctx)->inw,
+                         &data(ctx)->outw,
+                         ctx->encrypt);
+        return 1;
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
new file mode 100644
index 0000000000..08209357ce
--- /dev/null
+++ b/src/lib/libcrypto/evp/encode.c
@@ -0,0 +1,446 @@
+/* crypto/evp/encode.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+
+#ifndef CHARSET_EBCDIC
+#define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+#define conv_ascii2bin(a)       (data_ascii2bin[(a)&0x7f])
+#else
+/* We assume that PEM encoded files are EBCDIC files
+ * (i.e., printable text files). Convert them here while decoding.
+ * When encoding, output is EBCDIC (text) format again.
+ * (No need for conversion in the conv_bin2ascii macro, as the
+ * underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+#define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+#define conv_ascii2bin(a)       (data_ascii2bin[os_toascii[a]&0x7f])
+#endif
+
+/* 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte  => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE    (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE   (64+1)
+
+static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+
+#define B64_EOLN                0xF0
+#define B64_CR                  0xF1
+#define B64_EOF                 0xF2
+#define B64_WS                  0xE0
+#define B64_ERROR               0xFF
+#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
+
+static unsigned char data_ascii2bin[128]={
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,
+        0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,
+        0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,
+        0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,
+        0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,
+        0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,
+        0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
+        0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
+        0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,
+        0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
+        };
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+        {
+        ctx->length=48;
+        ctx->num=0;
+        ctx->line_num=0;
+        }
+
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+             unsigned char *in, int inl)
+        {
+        int i,j;
+        unsigned int total=0;
+
+        *outl=0;
+        if (inl == 0) return;
+        OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
+        if ((ctx->num+inl) < ctx->length)
+                {
+                memcpy(&(ctx->enc_data[ctx->num]),in,inl);
+                ctx->num+=inl;
+                return;
+                }
+        if (ctx->num != 0)
+                {
+                i=ctx->length-ctx->num;
+                memcpy(&(ctx->enc_data[ctx->num]),in,i);
+                in+=i;
+                inl-=i;
+                j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);
+                ctx->num=0;
+                out+=j;
+                *(out++)='\n';
+                *out='\0';
+                total=j+1;
+                }
+        while (inl >= ctx->length)
+                {
+                j=EVP_EncodeBlock(out,in,ctx->length);
+                in+=ctx->length;
+                inl-=ctx->length;
+                out+=j;
+                *(out++)='\n';
+                *out='\0';
+                total+=j+1;
+                }
+        if (inl != 0)
+                memcpy(&(ctx->enc_data[0]),in,inl);
+        ctx->num=inl;
+        *outl=total;
+        }
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+        {
+        unsigned int ret=0;
+
+        if (ctx->num != 0)
+                {
+                ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);
+                out[ret++]='\n';
+                out[ret]='\0';
+                ctx->num=0;
+                }
+        *outl=ret;
+        }
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+        {
+        int i,ret=0;
+        unsigned long l;
+
+        for (i=dlen; i > 0; i-=3)
+                {
+                if (i >= 3)
+                        {
+                        l=      (((unsigned long)f[0])<<16L)|
+                                (((unsigned long)f[1])<< 8L)|f[2];
+                        *(t++)=conv_bin2ascii(l>>18L);
+                        *(t++)=conv_bin2ascii(l>>12L);
+                        *(t++)=conv_bin2ascii(l>> 6L);
+                        *(t++)=conv_bin2ascii(l     );
+                        }
+                else
+                        {
+                        l=((unsigned long)f[0])<<16L;
+                        if (i == 2) l|=((unsigned long)f[1]<<8L);
+
+                        *(t++)=conv_bin2ascii(l>>18L);
+                        *(t++)=conv_bin2ascii(l>>12L);
+                        *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);
+                        *(t++)='=';
+                        }
+                ret+=4;
+                f+=3;
+                }
+
+        *t='\0';
+        return(ret);
+        }
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
+        {
+        ctx->length=30;
+        ctx->num=0;
+        ctx->line_num=0;
+        ctx->expect_nl=0;
+        }
+
+/* -1 for error
+ *  0 for last line
+ *  1 for full line
+ */
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+             unsigned char *in, int inl)
+        {
+        int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
+        unsigned char *d;
+
+        n=ctx->num;
+        d=ctx->enc_data;
+        ln=ctx->line_num;
+        exp_nl=ctx->expect_nl;
+
+        /* last line of input. */
+        if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
+                { rv=0; goto end; }
+                
+        /* We parse the input data */
+        for (i=0; i<inl; i++)
+                {
+                /* If the current line is > 80 characters, scream alot */
+                if (ln >= 80) { rv= -1; goto end; }
+
+                /* Get char and put it into the buffer */
+                tmp= *(in++);
+                v=conv_ascii2bin(tmp);
+                /* only save the good data :-) */
+                if (!B64_NOT_BASE64(v))
+                        {
+                        OPENSSL_assert(n < sizeof ctx->enc_data);
+                        d[n++]=tmp;
+                        ln++;
+                        }
+                else if (v == B64_ERROR)
+                        {
+                        rv= -1;
+                        goto end;
+                        }
+
+                /* have we seen a '=' which is 'definitly' the last
+                 * input line.  seof will point to the character that
+                 * holds it. and eof will hold how many characters to
+                 * chop off. */
+                if (tmp == '=')
+                        {
+                        if (seof == -1) seof=n;
+                        eof++;
+                        }
+
+                if (v == B64_CR)
+                        {
+                        ln = 0;
+                        if (exp_nl)
+                                continue;
+                        }
+
+                /* eoln */
+                if (v == B64_EOLN)
+                        {
+                        ln=0;
+                        if (exp_nl)
+                                {
+                                exp_nl=0;
+                                continue;
+                                }
+                        }
+                exp_nl=0;
+
+                /* If we are at the end of input and it looks like a
+                 * line, process it. */
+                if (((i+1) == inl) && (((n&3) == 0) || eof))
+                        {
+                        v=B64_EOF;
+                        /* In case things were given us in really small
+                           records (so two '=' were given in separate
+                           updates), eof may contain the incorrect number
+                           of ending bytes to skip, so let's redo the count */
+                        eof = 0;
+                        if (d[n-1] == '=') eof++;
+                        if (d[n-2] == '=') eof++;
+                        /* There will never be more than two '=' */
+                        }
+
+                if ((v == B64_EOF) || (n >= 64))
+                        {
+                        /* This is needed to work correctly on 64 byte input
+                         * lines.  We process the line and then need to
+                         * accept the '\n' */
+                        if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
+                        tmp2=v;
+                        if (n > 0)
+                                {
+                                v=EVP_DecodeBlock(out,d,n);
+                                if (v < 0) { rv=0; goto end; }
+                                n=0;
+                                ret+=(v-eof);
+                                }
+                        else
+                                {
+                                eof=1;
+                                v=0;
+                                }
+
+                        /* This is the case where we have had a short
+                         * but valid input line */
+                        if ((v < ctx->length) && eof)
+                                {
+                                rv=0;
+                                goto end;
+                                }
+                        else
+                                ctx->length=v;
+
+                        if (seof >= 0) { rv=0; goto end; }
+                        out+=v;
+                        }
+                }
+        rv=1;
+end:
+        *outl=ret;
+        ctx->num=n;
+        ctx->line_num=ln;
+        ctx->expect_nl=exp_nl;
+        return(rv);
+        }
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+        {
+        int i,ret=0,a,b,c,d;
+        unsigned long l;
+
+        /* trim white space from the start of the line. */
+        while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))
+                {
+                f++;
+                n--;
+                }
+
+        /* strip off stuff at the end of the line
+         * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
+        while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
+                n--;
+
+        if (n%4 != 0) return(-1);
+
+        for (i=0; i<n; i+=4)
+                {
+                a=conv_ascii2bin(*(f++));
+                b=conv_ascii2bin(*(f++));
+                c=conv_ascii2bin(*(f++));
+                d=conv_ascii2bin(*(f++));
+                if (    (a & 0x80) || (b & 0x80) ||
+                        (c & 0x80) || (d & 0x80))
+                        return(-1);
+                l=(     (((unsigned long)a)<<18L)|
+                        (((unsigned long)b)<<12L)|
+                        (((unsigned long)c)<< 6L)|
+                        (((unsigned long)d)     ));
+                *(t++)=(unsigned char)(l>>16L)&0xff;
+                *(t++)=(unsigned char)(l>> 8L)&0xff;
+                *(t++)=(unsigned char)(l     )&0xff;
+                ret+=3;
+                }
+        return(ret);
+        }
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+        {
+        int i;
+
+        *outl=0;
+        if (ctx->num != 0)
+                {
+                i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);
+                if (i < 0) return(-1);
+                ctx->num=0;
+                *outl=i;
+                return(1);
+                }
+        else
+                return(1);
+        }
+
+#ifdef undef
+int EVP_DecodeValid(unsigned char *buf, int len)
+        {
+        int i,num=0,bad=0;
+
+        if (len == 0) return(-1);
+        while (conv_ascii2bin(*buf) == B64_WS)
+                {
+                buf++;
+                len--;
+                if (len == 0) return(-1);
+                }
+
+        for (i=len; i >= 4; i-=4)
+                {
+                if (    (conv_ascii2bin(buf[0]) >= 0x40) ||
+                        (conv_ascii2bin(buf[1]) >= 0x40) ||
+                        (conv_ascii2bin(buf[2]) >= 0x40) ||
+                        (conv_ascii2bin(buf[3]) >= 0x40))
+                        return(-1);
+                buf+=4;
+                num+=1+(buf[2] != '=')+(buf[3] != '=');
+                }
+        if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
+                return(num);
+        if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
+                (conv_ascii2bin(buf[0]) == B64_EOLN))
+                return(num);
+        return(1);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
new file mode 100644
index 0000000000..09e597f631
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp.h
@@ -0,0 +1,900 @@
+/* crypto/evp/evp.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ENVELOPE_H
+#define HEADER_ENVELOPE_H
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+#else
+# define OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+# undef OPENSSL_ALGORITHM_DEFINES
+#endif
+
+#include <openssl/ossl_typ.h>
+
+#include <openssl/symhacks.h>
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+/*
+#define EVP_RC2_KEY_SIZE                16
+#define EVP_RC4_KEY_SIZE                16
+#define EVP_BLOWFISH_KEY_SIZE           16
+#define EVP_CAST5_KEY_SIZE              16
+#define EVP_RC5_32_12_16_KEY_SIZE       16
+*/
+#define EVP_MAX_MD_SIZE                 64 /* to fit SHA512 */
+#define EVP_MAX_KEY_LENGTH              32
+#define EVP_MAX_IV_LENGTH               16
+#define EVP_MAX_BLOCK_LENGTH            32
+
+#define PKCS5_SALT_LEN                  8
+/* Default PKCS#5 iteration count */
+#define PKCS5_DEFAULT_ITER              2048
+
+#include <openssl/objects.h>
+
+#define EVP_PK_RSA      0x0001
+#define EVP_PK_DSA      0x0002
+#define EVP_PK_DH       0x0004
+#define EVP_PKT_SIGN    0x0010
+#define EVP_PKT_ENC     0x0020
+#define EVP_PKT_EXCH    0x0040
+#define EVP_PKS_RSA     0x0100
+#define EVP_PKS_DSA     0x0200
+#define EVP_PKT_EXP     0x1000 /* <= 512 bit key */
+
+#define EVP_PKEY_NONE   NID_undef
+#define EVP_PKEY_RSA    NID_rsaEncryption
+#define EVP_PKEY_RSA2   NID_rsa
+#define EVP_PKEY_DSA    NID_dsa
+#define EVP_PKEY_DSA1   NID_dsa_2
+#define EVP_PKEY_DSA2   NID_dsaWithSHA
+#define EVP_PKEY_DSA3   NID_dsaWithSHA1
+#define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
+#define EVP_PKEY_DH     NID_dhKeyAgreement
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Type needs to be a bit field
+ * Sub-type needs to be for variations on the method, as in, can it do
+ * arbitrary encryption.... */
+struct evp_pkey_st
+        {
+        int type;
+        int save_type;
+        int references;
+        union   {
+                char *ptr;
+#ifndef OPENSSL_NO_RSA
+                struct rsa_st *rsa;     /* RSA */
+#endif
+#ifndef OPENSSL_NO_DSA
+                struct dsa_st *dsa;     /* DSA */
+#endif
+#ifndef OPENSSL_NO_DH
+                struct dh_st *dh;       /* DH */
+#endif
+                } pkey;
+        int save_parameters;
+        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+        } /* EVP_PKEY */;
+
+#define EVP_PKEY_MO_SIGN        0x0001
+#define EVP_PKEY_MO_VERIFY      0x0002
+#define EVP_PKEY_MO_ENCRYPT     0x0004
+#define EVP_PKEY_MO_DECRYPT     0x0008
+
+#if 0
+/* This structure is required to tie the message digest and signing together.
+ * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
+ * oid, md and pkey.
+ * This is required because for various smart-card perform the digest and
+ * signing/verification on-board.  To handle this case, the specific
+ * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
+ * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
+ * This can either be software or a token to provide the required low level
+ * routines.
+ */
+typedef struct evp_pkey_md_st
+        {
+        int oid;
+        EVP_MD *md;
+        EVP_PKEY_METHOD *pkey;
+        } EVP_PKEY_MD;
+
+#define EVP_rsa_md2() \
+                EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_md2())
+#define EVP_rsa_md5() \
+                EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_md5())
+#define EVP_rsa_sha0() \
+                EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_sha())
+#define EVP_rsa_sha1() \
+                EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
+                        EVP_rsa_pkcs1(),EVP_sha1())
+#define EVP_rsa_ripemd160() \
+                EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
+                        EVP_rsa_pkcs1(),EVP_ripemd160())
+#define EVP_rsa_mdc2() \
+                EVP_PKEY_MD_add(NID_mdc2WithRSA,\
+                        EVP_rsa_octet_string(),EVP_mdc2())
+#define EVP_dsa_sha() \
+                EVP_PKEY_MD_add(NID_dsaWithSHA,\
+                        EVP_dsa(),EVP_sha())
+#define EVP_dsa_sha1() \
+                EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+                        EVP_dsa(),EVP_sha1())
+
+typedef struct evp_pkey_method_st
+        {
+        char *name;
+        int flags;
+        int type;               /* RSA, DSA, an SSLeay specific constant */
+        int oid;                /* For the pub-key type */
+        int encrypt_oid;        /* pub/priv key encryption */
+
+        int (*sign)();
+        int (*verify)();
+        struct  {
+                int (*set)();   /* get and/or set the underlying type */
+                int (*get)();
+                int (*encrypt)();
+                int (*decrypt)();
+                int (*i2d)();
+                int (*d2i)();
+                int (*dup)();
+                } pub,priv;
+        int (*set_asn1_parameters)();
+        int (*get_asn1_parameters)();
+        } EVP_PKEY_METHOD;
+#endif
+
+#ifndef EVP_MD
+struct env_md_st
+        {
+        int type;
+        int pkey_type;
+        int md_size;
+        unsigned long flags;
+        int (*init)(EVP_MD_CTX *ctx);
+        int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count);
+        int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
+        int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
+        int (*cleanup)(EVP_MD_CTX *ctx);
+
+        /* FIXME: prototype these some day */
+        int (*sign)();
+        int (*verify)();
+        int required_pkey_type[5]; /*EVP_PKEY_xxx */
+        int block_size;
+        int ctx_size; /* how big does the ctx->md_data need to be */
+        } /* EVP_MD */;
+
+#define EVP_MD_FLAG_ONESHOT     0x0001 /* digest can only handle a single
+                                        * block */
+#define EVP_MD_FLAG_FIPS        0x0400 /* Note if suitable for use in FIPS mode */
+
+#define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
+
+#ifndef OPENSSL_NO_DSA
+#define EVP_PKEY_DSA_method     DSA_sign,DSA_verify, \
+                                {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
+                                        EVP_PKEY_DSA4,0}
+#else
+#define EVP_PKEY_DSA_method     EVP_PKEY_NULL_method
+#endif
+
+#ifndef OPENSSL_NO_RSA
+#define EVP_PKEY_RSA_method     RSA_sign,RSA_verify, \
+                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
+                                RSA_sign_ASN1_OCTET_STRING, \
+                                RSA_verify_ASN1_OCTET_STRING, \
+                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+#else
+#define EVP_PKEY_RSA_method     EVP_PKEY_NULL_method
+#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
+#endif
+
+#endif /* !EVP_MD */
+
+struct env_md_ctx_st
+        {
+        const EVP_MD *digest;
+        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
+        unsigned long flags;
+        void *md_data;
+        } /* EVP_MD_CTX */;
+
+/* values for EVP_MD_CTX flags */
+
+#define EVP_MD_CTX_FLAG_ONESHOT         0x0001 /* digest update will be called
+                                                * once only */
+#define EVP_MD_CTX_FLAG_CLEANED         0x0002 /* context has already been
+                                                * cleaned */
+#define EVP_MD_CTX_FLAG_REUSE           0x0004 /* Don't free up ctx->md_data
+                                                * in EVP_MD_CTX_cleanup */
+
+#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008  /* Allow use of non FIPS digest
+                                                 * in FIPS mode */
+
+struct evp_cipher_st
+        {
+        int nid;
+        int block_size;
+        int key_len;            /* Default value for variable length ciphers */
+        int iv_len;
+        unsigned long flags;    /* Various flags */
+        int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                    const unsigned char *iv, int enc);  /* init key */
+        int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
+        int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
+        int ctx_size;           /* how big ctx->cipher_data needs to be */
+        int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
+        int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
+        int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
+        void *app_data;         /* Application data */
+        } /* EVP_CIPHER */;
+
+/* Values for cipher flags */
+
+/* Modes for ciphers */
+
+#define         EVP_CIPH_STREAM_CIPHER          0x0
+#define         EVP_CIPH_ECB_MODE               0x1
+#define         EVP_CIPH_CBC_MODE               0x2
+#define         EVP_CIPH_CFB_MODE               0x3
+#define         EVP_CIPH_OFB_MODE               0x4
+#define         EVP_CIPH_MODE                   0x7
+/* Set if variable length cipher */
+#define         EVP_CIPH_VARIABLE_LENGTH        0x8
+/* Set if the iv handling should be done by the cipher itself */
+#define         EVP_CIPH_CUSTOM_IV              0x10
+/* Set if the cipher's init() function should be called if key is NULL */
+#define         EVP_CIPH_ALWAYS_CALL_INIT       0x20
+/* Call ctrl() to init cipher parameters */
+#define         EVP_CIPH_CTRL_INIT              0x40
+/* Don't use standard key length function */
+#define         EVP_CIPH_CUSTOM_KEY_LENGTH      0x80
+/* Don't use standard block padding */
+#define         EVP_CIPH_NO_PADDING             0x100
+/* Note if suitable for use in FIPS mode */
+#define         EVP_CIPH_FLAG_FIPS              0x400
+/* Allow non FIPS cipher in FIPS mode */
+#define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x800
+
+/* ctrl() values */
+
+#define         EVP_CTRL_INIT                   0x0
+#define         EVP_CTRL_SET_KEY_LENGTH         0x1
+#define         EVP_CTRL_GET_RC2_KEY_BITS       0x2
+#define         EVP_CTRL_SET_RC2_KEY_BITS       0x3
+#define         EVP_CTRL_GET_RC5_ROUNDS         0x4
+#define         EVP_CTRL_SET_RC5_ROUNDS         0x5
+#define         EVP_CTRL_SET_ACSS_MODE          0x6
+
+typedef struct evp_cipher_info_st
+        {
+        const EVP_CIPHER *cipher;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        } EVP_CIPHER_INFO;
+
+struct evp_cipher_ctx_st
+        {
+        const EVP_CIPHER *cipher;
+        ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
+        int encrypt;            /* encrypt or decrypt */
+        int buf_len;            /* number we have left */
+
+        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
+        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
+        unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
+        int num;                                /* used by cfb/ofb mode */
+
+        void *app_data;         /* application stuff */
+        int key_len;            /* May change for variable length cipher */
+        unsigned long flags;    /* Various flags */
+        void *cipher_data; /* per EVP data */
+        int final_used;
+        int block_mask;
+        unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
+        } /* EVP_CIPHER_CTX */;
+
+typedef struct evp_Encode_Ctx_st
+        {
+        int num;        /* number saved in a partial encode/decode */
+        int length;     /* The length is either the output line length
+                         * (in input bytes) or the shortest input line
+                         * length that is ok.  Once decoding begins,
+                         * the length is adjusted up each time a longer
+                         * line is decoded */
+        unsigned char enc_data[80];     /* data to encode */
+        int line_num;   /* number read on current line */
+        int expect_nl;
+        } EVP_ENCODE_CTX;
+
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                const EVP_MD *md, int en_de);
+
+#ifndef OPENSSL_NO_RSA
+#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+                                        (char *)(rsa))
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+                                        (char *)(dsa))
+#endif
+
+#ifndef OPENSSL_NO_DH
+#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
+                                        (char *)(dh))
+#endif
+
+/* Add some extra combinations */
+#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+#define EVP_MD_type(e)                  ((e)->type)
+#define EVP_MD_nid(e)                   EVP_MD_type(e)
+#define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
+#define EVP_MD_pkey_type(e)             ((e)->pkey_type)
+#define EVP_MD_size(e)                  ((e)->md_size)
+#define EVP_MD_block_size(e)            ((e)->block_size)
+
+#define EVP_MD_CTX_md(e)                ((e)->digest)
+#define EVP_MD_CTX_size(e)              EVP_MD_size((e)->digest)
+#define EVP_MD_CTX_block_size(e)        EVP_MD_block_size((e)->digest)
+#define EVP_MD_CTX_type(e)              EVP_MD_type((e)->digest)
+
+#define EVP_CIPHER_nid(e)               ((e)->nid)
+#define EVP_CIPHER_name(e)              OBJ_nid2sn(EVP_CIPHER_nid(e))
+#define EVP_CIPHER_block_size(e)        ((e)->block_size)
+#define EVP_CIPHER_key_length(e)        ((e)->key_len)
+#define EVP_CIPHER_iv_length(e)         ((e)->iv_len)
+#define EVP_CIPHER_flags(e)             ((e)->flags)
+#define EVP_CIPHER_mode(e)              (((e)->flags) & EVP_CIPH_MODE)
+
+#define EVP_CIPHER_CTX_cipher(e)        ((e)->cipher)
+#define EVP_CIPHER_CTX_nid(e)           ((e)->cipher->nid)
+#define EVP_CIPHER_CTX_block_size(e)    ((e)->cipher->block_size)
+#define EVP_CIPHER_CTX_key_length(e)    ((e)->key_len)
+#define EVP_CIPHER_CTX_iv_length(e)     ((e)->cipher->iv_len)
+#define EVP_CIPHER_CTX_get_app_data(e)  ((e)->app_data)
+#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+#define EVP_CIPHER_CTX_flags(e)         ((e)->cipher->flags)
+#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+#define EVP_CIPHER_CTX_mode(e)          ((e)->cipher->flags & EVP_CIPH_MODE)
+
+#define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
+#define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
+
+#define EVP_SignInit_ex(a,b,c)          EVP_DigestInit_ex(a,b,c)
+#define EVP_SignInit(a,b)               EVP_DigestInit(a,b)
+#define EVP_SignUpdate(a,b,c)           EVP_DigestUpdate(a,b,c)
+#define EVP_VerifyInit_ex(a,b,c)        EVP_DigestInit_ex(a,b,c)
+#define EVP_VerifyInit(a,b)             EVP_DigestInit(a,b)
+#define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
+#define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
+#define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)    
+
+#ifdef CONST_STRICT
+void BIO_set_md(BIO *,const EVP_MD *md);
+#else
+# define BIO_set_md(b,md)               BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#endif
+#define BIO_get_md(b,mdp)               BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
+#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
+#define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
+#define BIO_get_cipher_status(b)        BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+#define BIO_get_cipher_ctx(b,c_pp)      BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
+
+#define EVP_Cipher(c,o,i,l)     (c)->cipher->do_cipher((c),(o),(i),(l))
+
+#define EVP_add_cipher_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
+#define EVP_add_digest_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
+#define EVP_delete_cipher_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
+#define EVP_delete_digest_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+
+void    EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+int     EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+EVP_MD_CTX *EVP_MD_CTX_create(void);
+void    EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+int     EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int     EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+                         unsigned int cnt);
+int     EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int     EVP_Digest(void *data, unsigned int count,
+                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
+
+int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+int     EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+
+int     EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+void    EVP_set_pw_prompt(char *prompt);
+char *  EVP_get_pw_prompt(void);
+
+int     EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+                const unsigned char *salt, const unsigned char *data,
+                int datal, int count, unsigned char *key,unsigned char *iv);
+
+int     EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+                const unsigned char *key, const unsigned char *iv);
+int     EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+                const unsigned char *key, const unsigned char *iv);
+int     EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                int *outl, const unsigned char *in, int inl);
+int     EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+int     EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int     EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+                const unsigned char *key, const unsigned char *iv);
+int     EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+                const unsigned char *key, const unsigned char *iv);
+int     EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                int *outl, const unsigned char *in, int inl);
+int     EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int     EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int     EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+                       const unsigned char *key,const unsigned char *iv,
+                       int enc);
+int     EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+                       const unsigned char *key,const unsigned char *iv,
+                       int enc);
+int     EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                int *outl, const unsigned char *in, int inl);
+int     EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int     EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int     EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
+                EVP_PKEY *pkey);
+
+int     EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
+                unsigned int siglen,EVP_PKEY *pkey);
+
+int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek,
+                int ekl,unsigned char *iv,EVP_PKEY *priv);
+int     EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int     EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
+                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+int     EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+
+void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
+                int *outl,unsigned char *in,int inl);
+void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
+int     EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
+                unsigned char *in, int inl);
+int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+                char *out, int *outl);
+int     EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+
+#ifndef OPENSSL_NO_BIO
+BIO_METHOD *BIO_f_md(void);
+BIO_METHOD *BIO_f_base64(void);
+BIO_METHOD *BIO_f_cipher(void);
+BIO_METHOD *BIO_f_reliable(void);
+void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
+        unsigned char *i, int enc);
+#endif
+
+const EVP_MD *EVP_md_null(void);
+#ifndef OPENSSL_NO_MD2
+const EVP_MD *EVP_md2(void);
+#endif
+#ifndef OPENSSL_NO_MD4
+const EVP_MD *EVP_md4(void);
+#endif
+#ifndef OPENSSL_NO_MD5
+const EVP_MD *EVP_md5(void);
+#endif
+#ifndef OPENSSL_NO_SHA
+const EVP_MD *EVP_sha(void);
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_dss(void);
+const EVP_MD *EVP_dss1(void);
+#endif
+#ifndef OPENSSL_NO_MDC2
+const EVP_MD *EVP_mdc2(void);
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+const EVP_MD *EVP_ripemd160(void);
+#endif
+const EVP_CIPHER *EVP_enc_null(void);           /* does nothing :-) */
+#ifndef OPENSSL_NO_DES
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_ede_ecb(void);
+const EVP_CIPHER *EVP_des_ede3_ecb(void);
+const EVP_CIPHER *EVP_des_cfb64(void);
+# define EVP_des_cfb EVP_des_cfb64
+const EVP_CIPHER *EVP_des_cfb1(void);
+const EVP_CIPHER *EVP_des_cfb8(void);
+const EVP_CIPHER *EVP_des_ede_cfb64(void);
+# define EVP_des_ede_cfb EVP_des_ede_cfb64
+#if 0
+const EVP_CIPHER *EVP_des_ede_cfb1(void);
+const EVP_CIPHER *EVP_des_ede_cfb8(void);
+#endif
+const EVP_CIPHER *EVP_des_ede3_cfb64(void);
+# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
+/* This should now be supported through the dev_crypto ENGINE. But also, why are
+ * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
+#if 0
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_dev_crypto_rc4(void);
+const EVP_MD *EVP_dev_crypto_md5(void);
+# endif
+#endif
+#endif
+#ifndef OPENSSL_NO_RC4
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
+#endif
+#ifndef OPENSSL_NO_IDEA
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb64(void);
+# define EVP_idea_cfb EVP_idea_cfb64
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
+#endif
+#ifndef OPENSSL_NO_RC2
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb64(void);
+# define EVP_rc2_cfb EVP_rc2_cfb64
+const EVP_CIPHER *EVP_rc2_ofb(void);
+#endif
+#ifndef OPENSSL_NO_BF
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb64(void);
+# define EVP_bf_cfb EVP_bf_cfb64
+const EVP_CIPHER *EVP_bf_ofb(void);
+#endif
+#ifndef OPENSSL_NO_CAST
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb64(void);
+# define EVP_cast5_cfb EVP_cast5_cfb64
+const EVP_CIPHER *EVP_cast5_ofb(void);
+#endif
+#ifndef OPENSSL_NO_RC5
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
+# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+#endif
+#ifndef OPENSSL_NO_AES
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_128_cfb1(void);
+const EVP_CIPHER *EVP_aes_128_cfb8(void);
+const EVP_CIPHER *EVP_aes_128_cfb128(void);
+# define EVP_aes_128_cfb EVP_aes_128_cfb128
+const EVP_CIPHER *EVP_aes_128_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_128_ctr(void);
+#endif
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_192_cfb1(void);
+const EVP_CIPHER *EVP_aes_192_cfb8(void);
+const EVP_CIPHER *EVP_aes_192_cfb128(void);
+# define EVP_aes_192_cfb EVP_aes_192_cfb128
+const EVP_CIPHER *EVP_aes_192_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_192_ctr(void);
+#endif
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_256_cfb1(void);
+const EVP_CIPHER *EVP_aes_256_cfb8(void);
+const EVP_CIPHER *EVP_aes_256_cfb128(void);
+# define EVP_aes_256_cfb EVP_aes_256_cfb128
+const EVP_CIPHER *EVP_aes_256_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_256_ctr(void);
+#endif
+#endif
+#ifndef OPENSSL_NO_ACSS
+const EVP_CIPHER *EVP_acss(void);
+#endif
+
+void OPENSSL_add_all_algorithms_noconf(void);
+void OPENSSL_add_all_algorithms_conf(void);
+
+#ifdef OPENSSL_LOAD_CONF
+#define OpenSSL_add_all_algorithms() \
+                OPENSSL_add_all_algorithms_conf()
+#else
+#define OpenSSL_add_all_algorithms() \
+                OPENSSL_add_all_algorithms_noconf()
+#endif
+
+void OpenSSL_add_all_ciphers(void);
+void OpenSSL_add_all_digests(void);
+#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
+#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
+#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
+
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
+void EVP_cleanup(void);
+
+int             EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
+                        int enc_key_len,EVP_PKEY *private_key);
+int             EVP_PKEY_encrypt(unsigned char *enc_key,
+                        unsigned char *key,int key_len,EVP_PKEY *pub_key);
+int             EVP_PKEY_type(int type);
+int             EVP_PKEY_bits(EVP_PKEY *pkey);
+int             EVP_PKEY_size(EVP_PKEY *pkey);
+int             EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
+
+#ifndef OPENSSL_NO_RSA
+struct rsa_st;
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+#endif
+#ifndef OPENSSL_NO_DSA
+struct dsa_st;
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+#endif
+#ifndef OPENSSL_NO_DH
+struct dh_st;
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
+struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+#endif
+
+
+EVP_PKEY *      EVP_PKEY_new(void);
+void            EVP_PKEY_free(EVP_PKEY *pkey);
+EVP_PKEY *      d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
+                        long length);
+int             i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *      d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
+                        long length);
+EVP_PKEY *      d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
+                        long length);
+int             i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
+
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
+
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
+                         int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
+                         int en_de);
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen);
+void EVP_PBE_cleanup(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_EVP_strings(void);
+
+/* Error codes for the EVP functions. */
+
+/* Function codes. */
+#define EVP_F_AES_INIT_KEY                               129
+#define EVP_F_D2I_PKEY                                   100
+#define EVP_F_EVP_ADD_CIPHER                             130
+#define EVP_F_EVP_ADD_DIGEST                             131
+#define EVP_F_EVP_CIPHERINIT                             123
+#define EVP_F_EVP_CIPHER_CTX_CTRL                        124
+#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
+#define EVP_F_EVP_DECRYPTFINAL                           101
+#define EVP_F_EVP_DIGESTINIT                             128
+#define EVP_F_EVP_ENCRYPTFINAL                           127
+#define EVP_F_EVP_GET_CIPHERBYNAME                       132
+#define EVP_F_EVP_GET_DIGESTBYNAME                       133
+#define EVP_F_EVP_MD_CTX_COPY                            110
+#define EVP_F_EVP_OPENINIT                               102
+#define EVP_F_EVP_PBE_ALG_ADD                            115
+#define EVP_F_EVP_PBE_CIPHERINIT                         116
+#define EVP_F_EVP_PKCS82PKEY                             111
+#define EVP_F_EVP_PKCS8_SET_BROKEN                       112
+#define EVP_F_EVP_PKEY2PKCS8                             113
+#define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+#define EVP_F_EVP_PKEY_DECRYPT                           104
+#define EVP_F_EVP_PKEY_ENCRYPT                           105
+#define EVP_F_EVP_PKEY_GET1_DH                           119
+#define EVP_F_EVP_PKEY_GET1_DSA                          120
+#define EVP_F_EVP_PKEY_GET1_RSA                          121
+#define EVP_F_EVP_PKEY_NEW                               106
+#define EVP_F_EVP_RIJNDAEL                               126
+#define EVP_F_EVP_SIGNFINAL                              107
+#define EVP_F_EVP_VERIFYFINAL                            108
+#define EVP_F_PKCS5_PBE_KEYIVGEN                         117
+#define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
+#define EVP_F_RC2_MAGIC_TO_METH                          109
+#define EVP_F_RC5_CTRL                                   125
+
+/* Reason codes. */
+#define EVP_R_AES_KEY_SETUP_FAILED                       140
+#define EVP_R_BAD_BLOCK_LENGTH                           136
+#define EVP_R_BAD_DECRYPT                                100
+#define EVP_R_BAD_KEY_LENGTH                             137
+#define EVP_R_BN_DECODE_ERROR                            112
+#define EVP_R_BN_PUBKEY_ERROR                            113
+#define EVP_R_CIPHER_PARAMETER_ERROR                     122
+#define EVP_R_CTRL_NOT_IMPLEMENTED                       132
+#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
+#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
+#define EVP_R_DECODE_ERROR                               114
+#define EVP_R_DIFFERENT_KEY_TYPES                        101
+#define EVP_R_DISABLED_FOR_FIPS                          141
+#define EVP_R_ENCODE_ERROR                               115
+#define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
+#define EVP_R_EXPECTING_AN_RSA_KEY                       127
+#define EVP_R_EXPECTING_A_DH_KEY                         128
+#define EVP_R_EXPECTING_A_DSA_KEY                        129
+#define EVP_R_INITIALIZATION_ERROR                       134
+#define EVP_R_INPUT_NOT_INITIALIZED                      111
+#define EVP_R_INVALID_KEY_LENGTH                         130
+#define EVP_R_IV_TOO_LARGE                               102
+#define EVP_R_KEYGEN_FAILURE                             120
+#define EVP_R_MISSING_PARAMETERS                         103
+#define EVP_R_NO_CIPHER_SET                              131
+#define EVP_R_NO_DIGEST_SET                              139
+#define EVP_R_NO_DSA_PARAMETERS                          116
+#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED                104
+#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
+#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
+#define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+#define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
+#define EVP_R_UNSUPPORTED_CIPHER                         107
+#define EVP_R_UNSUPPORTED_KEYLENGTH                      123
+#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
+#define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+#define EVP_R_UNSUPPORTED_PRF                            125
+#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
+#define EVP_R_UNSUPPORTED_SALT_TYPE                      126
+#define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
+#define EVP_R_WRONG_PUBLIC_KEY_TYPE                      110
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
new file mode 100644
index 0000000000..f549eeb437
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -0,0 +1,592 @@
+/* crypto/evp/evp_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+        {
+        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+        /* ctx->cipher=NULL; */
+        }
+
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+             const unsigned char *key, const unsigned char *iv, int enc)
+        {
+        if (cipher)
+                EVP_CIPHER_CTX_init(ctx);
+        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
+        }
+
+#ifdef OPENSSL_FIPS
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+            const unsigned char *iv, int enc)
+        { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+
+int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, unsigned int inl)
+        { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+
+/* NB: no cleanup because it is allowed after failed init */
+
+int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+        { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
+
+static const EVP_CIPHER bad_cipher =
+        {
+        0,
+        0,
+        0,
+        0,
+        0,
+        bad_init,
+        bad_do_cipher,
+        NULL,
+        0,
+        bad_set_asn1,
+        bad_get_asn1,
+        bad_ctrl,
+        NULL
+        };
+
+#endif
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+             const unsigned char *key, const unsigned char *iv, int enc)
+        {
+        if (enc == -1)
+                enc = ctx->encrypt;
+        else
+                {
+                if (enc)
+                        enc = 1;
+                ctx->encrypt = enc;
+                }
+#ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
+         * reinitialisation, when it may all be unecessary. */
+        if (ctx->engine && ctx->cipher && (!cipher ||
+                        (cipher && (cipher->nid == ctx->cipher->nid))))
+                goto skip_to_init;
+#endif
+        if (cipher)
+                {
+                /* Ensure a context left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_CIPHER could be used). */
+                EVP_CIPHER_CTX_cleanup(ctx);
+
+                /* Restore encrypt field: it is zeroed by cleanup */
+                ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+                if(impl)
+                        {
+                        if (!ENGINE_init(impl))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        /* Ask if an ENGINE is reserved for this job */
+                        impl = ENGINE_get_cipher_engine(cipher->nid);
+                if(impl)
+                        {
+                        /* There's an ENGINE for this job ... (apparently) */
+                        const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+                        if(!c)
+                                {
+                                /* One positive side-effect of US's export
+                                 * control history, is that we should at least
+                                 * be able to avoid using US mispellings of
+                                 * "initialisation"? */
+                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        /* We'll use the ENGINE's private cipher definition */
+                        cipher = c;
+                        /* Store the ENGINE functional reference so we know
+                         * 'cipher' came from an ENGINE and we need to release
+                         * it when done. */
+                        ctx->engine = impl;
+                        }
+                else
+                        ctx->engine = NULL;
+#endif
+                ctx->cipher=cipher;
+                if (ctx->cipher->ctx_size)
+                        {
+                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+                        if (!ctx->cipher_data)
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
+                else
+                        {
+                        ctx->cipher_data = NULL;
+                        }
+                ctx->key_len = cipher->key_len;
+                ctx->flags = 0;
+                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+                        {
+                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                }
+        else if(!ctx->cipher)
+                {
+                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
+                return 0;
+                }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+        /* we assume block size is a power of 2 in *cryptUpdate */
+        OPENSSL_assert(ctx->cipher->block_size == 1
+            || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 16);
+
+        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+                switch(EVP_CIPHER_CTX_mode(ctx)) {
+
+                        case EVP_CIPH_STREAM_CIPHER:
+                        case EVP_CIPH_ECB_MODE:
+                        break;
+
+                        case EVP_CIPH_CFB_MODE:
+                        case EVP_CIPH_OFB_MODE:
+
+                        ctx->num = 0;
+
+                        case EVP_CIPH_CBC_MODE:
+
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
+                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
+
+                        default:
+                        return 0;
+                        break;
+                }
+        }
+
+#ifdef OPENSSL_FIPS
+        /* After 'key' is set no further parameters changes are permissible.
+         * So only check for non FIPS enabling at this point.
+         */
+        if (key && FIPS_mode())
+                {
+                if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+                        & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+                        {
+                        EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
+                        ERR_add_error_data(2, "cipher=",
+                                                EVP_CIPHER_name(ctx->cipher));
+                        ctx->cipher = &bad_cipher;
+                        return 0;
+                        }
+                }
+#endif
+
+        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+        }
+        ctx->buf_len=0;
+        ctx->final_used=0;
+        ctx->block_mask=ctx->cipher->block_size-1;
+        return 1;
+        }
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+             const unsigned char *in, int inl)
+        {
+        if (ctx->encrypt)
+                return EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        else    return EVP_DecryptUpdate(ctx,out,outl,in,inl);
+        }
+
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        if (ctx->encrypt)
+                return EVP_EncryptFinal_ex(ctx,out,outl);
+        else    return EVP_DecryptFinal_ex(ctx,out,outl);
+        }
+
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        if (ctx->encrypt)
+                return EVP_EncryptFinal(ctx,out,outl);
+        else    return EVP_DecryptFinal(ctx,out,outl);
+        }
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+             const unsigned char *key, const unsigned char *iv)
+        {
+        return EVP_CipherInit(ctx, cipher, key, iv, 1);
+        }
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+                const unsigned char *key, const unsigned char *iv)
+        {
+        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+        }
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+             const unsigned char *key, const unsigned char *iv)
+        {
+        return EVP_CipherInit(ctx, cipher, key, iv, 0);
+        }
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+             const unsigned char *key, const unsigned char *iv)
+        {
+        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+        }
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+             const unsigned char *in, int inl)
+        {
+        int i,j,bl;
+
+        OPENSSL_assert(inl > 0);
+        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
+                {
+                if(ctx->cipher->do_cipher(ctx,out,in,inl))
+                        {
+                        *outl=inl;
+                        return 1;
+                        }
+                else
+                        {
+                        *outl=0;
+                        return 0;
+                        }
+                }
+        i=ctx->buf_len;
+        bl=ctx->cipher->block_size;
+        OPENSSL_assert(bl <= sizeof ctx->buf);
+        if (i != 0)
+                {
+                if (i+inl < bl)
+                        {
+                        memcpy(&(ctx->buf[i]),in,inl);
+                        ctx->buf_len+=inl;
+                        *outl=0;
+                        return 1;
+                        }
+                else
+                        {
+                        j=bl-i;
+                        memcpy(&(ctx->buf[i]),in,j);
+                        if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                        inl-=j;
+                        in+=j;
+                        out+=bl;
+                        *outl=bl;
+                        }
+                }
+        else
+                *outl = 0;
+        i=inl&(bl-1);
+        inl-=i;
+        if (inl > 0)
+                {
+                if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
+                *outl+=inl;
+                }
+
+        if (i != 0)
+                memcpy(ctx->buf,&(in[inl]),i);
+        ctx->buf_len=i;
+        return 1;
+        }
+
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        int ret;
+        ret = EVP_EncryptFinal_ex(ctx, out, outl);
+        return ret;
+        }
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        int i,n,b,bl,ret;
+
+        b=ctx->cipher->block_size;
+        OPENSSL_assert(b <= sizeof ctx->buf);
+        if (b == 1)
+                {
+                *outl=0;
+                return 1;
+                }
+        bl=ctx->buf_len;
+        if (ctx->flags & EVP_CIPH_NO_PADDING)
+                {
+                if(bl)
+                        {
+                        EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+                        return 0;
+                        }
+                *outl = 0;
+                return 1;
+                }
+
+        n=b-bl;
+        for (i=bl; i<b; i++)
+                ctx->buf[i]=n;
+        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+
+
+        if(ret)
+                *outl=b;
+
+        return ret;
+        }
+
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+             const unsigned char *in, int inl)
+        {
+        int b, fix_len;
+
+        if (inl == 0)
+                {
+                *outl=0;
+                return 1;
+                }
+
+        if (ctx->flags & EVP_CIPH_NO_PADDING)
+                return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+
+        b=ctx->cipher->block_size;
+        OPENSSL_assert(b <= sizeof ctx->final);
+
+        if(ctx->final_used)
+                {
+                memcpy(out,ctx->final,b);
+                out+=b;
+                fix_len = 1;
+                }
+        else
+                fix_len = 0;
+
+
+        if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
+                return 0;
+
+        /* if we have 'decrypted' a multiple of block size, make sure
+         * we have a copy of this last block */
+        if (b > 1 && !ctx->buf_len)
+                {
+                *outl-=b;
+                ctx->final_used=1;
+                memcpy(ctx->final,&out[*outl],b);
+                }
+        else
+                ctx->final_used = 0;
+
+        if (fix_len)
+                *outl += b;
+                
+        return 1;
+        }
+
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        int ret;
+        ret = EVP_DecryptFinal_ex(ctx, out, outl);
+        return ret;
+        }
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        int i,b;
+        int n;
+
+        *outl=0;
+        b=ctx->cipher->block_size;
+        if (ctx->flags & EVP_CIPH_NO_PADDING)
+                {
+                if(ctx->buf_len)
+                        {
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+                        return 0;
+                        }
+                *outl = 0;
+                return 1;
+                }
+        if (b > 1)
+                {
+                if (ctx->buf_len || !ctx->final_used)
+                        {
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+                        return(0);
+                        }
+                OPENSSL_assert(b <= sizeof ctx->final);
+                n=ctx->final[b-1];
+                if (n > b)
+                        {
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+                        return(0);
+                        }
+                for (i=0; i<n; i++)
+                        {
+                        if (ctx->final[--b] != n)
+                                {
+                                EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
+                                return(0);
+                                }
+                        }
+                n=ctx->cipher->block_size-n;
+                for (i=0; i<n; i++)
+                        out[i]=ctx->final[i];
+                *outl=n;
+                }
+        else
+                *outl=0;
+        return(1);
+        }
+
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+        {
+        if (c->cipher != NULL)
+                {
+                if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                        return 0;
+                /* Cleanse cipher context data */
+                if (c->cipher_data)
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+                }
+        if (c->cipher_data)
+                OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+        if (c->engine)
+                /* The EVP_CIPHER we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                ENGINE_finish(c->engine);
+#endif
+        memset(c,0,sizeof(EVP_CIPHER_CTX));
+        return 1;
+        }
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+        {
+        if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
+                return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+        if(c->key_len == keylen) return 1;
+        if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
+                {
+                c->key_len = keylen;
+                return 1;
+                }
+        EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
+        return 0;
+        }
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+        {
+        if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
+        else ctx->flags |= EVP_CIPH_NO_PADDING;
+        return 1;
+        }
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        int ret;
+        if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+
+        if(!ctx->cipher->ctrl) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                return 0;
+        }
+
+        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+        if(ret == -1) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                return 0;
+        }
+        return ret;
+}
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
new file mode 100644
index 0000000000..40135d0729
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -0,0 +1,167 @@
+/* crypto/evp/evp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA EVP_str_functs[]=
+        {
+{ERR_PACK(0,EVP_F_AES_INIT_KEY,0),      "AES_INIT_KEY"},
+{ERR_PACK(0,EVP_F_D2I_PKEY,0),  "D2I_PKEY"},
+{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0),    "EVP_add_cipher"},
+{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0),    "EVP_add_digest"},
+{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0),    "EVP_CipherInit"},
+{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0),       "EVP_CIPHER_CTX_ctrl"},
+{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0),     "EVP_CIPHER_CTX_set_key_length"},
+{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),  "EVP_DecryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0),    "EVP_DigestInit"},
+{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0),  "EVP_EncryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0),      "EVP_get_cipherbyname"},
+{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0),      "EVP_get_digestbyname"},
+{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),   "EVP_MD_CTX_copy"},
+{ERR_PACK(0,EVP_F_EVP_OPENINIT,0),      "EVP_OpenInit"},
+{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),   "EVP_PBE_alg_add"},
+{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0),        "EVP_PBE_CipherInit"},
+{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0),    "EVP_PKCS82PKEY"},
+{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0),      "EVP_PKCS8_SET_BROKEN"},
+{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0),    "EVP_PKEY2PKCS8"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),  "EVP_PKEY_copy_parameters"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),  "EVP_PKEY_decrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),  "EVP_PKEY_encrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0),  "EVP_PKEY_get1_DH"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),      "EVP_PKEY_new"},
+{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0),      "EVP_RIJNDAEL"},
+{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),     "EVP_SignFinal"},
+{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),   "EVP_VerifyFinal"},
+{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),        "PKCS5_PBE_keyivgen"},
+{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0),     "PKCS5_v2_PBE_keyivgen"},
+{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"},
+{ERR_PACK(0,EVP_F_RC5_CTRL,0),  "RC5_CTRL"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA EVP_str_reasons[]=
+        {
+{EVP_R_AES_KEY_SETUP_FAILED              ,"aes key setup failed"},
+{EVP_R_BAD_BLOCK_LENGTH                  ,"bad block length"},
+{EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
+{EVP_R_BAD_KEY_LENGTH                    ,"bad key length"},
+{EVP_R_BN_DECODE_ERROR                   ,"bn decode error"},
+{EVP_R_BN_PUBKEY_ERROR                   ,"bn pubkey error"},
+{EVP_R_CIPHER_PARAMETER_ERROR            ,"cipher parameter error"},
+{EVP_R_CTRL_NOT_IMPLEMENTED              ,"ctrl not implemented"},
+{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED    ,"ctrl operation not implemented"},
+{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
+{EVP_R_DECODE_ERROR                      ,"decode error"},
+{EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
+{EVP_R_DISABLED_FOR_FIPS                 ,"disabled for fips"},
+{EVP_R_ENCODE_ERROR                      ,"encode error"},
+{EVP_R_EVP_PBE_CIPHERINIT_ERROR          ,"evp pbe cipherinit error"},
+{EVP_R_EXPECTING_AN_RSA_KEY              ,"expecting an rsa key"},
+{EVP_R_EXPECTING_A_DH_KEY                ,"expecting a dh key"},
+{EVP_R_EXPECTING_A_DSA_KEY               ,"expecting a dsa key"},
+{EVP_R_INITIALIZATION_ERROR              ,"initialization error"},
+{EVP_R_INPUT_NOT_INITIALIZED             ,"input not initialized"},
+{EVP_R_INVALID_KEY_LENGTH                ,"invalid key length"},
+{EVP_R_IV_TOO_LARGE                      ,"iv too large"},
+{EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
+{EVP_R_MISSING_PARAMETERS                ,"missing parameters"},
+{EVP_R_NO_CIPHER_SET                     ,"no cipher set"},
+{EVP_R_NO_DIGEST_SET                     ,"no digest set"},
+{EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
+{EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
+{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
+{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE         ,"pkcs8 unknown broken type"},
+{EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{EVP_R_UNKNOWN_PBE_ALGORITHM             ,"unknown pbe algorithm"},
+{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS       ,"unsuported number of rounds"},
+{EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{EVP_R_UNSUPPORTED_KEYLENGTH             ,"unsupported keylength"},
+{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
+{EVP_R_UNSUPPORTED_KEY_SIZE              ,"unsupported key size"},
+{EVP_R_UNSUPPORTED_PRF                   ,"unsupported prf"},
+{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
+{EVP_R_UNSUPPORTED_SALT_TYPE             ,"unsupported salt type"},
+{EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
+{EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_EVP_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
+                ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
new file mode 100644
index 0000000000..5f387a94d3
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -0,0 +1,174 @@
+/* crypto/evp/evp_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
+
+/* should be init to zeros. */
+static char prompt_string[80];
+
+void EVP_set_pw_prompt(char *prompt)
+        {
+        if (prompt == NULL)
+                prompt_string[0]='\0';
+        else
+                {
+                strncpy(prompt_string,prompt,79);
+                prompt_string[79]='\0';
+                }
+        }
+
+char *EVP_get_pw_prompt(void)
+        {
+        if (prompt_string[0] == '\0')
+                return(NULL);
+        else
+                return(prompt_string);
+        }
+
+/* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+        {
+        int ret;
+        char buff[BUFSIZ];
+        UI *ui;
+
+        if ((prompt == NULL) && (prompt_string[0] != '\0'))
+                prompt=prompt_string;
+        ui = UI_new();
+        UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+        if (verify)
+                UI_add_verify_string(ui,prompt,0,
+                        buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+        ret = UI_process(ui);
+        UI_free(ui);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return ret;
+        }
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
+             const unsigned char *salt, const unsigned char *data, int datal,
+             int count, unsigned char *key, unsigned char *iv)
+        {
+        EVP_MD_CTX c;
+        unsigned char md_buf[EVP_MAX_MD_SIZE];
+        int niv,nkey,addmd=0;
+        unsigned int mds=0,i;
+
+        nkey=type->key_len;
+        niv=type->iv_len;
+        OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+        OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
+
+        if (data == NULL) return(nkey);
+
+        EVP_MD_CTX_init(&c);
+        for (;;)
+                {
+                EVP_DigestInit_ex(&c,md, NULL);
+                if (addmd++)
+                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
+                EVP_DigestUpdate(&c,data,datal);
+                if (salt != NULL)
+                        EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
+                EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+
+                for (i=1; i<(unsigned int)count; i++)
+                        {
+                        EVP_DigestInit_ex(&c,md, NULL);
+                        EVP_DigestUpdate(&c,&(md_buf[0]),mds);
+                        EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+                        }
+                i=0;
+                if (nkey)
+                        {
+                        for (;;)
+                                {
+                                if (nkey == 0) break;
+                                if (i == mds) break;
+                                if (key != NULL)
+                                        *(key++)=md_buf[i];
+                                nkey--;
+                                i++;
+                                }
+                        }
+                if (niv && (i != mds))
+                        {
+                        for (;;)
+                                {
+                                if (niv == 0) break;
+                                if (i == mds) break;
+                                if (iv != NULL)
+                                        *(iv++)=md_buf[i];
+                                niv--;
+                                i++;
+                                }
+                        }
+                if ((nkey == 0) && (niv == 0)) break;
+                }
+        EVP_MD_CTX_cleanup(&c);
+        OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
+        return(type->key_len);
+        }
+
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
new file mode 100644
index 0000000000..a63ba19317
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -0,0 +1,168 @@
+/* crypto/evp/evp_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        int ret;
+
+        if (c->cipher->set_asn1_parameters != NULL)
+                ret=c->cipher->set_asn1_parameters(c,type);
+        else
+                return -1;
+        return(ret);
+        }
+
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        int ret;
+
+        if (c->cipher->get_asn1_parameters != NULL)
+                ret=c->cipher->get_asn1_parameters(c,type);
+        else
+                return -1;
+        return(ret);
+        }
+
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        int i=0,l;
+
+        if (type != NULL) 
+                {
+                l=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(l <= sizeof c->iv);
+                i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
+                if (i != l)
+                        return(-1);
+                else if (i > 0)
+                        memcpy(c->iv,c->oiv,l);
+                }
+        return(i);
+        }
+
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+        {
+        int i=0,j;
+
+        if (type != NULL)
+                {
+                j=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(j <= sizeof c->iv);
+                i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
+                }
+        return(i);
+        }
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+        int nid;
+        ASN1_OBJECT *otmp;
+        nid = EVP_CIPHER_nid(ctx);
+
+        switch(nid) {
+
+                case NID_rc2_cbc:
+                case NID_rc2_64_cbc:
+                case NID_rc2_40_cbc:
+
+                return NID_rc2_cbc;
+
+                case NID_rc4:
+                case NID_rc4_40:
+
+                return NID_rc4;
+
+                case NID_aes_128_cfb128:
+                case NID_aes_128_cfb8:
+                case NID_aes_128_cfb1:
+
+                return NID_aes_128_cfb128;
+
+                case NID_aes_192_cfb128:
+                case NID_aes_192_cfb8:
+                case NID_aes_192_cfb1:
+
+                return NID_aes_192_cfb128;
+
+                case NID_aes_256_cfb128:
+                case NID_aes_256_cfb8:
+                case NID_aes_256_cfb1:
+
+                return NID_aes_256_cfb128;
+
+                case NID_des_cfb64:
+                case NID_des_cfb8:
+                case NID_des_cfb1:
+
+                return NID_des_cfb64;
+
+                default:
+                /* Check it has an OID and it is valid */
+                otmp = OBJ_nid2obj(nid);
+                if(!otmp || !otmp->data) nid = NID_undef;
+                ASN1_OBJECT_free(otmp);
+                return nid;
+        }
+}
+
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
new file mode 100644
index 0000000000..f8c5343620
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -0,0 +1,252 @@
+/* evp_locl.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define BLOCK_CIPHER_ecb_loop() \
+        unsigned int i, bl; \
+        bl = ctx->cipher->block_size;\
+        if(inl < bl) return 1;\
+        inl -= bl; \
+        for(i=0; i <= inl; i+=bl) \
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        BLOCK_CIPHER_ecb_loop() \
+                cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+        cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                          key_len, iv_len, flags, init_key, cleanup, \
+                          set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+        nid##_##nmode, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_##MODE##_MODE, \
+        init_key, \
+        cname##_##mode##_cipher, \
+        cleanup, \
+        sizeof(kstruct), \
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                          nid, block_size, key_len, iv_len, cbits, flags, \
+                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+
+/*
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                                nid, block_size, key_len, iv_len, flags,\
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+        nid##_cbc, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_CBC_MODE,\
+        init_key,\
+        cname##_cbc_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+        nid##_cfb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_CFB_MODE,\
+        init_key,\
+        cname##_cfb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+        nid##_ofb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_OFB_MODE,\
+        init_key,\
+        cname##_ofb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+        nid##_ecb, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_ECB_MODE,\
+        init_key,\
+        cname##_ecb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+                               block_size, key_len, iv_len, cbits, \
+                               flags, init_key, \
+                               cleanup, set_asn1, get_asn1, ctrl) \
+        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+                          cbits, flags, init_key, cleanup, set_asn1, \
+                          get_asn1, ctrl)
+
+#define EVP_C_DATA(kstruct, ctx)        ((kstruct *)(ctx)->cipher_data)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \
+        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+                             flags, cipher##_init_key, NULL, \
+                             EVP_CIPHER_set_asn1_iv, \
+                             EVP_CIPHER_get_asn1_iv, \
+                             NULL)
+
+#ifdef OPENSSL_FIPS
+#define RC2_set_key     private_RC2_set_key
+#define RC4_set_key     private_RC4_set_key
+#define CAST_set_key    private_CAST_set_key
+#define RC5_32_set_key  private_RC5_32_set_key
+#define BF_set_key      private_BF_set_key
+#define idea_set_encrypt_key private_idea_set_encrypt_key
+
+#define MD5_Init        private_MD5_Init
+#define MD4_Init        private_MD4_Init
+#define MD2_Init        private_MD2_Init
+#define MDC2_Init       private_MDC2_Init
+#define SHA_Init        private_SHA_Init
+
+#endif
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
new file mode 100644
index 0000000000..91e545a141
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -0,0 +1,136 @@
+/* evp_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/* Password based encryption (PBE) functions */
+
+static STACK *pbe_algs;
+
+/* Setup a cipher context from a PBE algorithm */
+
+typedef struct {
+int pbe_nid;
+const EVP_CIPHER *cipher;
+const EVP_MD *md;
+EVP_PBE_KEYGEN *keygen;
+} EVP_PBE_CTL;
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+
+        EVP_PBE_CTL *pbetmp, pbelu;
+        int i;
+        pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+        if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
+        else i = -1;
+
+        if (i == -1) {
+                char obj_tmp[80];
+                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
+                if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
+                else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
+                ERR_add_error_data(2, "TYPE=", obj_tmp);
+                return 0;
+        }
+        if(!pass) passlen = 0;
+        else if (passlen == -1) passlen = strlen(pass);
+        pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+        i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
+                                                 pbetmp->md, en_de);
+        if (!i) {
+                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
+                return 0;
+        }
+        return 1;       
+}
+
+static int pbe_cmp(const char * const *a, const char * const *b)
+{
+        EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a,  **pbe2 = (EVP_PBE_CTL **)b;
+        return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+             EVP_PBE_KEYGEN *keygen)
+{
+        EVP_PBE_CTL *pbe_tmp;
+        if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
+        if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
+                EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        pbe_tmp->pbe_nid = nid;
+        pbe_tmp->cipher = cipher;
+        pbe_tmp->md = md;
+        pbe_tmp->keygen = keygen;
+        sk_push (pbe_algs, (char *)pbe_tmp);
+        return 1;
+}
+
+void EVP_PBE_cleanup(void)
+{
+        sk_pop_free(pbe_algs, OPENSSL_freeFunc);
+        pbe_algs = NULL;
+}
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
new file mode 100644
index 0000000000..47a69932a5
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -0,0 +1,468 @@
+/* evp_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
+#endif
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
+{
+        EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+        DSA *dsa = NULL;
+        ASN1_INTEGER *privkey;
+        ASN1_TYPE *t1, *t2, *param = NULL;
+        STACK_OF(ASN1_TYPE) *ndsa = NULL;
+        BN_CTX *ctx = NULL;
+        int plen;
+#endif
+        X509_ALGOR *a;
+        unsigned char *p;
+        const unsigned char *cp;
+        int pkeylen;
+        char obj_tmp[80];
+
+        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
+                p8->broken = PKCS8_OK;
+                p = p8->pkey->value.octet_string->data;
+                pkeylen = p8->pkey->value.octet_string->length;
+        } else {
+                p8->broken = PKCS8_NO_OCTET;
+                p = p8->pkey->value.sequence->data;
+                pkeylen = p8->pkey->value.sequence->length;
+        }
+        if (!(pkey = EVP_PKEY_new())) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        a = p8->pkeyalg;
+        switch (OBJ_obj2nid(a->algorithm))
+        {
+#ifndef OPENSSL_NO_RSA
+                case NID_rsaEncryption:
+                cp = p;
+                if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        return NULL;
+                }
+                EVP_PKEY_assign_RSA (pkey, rsa);
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+                case NID_dsa:
+                /* PKCS#8 DSA is weird: you just get a private key integer
+                 * and parameters in the AlgorithmIdentifier the pubkey must
+                 * be recalculated.
+                 */
+        
+                /* Check for broken DSA PKCS#8, UGH! */
+                if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
+                    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
+                                                          d2i_ASN1_TYPE,
+                                                          ASN1_TYPE_free))) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
+                    }
+                    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
+                    }
+                    /* Handle Two broken types:
+                     * SEQUENCE {parameters, priv_key}
+                     * SEQUENCE {pub_key, priv_key}
+                     */
+
+                    t1 = sk_ASN1_TYPE_value(ndsa, 0);
+                    t2 = sk_ASN1_TYPE_value(ndsa, 1);
+                    if(t1->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_EMBEDDED_PARAM;
+                        param = t1;
+                    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
+                        p8->broken = PKCS8_NS_DB;
+                        param = a->parameter;
+                    } else {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
+                    }
+
+                    if(t2->type != V_ASN1_INTEGER) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
+                    }
+                    privkey = t2->value.integer;
+                } else {
+                        if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+                                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                                goto dsaerr;
+                        }
+                        param = p8->pkeyalg->parameter;
+                }
+                if (!param || (param->type != V_ASN1_SEQUENCE)) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
+                }
+                cp = p = param->value.sequence->data;
+                plen = param->value.sequence->length;
+                if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                        goto dsaerr;
+                }
+                /* We have parameters now set private key */
+                if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
+                        goto dsaerr;
+                }
+                /* Calculate public key (ouch!) */
+                if (!(dsa->pub_key = BN_new())) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+                        goto dsaerr;
+                }
+                if (!(ctx = BN_CTX_new())) {
+                        EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+                        goto dsaerr;
+                }
+                        
+                if (!BN_mod_exp(dsa->pub_key, dsa->g,
+                                                 dsa->priv_key, dsa->p, ctx)) {
+                        
+                        EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
+                        goto dsaerr;
+                }
+
+                EVP_PKEY_assign_DSA(pkey, dsa);
+                BN_CTX_free (ctx);
+                if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                else ASN1_INTEGER_free(privkey);
+                break;
+                dsaerr:
+                BN_CTX_free (ctx);
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                DSA_free(dsa);
+                EVP_PKEY_free(pkey);
+                return NULL;
+                break;
+#endif
+                default:
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
+                else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
+                ERR_add_error_data(2, "TYPE=", obj_tmp);
+                EVP_PKEY_free (pkey);
+                return NULL;
+        }
+        return pkey;
+}
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+        return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
+{
+        PKCS8_PRIV_KEY_INFO *p8;
+
+        if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p8->broken = broken;
+        if (!ASN1_INTEGER_set(p8->version, 0)) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                PKCS8_PRIV_KEY_INFO_free (p8);
+                return NULL;
+        }
+        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                PKCS8_PRIV_KEY_INFO_free (p8);
+                return NULL;
+        }
+        p8->pkey->type = V_ASN1_OCTET_STRING;
+        switch (EVP_PKEY_type(pkey->type)) {
+#ifndef OPENSSL_NO_RSA
+                case EVP_PKEY_RSA:
+
+                if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
+
+                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
+                                         &p8->pkey->value.octet_string)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        PKCS8_PRIV_KEY_INFO_free (p8);
+                        return NULL;
+                }
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+                case EVP_PKEY_DSA:
+                if(!dsa_pkey2pkcs8(p8, pkey)) {
+                        PKCS8_PRIV_KEY_INFO_free (p8);
+                        return NULL;
+                }
+
+                break;
+#endif
+                default:
+                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                PKCS8_PRIV_KEY_INFO_free (p8);
+                return NULL;
+        }
+        RAND_add(p8->pkey->value.octet_string->data,
+                 p8->pkey->value.octet_string->length, 0);
+        return p8;
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
+{
+        switch (broken) {
+
+                case PKCS8_OK:
+                p8->broken = PKCS8_OK;
+                return p8;
+                break;
+
+                case PKCS8_NO_OCTET:
+                p8->broken = PKCS8_NO_OCTET;
+                p8->pkey->type = V_ASN1_SEQUENCE;
+                return p8;
+                break;
+
+                default:
+                EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+                return NULL;
+                break;
+                
+        }
+}
+
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+        ASN1_STRING *params = NULL;
+        ASN1_INTEGER *prkey = NULL;
+        ASN1_TYPE *ttmp = NULL;
+        STACK_OF(ASN1_TYPE) *ndsa = NULL;
+        unsigned char *p = NULL, *q;
+        int len;
+
+        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+        if (!(p = OPENSSL_malloc(len))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        q = p;
+        i2d_DSAparams (pkey->pkey.dsa, &q);
+        if (!(params = ASN1_STRING_new())) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!ASN1_STRING_set(params, p, len)) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        OPENSSL_free(p);
+        p = NULL;
+        /* Get private key into integer */
+        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                goto err;
+        }
+
+        switch(p8->broken) {
+
+                case PKCS8_OK:
+                case PKCS8_NO_OCTET:
+
+                if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
+                                         &p8->pkey->value.octet_string)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+
+                M_ASN1_INTEGER_free (prkey);
+                prkey = NULL;
+                p8->pkeyalg->parameter->value.sequence = params;
+                params = NULL;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+
+                break;
+
+                case PKCS8_NS_DB:
+
+                p8->pkeyalg->parameter->value.sequence = params;
+                params = NULL;
+                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                if (!(ttmp = ASN1_TYPE_new())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                if (!(ttmp->value.integer =
+                        BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                        goto err;
+                }
+                ttmp->type = V_ASN1_INTEGER;
+                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+
+                if (!(ttmp = ASN1_TYPE_new())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                ttmp->value.integer = prkey;
+                prkey = NULL;
+                ttmp->type = V_ASN1_INTEGER;
+                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                ttmp = NULL;
+
+                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+
+                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+
+                case PKCS8_EMBEDDED_PARAM:
+
+                p8->pkeyalg->parameter->type = V_ASN1_NULL;
+                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                if (!(ttmp = ASN1_TYPE_new())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                ttmp->value.sequence = params;
+                params = NULL;
+                ttmp->type = V_ASN1_SEQUENCE;
+                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+
+                if (!(ttmp = ASN1_TYPE_new())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                ttmp->value.integer = prkey;
+                prkey = NULL;
+                ttmp->type = V_ASN1_INTEGER;
+                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                ttmp = NULL;
+
+                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+
+                if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+                                         &p8->pkey->value.octet_string->data,
+                                         &p8->pkey->value.octet_string->length)) {
+
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+                break;
+        }
+        return 1;
+err:
+        if (p != NULL) OPENSSL_free(p);
+        if (params != NULL) ASN1_STRING_free(params);
+        if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
+        if (ttmp != NULL) ASN1_TYPE_free(ttmp);
+        if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
new file mode 100644
index 0000000000..d393eb3400
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -0,0 +1,95 @@
+/* crypto/evp/m_dss.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+#ifndef OPENSSL_NO_SHA
+static int init(EVP_MD_CTX *ctx)
+        { return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dsa_md=
+        {
+        NID_dsaWithSHA,
+        NID_dsaWithSHA,
+        SHA_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_DSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+
+const EVP_MD *EVP_dss(void)
+        {
+        return(&dsa_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
new file mode 100644
index 0000000000..f5668ebda0
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -0,0 +1,95 @@
+/* crypto/evp/m_dss1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_SHA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static int init(EVP_MD_CTX *ctx)
+        { return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dss1_md=
+        {
+        NID_dsa,
+        NID_dsaWithSHA1,
+        SHA_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_DSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+
+const EVP_MD *EVP_dss1(void)
+        {
+        return(&dss1_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
new file mode 100644
index 0000000000..0605e4b707
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -0,0 +1,97 @@
+/* crypto/evp/m_md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_MD4
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/md4.h>
+
+static int init(EVP_MD_CTX *ctx)
+        { return MD4_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return MD4_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return MD4_Final(md,ctx->md_data); }
+
+static const EVP_MD md4_md=
+        {
+        NID_md4,
+        NID_md4WithRSAEncryption,
+        MD4_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        MD4_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(MD4_CTX),
+        };
+
+const EVP_MD *EVP_md4(void)
+        {
+        return(&md4_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
new file mode 100644
index 0000000000..752615d473
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -0,0 +1,97 @@
+/* crypto/evp/m_md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_MD5
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/md5.h>
+
+static int init(EVP_MD_CTX *ctx)
+        { return MD5_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return MD5_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return MD5_Final(md,ctx->md_data); }
+
+static const EVP_MD md5_md=
+        {
+        NID_md5,
+        NID_md5WithRSAEncryption,
+        MD5_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        MD5_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(MD5_CTX),
+        };
+
+const EVP_MD *EVP_md5(void)
+        {
+        return(&md5_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c
new file mode 100644
index 0000000000..f6f0a1d2c0
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_null.c
@@ -0,0 +1,95 @@
+/* crypto/evp/m_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static int init(EVP_MD_CTX *ctx)
+        { return 1; }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return 1; }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return 1; }
+
+static const EVP_MD null_md=
+        {
+        NID_undef,
+        NID_undef,
+        0,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_NULL_method,
+        0,
+        sizeof(EVP_MD *),
+        };
+
+const EVP_MD *EVP_md_null(void)
+        {
+        return(&null_md);
+        }
+
+
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
new file mode 100644
index 0000000000..64725528dc
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_ripemd.c
@@ -0,0 +1,96 @@
+/* crypto/evp/m_ripemd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_RIPEMD
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/ripemd.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static int init(EVP_MD_CTX *ctx)
+        { return RIPEMD160_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return RIPEMD160_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return RIPEMD160_Final(md,ctx->md_data); }
+
+static const EVP_MD ripemd160_md=
+        {
+        NID_ripemd160,
+        NID_ripemd160WithRSA,
+        RIPEMD160_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        RIPEMD160_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
+        };
+
+const EVP_MD *EVP_ripemd160(void)
+        {
+        return(&ripemd160_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
index ed54909b16..d1785e5f74 100644
--- a/src/lib/libcrypto/evp/m_sha.c
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -59,9 +59,6 @@
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
 #include <stdio.h>
 #include "cryptlib.h"
-/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
- * exactly what we want to achieve here... */
-#include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "evp_locl.h"
 #include <openssl/objects.h>
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
new file mode 100644
index 0000000000..fe4402389a
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -0,0 +1,95 @@
+/* crypto/evp/m_sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_SHA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static int init(EVP_MD_CTX *ctx)
+        { return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD sha1_md=
+        {
+        NID_sha1,
+        NID_sha1WithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+
+const EVP_MD *EVP_sha1(void)
+        {
+        return(&sha1_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
new file mode 100644
index 0000000000..7712453046
--- /dev/null
+++ b/src/lib/libcrypto/evp/names.c
@@ -0,0 +1,126 @@
+/* crypto/evp/names.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+int EVP_add_cipher(const EVP_CIPHER *c)
+        {
+        int r;
+
+        r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
+        if (r == 0) return(0);
+        r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
+        return(r);
+        }
+
+int EVP_add_digest(const EVP_MD *md)
+        {
+        int r;
+        const char *name;
+
+        name=OBJ_nid2sn(md->type);
+        r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md);
+        if (r == 0) return(0);
+        r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md);
+        if (r == 0) return(0);
+
+        if (md->type != md->pkey_type)
+                {
+                r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
+                if (r == 0) return(0);
+                r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+                        OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
+                }
+        return(r);
+        }
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
+        {
+        const EVP_CIPHER *cp;
+
+        cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
+        return(cp);
+        }
+
+const EVP_MD *EVP_get_digestbyname(const char *name)
+        {
+        const EVP_MD *cp;
+
+        cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
+        return(cp);
+        }
+
+void EVP_cleanup(void)
+        {
+        OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+        OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+        /* The above calls will only clean out the contents of the name
+           hash table, but not the hash table itself.  The following line
+           does that part.  -- Richard Levitte */
+        OBJ_NAME_cleanup(-1);
+
+        EVP_PBE_cleanup();
+        }
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
new file mode 100644
index 0000000000..a1874e83b2
--- /dev/null
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -0,0 +1,153 @@
+/* p5_crpt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+
+/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+ */
+
+void PKCS5_PBE_add(void)
+{
+#ifndef OPENSSL_NO_DES
+#  ifndef OPENSSL_NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
+                                                         PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
+                                                         PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
+                                                         PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef OPENSSL_NO_RC2
+#  ifndef OPENSSL_NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
+                                                         PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
+                                                         PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
+                                                         PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef OPENSSL_NO_HMAC
+EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
+#endif
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
+                         int en_de)
+{
+        EVP_MD_CTX ctx;
+        unsigned char md_tmp[EVP_MAX_MD_SIZE];
+        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+        int i;
+        PBEPARAM *pbe;
+        int saltlen, iter;
+        unsigned char *salt, *pbuf;
+
+        /* Extract useful info from parameter */
+        pbuf = param->value.sequence->data;
+        if (!param || (param->type != V_ASN1_SEQUENCE) ||
+           !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+                return 0;
+        }
+
+        if (!pbe->iter) iter = 1;
+        else iter = ASN1_INTEGER_get (pbe->iter);
+        salt = pbe->salt->data;
+        saltlen = pbe->salt->length;
+
+        if(!pass) passlen = 0;
+        else if(passlen == -1) passlen = strlen(pass);
+
+        EVP_MD_CTX_init(&ctx);
+        EVP_DigestInit_ex(&ctx, md, NULL);
+        EVP_DigestUpdate(&ctx, pass, passlen);
+        EVP_DigestUpdate(&ctx, salt, saltlen);
+        PBEPARAM_free(pbe);
+        EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+        for (i = 1; i < iter; i++) {
+                EVP_DigestInit_ex(&ctx, md, NULL);
+                EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+                EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
+        }
+        EVP_MD_CTX_cleanup(&ctx);
+        OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
+        memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+        OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
+        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+                                                 EVP_CIPHER_iv_length(cipher));
+        EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
+        OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+        return 1;
+}
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
new file mode 100644
index 0000000000..1f94e1ef88
--- /dev/null
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -0,0 +1,251 @@
+/* p5_crpt2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+/* set this to print out info about the keygen algorithm */
+/* #define DEBUG_PKCS5V2 */
+
+#ifdef DEBUG_PKCS5V2
+        static void h__dump (const unsigned char *p, int len);
+#endif
+
+/* This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2 using the only currently defined function HMAC
+ * with SHA1. Verified against test vectors posted by Peter Gutmann
+ * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
+ */
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out)
+{
+        unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+        int cplen, j, k, tkeylen;
+        unsigned long i = 1;
+        HMAC_CTX hctx;
+
+        HMAC_CTX_init(&hctx);
+        p = out;
+        tkeylen = keylen;
+        if(!pass) passlen = 0;
+        else if(passlen == -1) passlen = strlen(pass);
+        while(tkeylen) {
+                if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
+                else cplen = tkeylen;
+                /* We are unlikely to ever use more than 256 blocks (5120 bits!)
+                 * but just in case...
+                 */
+                itmp[0] = (unsigned char)((i >> 24) & 0xff);
+                itmp[1] = (unsigned char)((i >> 16) & 0xff);
+                itmp[2] = (unsigned char)((i >> 8) & 0xff);
+                itmp[3] = (unsigned char)(i & 0xff);
+                HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
+                HMAC_Update(&hctx, salt, saltlen);
+                HMAC_Update(&hctx, itmp, 4);
+                HMAC_Final(&hctx, digtmp, NULL);
+                memcpy(p, digtmp, cplen);
+                for(j = 1; j < iter; j++) {
+                        HMAC(EVP_sha1(), pass, passlen,
+                                 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+                        for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
+                }
+                tkeylen-= cplen;
+                i++;
+                p+= cplen;
+        }
+        HMAC_CTX_cleanup(&hctx);
+#ifdef DEBUG_PKCS5V2
+        fprintf(stderr, "Password:\n");
+        h__dump (pass, passlen);
+        fprintf(stderr, "Salt:\n");
+        h__dump (salt, saltlen);
+        fprintf(stderr, "Iteration count %d\n", iter);
+        fprintf(stderr, "Key:\n");
+        h__dump (out, keylen);
+#endif
+        return 1;
+}
+
+#ifdef DO_TEST
+main()
+{
+        unsigned char out[4];
+        unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
+        PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
+        fprintf(stderr, "Out %02X %02X %02X %02X\n",
+                                         out[0], out[1], out[2], out[3]);
+}
+
+#endif
+
+/* Now the key derivation function itself. This is a bit evil because
+ * it has to check the ASN1 parameters are valid: and there are quite a
+ * few of them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
+                         int en_de)
+{
+        unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
+        int saltlen, keylen, iter, plen;
+        PBE2PARAM *pbe2 = NULL;
+        const EVP_CIPHER *cipher;
+        PBKDF2PARAM *kdf = NULL;
+
+        pbuf = param->value.sequence->data;
+        plen = param->value.sequence->length;
+        if(!param || (param->type != V_ASN1_SEQUENCE) ||
+                                   !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+                return 0;
+        }
+
+        /* See if we recognise the key derivation function */
+
+        if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+                                EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+                goto err;
+        }
+
+        /* lets see if we recognise the encryption algorithm.
+         */
+
+        cipher = EVP_get_cipherbyname(
+                        OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
+
+        if(!cipher) {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+                                                EVP_R_UNSUPPORTED_CIPHER);
+                goto err;
+        }
+
+        /* Fixup cipher based on AlgorithmIdentifier */
+        EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
+        if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+                                        EVP_R_CIPHER_PARAMETER_ERROR);
+                goto err;
+        }
+        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        OPENSSL_assert(keylen <= sizeof key);
+
+        /* Now decode key derivation function */
+
+        pbuf = pbe2->keyfunc->parameter->value.sequence->data;
+        plen = pbe2->keyfunc->parameter->value.sequence->length;
+        if(!pbe2->keyfunc->parameter ||
+                 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
+                                !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+                goto err;
+        }
+
+        PBE2PARAM_free(pbe2);
+        pbe2 = NULL;
+
+        /* Now check the parameters of the kdf */
+
+        if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+                                                EVP_R_UNSUPPORTED_KEYLENGTH);
+                goto err;
+        }
+
+        if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+                goto err;
+        }
+
+        if(kdf->salt->type != V_ASN1_OCTET_STRING) {
+                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+                                                EVP_R_UNSUPPORTED_SALT_TYPE);
+                goto err;
+        }
+
+        /* it seems that its all OK */
+        salt = kdf->salt->value.octet_string->data;
+        saltlen = kdf->salt->value.octet_string->length;
+        iter = ASN1_INTEGER_get(kdf->iter);
+        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+        OPENSSL_cleanse(key, keylen);
+        PBKDF2PARAM_free(kdf);
+        return 1;
+
+        err:
+        PBE2PARAM_free(pbe2);
+        PBKDF2PARAM_free(kdf);
+        return 0;
+}
+
+#ifdef DEBUG_PKCS5V2
+static void h__dump (const unsigned char *p, int len)
+{
+        for (; len --; p++) fprintf(stderr, "%02X ", *p);
+        fprintf(stderr, "\n");
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
new file mode 100644
index 0000000000..8af620400e
--- /dev/null
+++ b/src/lib/libcrypto/evp/p_dec.c
@@ -0,0 +1,87 @@
+/* crypto/evp/p_dec.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl,
+             EVP_PKEY *priv)
+        {
+        int ret= -1;
+        
+#ifndef OPENSSL_NO_RSA
+        if (priv->type != EVP_PKEY_RSA)
+                {
+#endif
+                EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+                goto err;
+                }
+
+        ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
+err:
+#endif
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
new file mode 100644
index 0000000000..656883b996
--- /dev/null
+++ b/src/lib/libcrypto/evp/p_enc.c
@@ -0,0 +1,86 @@
+/* crypto/evp/p_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len,
+             EVP_PKEY *pubk)
+        {
+        int ret=0;
+        
+#ifndef OPENSSL_NO_RSA
+        if (pubk->type != EVP_PKEY_RSA)
+                {
+#endif
+                EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+                goto err;
+                }
+        ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
+err:
+#endif
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
new file mode 100644
index 0000000000..215b94292a
--- /dev/null
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -0,0 +1,337 @@
+/* crypto/evp/p_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+static void EVP_PKEY_free_it(EVP_PKEY *x);
+
+int EVP_PKEY_bits(EVP_PKEY *pkey)
+        {
+#ifndef OPENSSL_NO_RSA
+        if (pkey->type == EVP_PKEY_RSA)
+                return(BN_num_bits(pkey->pkey.rsa->n));
+        else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                return(BN_num_bits(pkey->pkey.dsa->p));
+#endif
+        return(0);
+        }
+
+int EVP_PKEY_size(EVP_PKEY *pkey)
+        {
+        if (pkey == NULL)
+                return(0);
+#ifndef OPENSSL_NO_RSA
+        if (pkey->type == EVP_PKEY_RSA)
+                return(RSA_size(pkey->pkey.rsa));
+        else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                return(DSA_size(pkey->pkey.dsa));
+#endif
+        return(0);
+        }
+
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
+        {
+#ifndef OPENSSL_NO_DSA
+        if (pkey->type == EVP_PKEY_DSA)
+                {
+                int ret=pkey->save_parameters;
+
+                if (mode >= 0)
+                        pkey->save_parameters=mode;
+                return(ret);
+                }
+#endif
+        return(0);
+        }
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
+        {
+        if (to->type != from->type)
+                {
+                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
+                goto err;
+                }
+
+        if (EVP_PKEY_missing_parameters(from))
+                {
+                EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
+                goto err;
+                }
+#ifndef OPENSSL_NO_DSA
+        if (to->type == EVP_PKEY_DSA)
+                {
+                BIGNUM *a;
+
+                if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
+                if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
+                to->pkey.dsa->p=a;
+
+                if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
+                if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
+                to->pkey.dsa->q=a;
+
+                if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
+                if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
+                to->pkey.dsa->g=a;
+                }
+#endif
+        return(1);
+err:
+        return(0);
+        }
+
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
+        {
+#ifndef OPENSSL_NO_DSA
+        if (pkey->type == EVP_PKEY_DSA)
+                {
+                DSA *dsa;
+
+                dsa=pkey->pkey.dsa;
+                if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+                        return(1);
+                }
+#endif
+        return(0);
+        }
+
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
+        {
+#ifndef OPENSSL_NO_DSA
+        if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
+                {
+                if (    BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
+                        BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
+                        BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
+                        return(0);
+                else
+                        return(1);
+                }
+#endif
+        return(-1);
+        }
+
+EVP_PKEY *EVP_PKEY_new(void)
+        {
+        EVP_PKEY *ret;
+
+        ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
+        if (ret == NULL)
+                {
+                EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->type=EVP_PKEY_NONE;
+        ret->references=1;
+        ret->pkey.ptr=NULL;
+        ret->attributes=NULL;
+        ret->save_parameters=1;
+        return(ret);
+        }
+
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
+        {
+        if (pkey == NULL) return(0);
+        if (pkey->pkey.ptr != NULL)
+                EVP_PKEY_free_it(pkey);
+        pkey->type=EVP_PKEY_type(type);
+        pkey->save_type=type;
+        pkey->pkey.ptr=key;
+        return(key != NULL);
+        }
+
+#ifndef OPENSSL_NO_RSA
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+        int ret = EVP_PKEY_assign_RSA(pkey, key);
+        if(ret)
+                RSA_up_ref(key);
+        return ret;
+}
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+        {
+        if(pkey->type != EVP_PKEY_RSA) {
+                EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+                return NULL;
+        }
+        RSA_up_ref(pkey->pkey.rsa);
+        return pkey->pkey.rsa;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+{
+        int ret = EVP_PKEY_assign_DSA(pkey, key);
+        if(ret)
+                DSA_up_ref(key);
+        return ret;
+}
+
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+        {
+        if(pkey->type != EVP_PKEY_DSA) {
+                EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+                return NULL;
+        }
+        DSA_up_ref(pkey->pkey.dsa);
+        return pkey->pkey.dsa;
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+{
+        int ret = EVP_PKEY_assign_DH(pkey, key);
+        if(ret)
+                DH_up_ref(key);
+        return ret;
+}
+
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+        {
+        if(pkey->type != EVP_PKEY_DH) {
+                EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
+                return NULL;
+        }
+        DH_up_ref(pkey->pkey.dh);
+        return pkey->pkey.dh;
+}
+#endif
+
+int EVP_PKEY_type(int type)
+        {
+        switch (type)
+                {
+        case EVP_PKEY_RSA:
+        case EVP_PKEY_RSA2:
+                return(EVP_PKEY_RSA);
+        case EVP_PKEY_DSA:
+        case EVP_PKEY_DSA1:
+        case EVP_PKEY_DSA2:
+        case EVP_PKEY_DSA3:
+        case EVP_PKEY_DSA4:
+                return(EVP_PKEY_DSA);
+        case EVP_PKEY_DH:
+                return(EVP_PKEY_DH);
+        default:
+                return(NID_undef);
+                }
+        }
+
+void EVP_PKEY_free(EVP_PKEY *x)
+        {
+        int i;
+
+        if (x == NULL) return;
+
+        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",x);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"EVP_PKEY_free, bad reference count\n");
+                abort();
+                }
+#endif
+        EVP_PKEY_free_it(x);
+        OPENSSL_free(x);
+        }
+
+static void EVP_PKEY_free_it(EVP_PKEY *x)
+        {
+        switch (x->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+        case EVP_PKEY_RSA2:
+                RSA_free(x->pkey.rsa);
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+        case EVP_PKEY_DSA2:
+        case EVP_PKEY_DSA3:
+        case EVP_PKEY_DSA4:
+                DSA_free(x->pkey.dsa);
+                break;
+#endif
+#ifndef OPENSSL_NO_DH
+        case EVP_PKEY_DH:
+                DH_free(x->pkey.dh);
+                break;
+#endif
+                }
+        }
+
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
new file mode 100644
index 0000000000..5a933d1cda
--- /dev/null
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -0,0 +1,123 @@
+/* crypto/evp/p_open.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_RSA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
+             int ekl, unsigned char *iv, EVP_PKEY *priv)
+        {
+        unsigned char *key=NULL;
+        int i,size=0,ret=0;
+
+        if(type) {      
+                EVP_CIPHER_CTX_init(ctx);
+                if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
+        }
+
+        if(!priv) return 1;
+
+        if (priv->type != EVP_PKEY_RSA)
+                {
+                EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
+                goto err;
+                }
+
+        size=RSA_size(priv->pkey.rsa);
+        key=(unsigned char *)OPENSSL_malloc(size+2);
+        if (key == NULL)
+                {
+                /* ERROR */
+                EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        i=EVP_PKEY_decrypt(key,ek,ekl,priv);
+        if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
+                {
+                /* ERROR */
+                goto err;
+                }
+        if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
+
+        ret=1;
+err:
+        if (key != NULL) OPENSSL_cleanse(key,size);
+        OPENSSL_free(key);
+        return(ret);
+        }
+
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        int i;
+
+        i=EVP_DecryptFinal_ex(ctx,out,outl);
+        EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+        return(i);
+        }
+#else /* !OPENSSL_NO_RSA */
+
+# ifdef PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
new file mode 100644
index 0000000000..37e547fe72
--- /dev/null
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -0,0 +1,115 @@
+/* crypto/evp/p_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
+             int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
+        {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        int i;
+        
+        if(type) {
+                EVP_CIPHER_CTX_init(ctx);
+                if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
+        }
+        if ((npubk <= 0) || !pubk)
+                return 1;
+        if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
+                return 0;
+        if (EVP_CIPHER_CTX_iv_length(ctx))
+                RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
+
+        if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
+
+        for (i=0; i<npubk; i++)
+                {
+                ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
+                        pubk[i]);
+                if (ekl[i] <= 0) return(-1);
+                }
+        return(npubk);
+        }
+
+/* MACRO
+void EVP_SealUpdate(ctx,out,outl,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+        {
+        EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        }
+*/
+
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+        {
+        int i;
+        i = EVP_EncryptFinal_ex(ctx,out,outl);
+        EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+        return i;
+        }
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
new file mode 100644
index 0000000000..e4ae5906f5
--- /dev/null
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -0,0 +1,114 @@
+/* crypto/evp/p_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+#ifdef undef
+void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+        {
+        EVP_DigestInit_ex(ctx,type);
+        }
+
+void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+             unsigned int count)
+        {
+        EVP_DigestUpdate(ctx,data,count);
+        }
+#endif
+
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+             EVP_PKEY *pkey)
+        {
+        unsigned char m[EVP_MAX_MD_SIZE];
+        unsigned int m_len;
+        int i,ok=0,v;
+        MS_STATIC EVP_MD_CTX tmp_ctx;
+
+        *siglen=0;
+        EVP_MD_CTX_init(&tmp_ctx);
+        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
+        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        for (i=0; i<4; i++)
+                {
+                v=ctx->digest->required_pkey_type[i];
+                if (v == 0) break;
+                if (pkey->type == v)
+                        {
+                        ok=1;
+                        break;
+                        }
+                }
+        if (!ok)
+                {
+                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
+                return(0);
+                }
+        if (ctx->digest->sign == NULL)
+                {
+                EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
+                return(0);
+                }
+        return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
+                pkey->pkey.ptr));
+        }
+
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
new file mode 100644
index 0000000000..d854d743a5
--- /dev/null
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -0,0 +1,101 @@
+/* crypto/evp/p_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
+             unsigned int siglen, EVP_PKEY *pkey)
+        {
+        unsigned char m[EVP_MAX_MD_SIZE];
+        unsigned int m_len;
+        int i,ok=0,v;
+        MS_STATIC EVP_MD_CTX tmp_ctx;
+
+        for (i=0; i<4; i++)
+                {
+                v=ctx->digest->required_pkey_type[i];
+                if (v == 0) break;
+                if (pkey->type == v)
+                        {
+                        ok=1;
+                        break;
+                        }
+                }
+        if (!ok)
+                {
+                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
+                return(-1);
+                }
+        EVP_MD_CTX_init(&tmp_ctx);
+        EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+        EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+        EVP_MD_CTX_cleanup(&tmp_ctx);
+        if (ctx->digest->verify == NULL)
+                {
+                EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
+                return(0);
+                }
+
+        return(ctx->digest->verify(ctx->digest->type,m,m_len,
+                sigbuf,siglen,pkey->pkey.ptr));
+        }
+
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
new file mode 100644
index 0000000000..5b2e345c27
--- /dev/null
+++ b/src/lib/libcrypto/ex_data.c
@@ -0,0 +1,636 @@
+/* crypto/ex_data.c */
+
+/*
+ * Overhaul notes;
+ *
+ * This code is now *mostly* thread-safe. It is now easier to understand in what
+ * ways it is safe and in what ways it is not, which is an improvement. Firstly,
+ * all per-class stacks and index-counters for ex_data are stored in the same
+ * global LHASH table (keyed by class). This hash table uses locking for all
+ * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
+ * called when no other threads can possibly race against it (even if it was
+ * locked, the race would mean it's possible the hash table might have been
+ * recreated after the cleanup). As classes can only be added to the hash table,
+ * and within each class, the stack of methods can only be incremented, the
+ * locking mechanics are simpler than they would otherwise be. For example, the
+ * new/dup/free ex_data functions will lock the hash table, copy the method
+ * pointers it needs from the relevant class, then unlock the hash table before
+ * actually applying those method pointers to the task of the new/dup/free
+ * operations. As they can't be removed from the method-stack, only
+ * supplemented, there's no race conditions associated with using them outside
+ * the lock. The get/set_ex_data functions are not locked because they do not
+ * involve this global state at all - they operate directly with a previously
+ * obtained per-class method index and a particular "ex_data" variable. These
+ * variables are usually instantiated per-context (eg. each RSA structure has
+ * one) so locking on read/write access to that variable can be locked locally
+ * if required (eg. using the "RSA" lock to synchronise access to a
+ * per-RSA-structure ex_data variable if required).
+ * [Geoff]
+ */
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "cryptlib.h"
+
+/* What an "implementation of ex_data functionality" looks like */
+struct st_CRYPTO_EX_DATA_IMPL
+        {
+        /*********************/
+        /* GLOBAL OPERATIONS */
+        /* Return a new class index */
+        int (*cb_new_class)(void);
+        /* Cleanup all state used by the implementation */
+        void (*cb_cleanup)(void);
+        /************************/
+        /* PER-CLASS OPERATIONS */
+        /* Get a new method index within a class */
+        int (*cb_get_new_index)(int class_index, long argl, void *argp,
+                        CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                        CRYPTO_EX_free *free_func);
+        /* Initialise a new CRYPTO_EX_DATA of a given class */
+        int (*cb_new_ex_data)(int class_index, void *obj,
+                        CRYPTO_EX_DATA *ad);
+        /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
+        int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,
+                        CRYPTO_EX_DATA *from);
+        /* Cleanup a CRYPTO_EX_DATA of a given class */
+        void (*cb_free_ex_data)(int class_index, void *obj,
+                        CRYPTO_EX_DATA *ad);
+        };
+
+/* The implementation we use at run-time */
+static const CRYPTO_EX_DATA_IMPL *impl = NULL;
+
+/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.
+ * EX_IMPL(get_new_index)(...); */
+#define EX_IMPL(a) impl->cb_##a
+
+/* Predeclare the "default" ex_data implementation */
+static int int_new_class(void);
+static void int_cleanup(void);
+static int int_get_new_index(int class_index, long argl, void *argp,
+                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+static int int_new_ex_data(int class_index, void *obj,
+                CRYPTO_EX_DATA *ad);
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                CRYPTO_EX_DATA *from);
+static void int_free_ex_data(int class_index, void *obj,
+                CRYPTO_EX_DATA *ad);
+static CRYPTO_EX_DATA_IMPL impl_default =
+        {
+        int_new_class,
+        int_cleanup,
+        int_get_new_index,
+        int_new_ex_data,
+        int_dup_ex_data,
+        int_free_ex_data
+        };
+
+/* Internal function that checks whether "impl" is set and if not, sets it to
+ * the default. */
+static void impl_check(void)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+        if(!impl)
+                impl = &impl_default;
+        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+        }
+/* A macro wrapper for impl_check that first uses a non-locked test before
+ * invoking the function (which checks again inside a lock). */
+#define IMPL_CHECK if(!impl) impl_check();
+
+/* API functions to get/set the "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
+        {
+        IMPL_CHECK
+        return impl;
+        }
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
+        {
+        int toret = 0;
+        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+        if(!impl)
+                {
+                impl = i;
+                toret = 1;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+        return toret;
+        }
+
+/****************************************************************************/
+/* Interal (default) implementation of "ex_data" support. API functions are
+ * further down. */
+
+/* The type that represents what each "class" used to implement locally. A STACK
+ * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global
+ * value representing the class that is used to distinguish these items. */
+typedef struct st_ex_class_item {
+        int class_index;
+        STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
+        int meth_num;
+} EX_CLASS_ITEM;
+
+/* When assigning new class indexes, this is our counter */
+static int ex_class = CRYPTO_EX_INDEX_USER;
+
+/* The global hash table of EX_CLASS_ITEM items */
+static LHASH *ex_data = NULL;
+
+/* The callbacks required in the "ex_data" hash table */
+static unsigned long ex_hash_cb(const void *a_void)
+        {
+        return ((const EX_CLASS_ITEM *)a_void)->class_index;
+        }
+static int ex_cmp_cb(const void *a_void, const void *b_void)
+        {
+        return (((const EX_CLASS_ITEM *)a_void)->class_index -
+                ((const EX_CLASS_ITEM *)b_void)->class_index);
+        }
+
+/* Internal functions used by the "impl_default" implementation to access the
+ * state */
+
+static int ex_data_check(void)
+        {
+        int toret = 1;
+        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+        if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
+                toret = 0;
+        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+        return toret;
+        }
+/* This macros helps reduce the locking from repeated checks because the
+ * ex_data_check() function checks ex_data again inside a lock. */
+#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
+
+/* This "inner" callback is used by the callback function that follows it */
+static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
+        {
+        OPENSSL_free(funcs);
+        }
+
+/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
+ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
+ * any locking. */
+static void def_cleanup_cb(const void *a_void)
+        {
+        EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
+        sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
+        OPENSSL_free(item);
+        }
+
+/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a
+ * given class. Handles locking. */
+static EX_CLASS_ITEM *def_get_class(int class_index)
+        {
+        EX_CLASS_ITEM d, *p, *gen;
+        EX_DATA_CHECK(return NULL;)
+        d.class_index = class_index;
+        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+        p = lh_retrieve(ex_data, &d);
+        if(!p)
+                {
+                gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
+                if(gen)
+                        {
+                        gen->class_index = class_index;
+                        gen->meth_num = 0;
+                        gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
+                        if(!gen->meth)
+                                OPENSSL_free(gen);
+                        else
+                                {
+                                /* Because we're inside the ex_data lock, the
+                                 * return value from the insert will be NULL */
+                                lh_insert(ex_data, gen);
+                                p = gen;
+                                }
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+        if(!p)
+                CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);
+        return p;
+        }
+
+/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
+ * index (or -1 for error). Handles locking. */
+static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
+                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func)
+        {
+        int toret = -1;
+        CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(
+                                        sizeof(CRYPTO_EX_DATA_FUNCS));
+        if(!a)
+                {
+                CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
+                return -1;
+                }
+        a->argl=argl;
+        a->argp=argp;
+        a->new_func=new_func;
+        a->dup_func=dup_func;
+        a->free_func=free_func;
+        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+        while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)
+                {
+                if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))
+                        {
+                        CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(a);
+                        goto err;
+                        }
+                }
+        toret = item->meth_num++;
+        sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
+err:
+        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+        return toret;
+        }
+
+/**************************************************************/
+/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
+
+static int int_new_class(void)
+        {
+        int toret;
+        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+        toret = ex_class++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+        return toret;
+        }
+
+static void int_cleanup(void)
+        {
+        EX_DATA_CHECK(return;)
+        lh_doall(ex_data, def_cleanup_cb);
+        lh_free(ex_data);
+        ex_data = NULL;
+        impl = NULL;
+        }
+
+static int int_get_new_index(int class_index, long argl, void *argp,
+                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func)
+        {
+        EX_CLASS_ITEM *item = def_get_class(class_index);
+        if(!item)
+                return -1;
+        return def_add_index(item, argl, argp, new_func, dup_func, free_func);
+        }
+
+/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in
+ * the lock, then using them outside the lock. NB: Thread-safety only applies to
+ * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'
+ * itself. */
+static int int_new_ex_data(int class_index, void *obj,
+                CRYPTO_EX_DATA *ad)
+        {
+        int mx,i;
+        void *ptr;
+        CRYPTO_EX_DATA_FUNCS **storage = NULL;
+        EX_CLASS_ITEM *item = def_get_class(class_index);
+        if(!item)
+                /* error is already set */
+                return 0;
+        ad->sk = NULL;
+        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+        if(mx > 0)
+                {
+                storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                if(!storage)
+                        goto skip;
+                for(i = 0; i < mx; i++)
+                        storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+                }
+skip:
+        CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+        if((mx > 0) && !storage)
+                {
+                CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        for(i = 0; i < mx; i++)
+                {
+                if(storage[i] && storage[i]->new_func)
+                        {
+                        ptr = CRYPTO_get_ex_data(ad, i);
+                        storage[i]->new_func(obj,ptr,ad,i,
+                                storage[i]->argl,storage[i]->argp);
+                        }
+                }
+        if(storage)
+                OPENSSL_free(storage);
+        return 1;
+        }
+
+/* Same thread-safety notes as for "int_new_ex_data" */
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                CRYPTO_EX_DATA *from)
+        {
+        int mx, j, i;
+        char *ptr;
+        CRYPTO_EX_DATA_FUNCS **storage = NULL;
+        EX_CLASS_ITEM *item;
+        if(!from->sk)
+                /* 'to' should be "blank" which *is* just like 'from' */
+                return 1;
+        if((item = def_get_class(class_index)) == NULL)
+                return 0;
+        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+        j = sk_num(from->sk);
+        if(j < mx)
+                mx = j;
+        if(mx > 0)
+                {
+                storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                if(!storage)
+                        goto skip;
+                for(i = 0; i < mx; i++)
+                        storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+                }
+skip:
+        CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+        if((mx > 0) && !storage)
+                {
+                CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        for(i = 0; i < mx; i++)
+                {
+                ptr = CRYPTO_get_ex_data(from, i);
+                if(storage[i] && storage[i]->dup_func)
+                        storage[i]->dup_func(to,from,&ptr,i,
+                                storage[i]->argl,storage[i]->argp);
+                CRYPTO_set_ex_data(to,i,ptr);
+                }
+        if(storage)
+                OPENSSL_free(storage);
+        return 1;
+        }
+
+/* Same thread-safety notes as for "int_new_ex_data" */
+static void int_free_ex_data(int class_index, void *obj,
+                CRYPTO_EX_DATA *ad)
+        {
+        int mx,i;
+        EX_CLASS_ITEM *item;
+        void *ptr;
+        CRYPTO_EX_DATA_FUNCS **storage = NULL;
+        if((item = def_get_class(class_index)) == NULL)
+                return;
+        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+        if(mx > 0)
+                {
+                storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                if(!storage)
+                        goto skip;
+                for(i = 0; i < mx; i++)
+                        storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+                }
+skip:
+        CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+        if((mx > 0) && !storage)
+                {
+                CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);
+                return;
+                }
+        for(i = 0; i < mx; i++)
+                {
+                if(storage[i] && storage[i]->free_func)
+                        {
+                        ptr = CRYPTO_get_ex_data(ad,i);
+                        storage[i]->free_func(obj,ptr,ad,i,
+                                storage[i]->argl,storage[i]->argp);
+                        }
+                }
+        if(storage)
+                OPENSSL_free(storage);
+        if(ad->sk)
+                {
+                sk_free(ad->sk);
+                ad->sk=NULL;
+                }
+        }
+
+/********************************************************************/
+/* API functions that defer all "state" operations to the "ex_data"
+ * implementation we have set. */
+
+/* Obtain an index for a new class (not the same as getting a new index within
+ * an existing class - this is actually getting a new *class*) */
+int CRYPTO_ex_data_new_class(void)
+        {
+        IMPL_CHECK
+        return EX_IMPL(new_class)();
+        }
+
+/* Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all). */
+void CRYPTO_cleanup_all_ex_data(void)
+        {
+        IMPL_CHECK
+        EX_IMPL(cleanup)();
+        }
+
+/* Inside an existing class, get/register a new index. */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func)
+        {
+        int ret = -1;
+
+        IMPL_CHECK
+        ret = EX_IMPL(get_new_index)(class_index,
+                        argl, argp, new_func, dup_func, free_func);
+        return ret;
+        }
+
+/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+        {
+        IMPL_CHECK
+        return EX_IMPL(new_ex_data)(class_index, obj, ad);
+        }
+
+/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for
+ * each index in the class used by this variable */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+             CRYPTO_EX_DATA *from)
+        {
+        IMPL_CHECK
+        return EX_IMPL(dup_ex_data)(class_index, to, from);
+        }
+
+/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+        {
+        IMPL_CHECK
+        EX_IMPL(free_ex_data)(class_index, obj, ad);
+        }
+
+/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
+        {
+        int i;
+
+        if (ad->sk == NULL)
+                {
+                if ((ad->sk=sk_new_null()) == NULL)
+                        {
+                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                }
+        i=sk_num(ad->sk);
+
+        while (i <= idx)
+                {
+                if (!sk_push(ad->sk,NULL))
+                        {
+                        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                i++;
+                }
+        sk_set(ad->sk,idx,val);
+        return(1);
+        }
+
+/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable */
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
+        {
+        if (ad->sk == NULL)
+                return(0);
+        else if (idx >= sk_num(ad->sk))
+                return(0);
+        else
+                return(sk_value(ad->sk,idx));
+        }
+
+IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/src/lib/libcrypto/hmac/Makefile.ssl b/src/lib/libcrypto/hmac/Makefile.ssl
new file mode 100644
index 0000000000..f1c07322c4
--- /dev/null
+++ b/src/lib/libcrypto/hmac/Makefile.ssl
@@ -0,0 +1,101 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c
+LIBOBJ=hmac.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= hmac.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hmac.o: ../cryptlib.h hmac.c
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
new file mode 100644
index 0000000000..06ee80761f
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -0,0 +1,189 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include "cryptlib.h"
+
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                  const EVP_MD *md, ENGINE *impl)
+        {
+        int i,j,reset=0;
+        unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+        if (md != NULL)
+                {
+                reset=1;
+                ctx->md=md;
+                }
+        else
+                md=ctx->md;
+
+        if (key != NULL)
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
+                && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+                 || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+                 || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
+                OpenSSLDie(__FILE__,__LINE__,
+                        "HMAC: digest not allowed in FIPS mode");
+#endif
+                
+                reset=1;
+                j=EVP_MD_block_size(md);
+                OPENSSL_assert(j <= sizeof ctx->key);
+                if (j < len)
+                        {
+                        EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
+                        EVP_DigestUpdate(&ctx->md_ctx,key,len);
+                        EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+                                &ctx->key_length);
+                        }
+                else
+                        {
+                        OPENSSL_assert(len <= sizeof ctx->key);
+                        memcpy(ctx->key,key,len);
+                        ctx->key_length=len;
+                        }
+                if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
+                        memset(&ctx->key[ctx->key_length], 0,
+                                HMAC_MAX_MD_CBLOCK - ctx->key_length);
+                }
+
+        if (reset)      
+                {
+                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+                        pad[i]=0x36^ctx->key[i];
+                EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
+                EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
+
+                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+                        pad[i]=0x5c^ctx->key[i];
+                EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
+                EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
+                }
+        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+        }
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+               const EVP_MD *md)
+        {
+        if(key && md)
+            HMAC_CTX_init(ctx);
+        HMAC_Init_ex(ctx,key,len,md, NULL);
+        }
+
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
+        {
+        EVP_DigestUpdate(&ctx->md_ctx,data,len);
+        }
+
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+        {
+        int j;
+        unsigned int i;
+        unsigned char buf[EVP_MAX_MD_SIZE];
+
+        j=EVP_MD_block_size(ctx->md);
+
+        EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+        EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+        EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+        }
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+        {
+        EVP_MD_CTX_init(&ctx->i_ctx);
+        EVP_MD_CTX_init(&ctx->o_ctx);
+        EVP_MD_CTX_init(&ctx->md_ctx);
+        }
+
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+        {
+        EVP_MD_CTX_cleanup(&ctx->i_ctx);
+        EVP_MD_CTX_cleanup(&ctx->o_ctx);
+        EVP_MD_CTX_cleanup(&ctx->md_ctx);
+        memset(ctx,0,sizeof *ctx);
+        }
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, int n, unsigned char *md,
+                    unsigned int *md_len)
+        {
+        HMAC_CTX c;
+        static unsigned char m[EVP_MAX_MD_SIZE];
+
+        if (md == NULL) md=m;
+        HMAC_CTX_init(&c);
+        HMAC_Init(&c,key,key_len,evp_md);
+        HMAC_Update(&c,d,n);
+        HMAC_Final(&c,md,md_len);
+        HMAC_CTX_cleanup(&c);
+        return(md);
+        }
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+        {
+        EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+        EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+        EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+        }
+
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
new file mode 100644
index 0000000000..294ab3b36a
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hmac.h
@@ -0,0 +1,107 @@
+/* crypto/hmac/hmac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_HMAC_H
+#define HEADER_HMAC_H
+
+#ifdef OPENSSL_NO_HMAC
+#error HMAC is disabled.
+#endif
+
+#include <openssl/evp.h>
+
+#define HMAC_MAX_MD_CBLOCK      64
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct hmac_ctx_st
+        {
+        const EVP_MD *md;
+        EVP_MD_CTX md_ctx;
+        EVP_MD_CTX i_ctx;
+        EVP_MD_CTX o_ctx;
+        unsigned int key_length;
+        unsigned char key[HMAC_MAX_MD_CBLOCK];
+        } HMAC_CTX;
+
+#define HMAC_size(e)    (EVP_MD_size((e)->md))
+
+
+void HMAC_CTX_init(HMAC_CTX *ctx);
+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+
+#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+               const EVP_MD *md); /* deprecated */
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                  const EVP_MD *md, ENGINE *impl);
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, int n, unsigned char *md,
+                    unsigned int *md_len);
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/idea/Makefile.ssl b/src/lib/libcrypto/idea/Makefile.ssl
new file mode 100644
index 0000000000..fa016ea399
--- /dev/null
+++ b/src/lib/libcrypto/idea/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/idea/Makefile
+#
+
+DIR=    idea
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: i_cbc.c idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: i_cfb64.c idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h
new file mode 100644
index 0000000000..bf41844fd7
--- /dev/null
+++ b/src/lib/libcrypto/idea/idea.h
@@ -0,0 +1,103 @@
+/* crypto/idea/idea.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_IDEA_H
+#define HEADER_IDEA_H
+
+#ifdef OPENSSL_NO_IDEA
+#error IDEA is disabled.
+#endif
+
+#define IDEA_ENCRYPT    1
+#define IDEA_DECRYPT    0
+
+#include <openssl/opensslconf.h> /* IDEA_INT */
+#define IDEA_BLOCK      8
+#define IDEA_KEY_LENGTH 16
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct idea_key_st
+        {
+        IDEA_INT data[9][6];
+        } IDEA_KEY_SCHEDULE;
+
+const char *idea_options(void);
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
+        IDEA_KEY_SCHEDULE *ks);
+#ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key,
+                                                IDEA_KEY_SCHEDULE *ks);
+#endif
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
+        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+        int *num,int enc);
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
+void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/krb5/Makefile.ssl b/src/lib/libcrypto/krb5/Makefile.ssl
new file mode 100644
index 0000000000..d9224c0f09
--- /dev/null
+++ b/src/lib/libcrypto/krb5/Makefile.ssl
@@ -0,0 +1,90 @@
+#
+# OpenSSL/krb5/Makefile.ssl
+#
+
+DIR=    krb5
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= krb5_asn.c
+
+LIBOBJ= krb5_asn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= krb5_asn.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+krb5_asn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+krb5_asn.o: ../../include/openssl/krb5_asn.h
+krb5_asn.o: ../../include/openssl/opensslconf.h
+krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c
diff --git a/src/lib/libcrypto/krb5/krb5_asn.c b/src/lib/libcrypto/krb5/krb5_asn.c
new file mode 100644
index 0000000000..1fb741d2a0
--- /dev/null
+++ b/src/lib/libcrypto/krb5/krb5_asn.c
@@ -0,0 +1,167 @@
+/* krb5_asn.c */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/krb5_asn.h>
+
+
+ASN1_SEQUENCE(KRB5_ENCDATA) = {
+        ASN1_EXP(KRB5_ENCDATA, etype,           ASN1_INTEGER,     0),
+        ASN1_EXP_OPT(KRB5_ENCDATA, kvno,        ASN1_INTEGER,     1),
+        ASN1_EXP(KRB5_ENCDATA, cipher,          ASN1_OCTET_STRING,2)
+} ASN1_SEQUENCE_END(KRB5_ENCDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
+
+
+ASN1_SEQUENCE(KRB5_PRINCNAME) = {
+        ASN1_EXP(KRB5_PRINCNAME, nametype,      ASN1_INTEGER,     0),
+        ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
+} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+
+
+/* [APPLICATION 1] = 0x61 */
+ASN1_SEQUENCE(KRB5_TKTBODY) = {
+        ASN1_EXP(KRB5_TKTBODY, tktvno,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_TKTBODY, realm,           ASN1_GENERALSTRING, 1),
+        ASN1_EXP(KRB5_TKTBODY, sname,           KRB5_PRINCNAME,   2),
+        ASN1_EXP(KRB5_TKTBODY, encdata,         KRB5_ENCDATA,     3)
+} ASN1_SEQUENCE_END(KRB5_TKTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
+
+
+ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
+                        KRB5_TICKET, KRB5_TKTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
+
+
+/* [APPLICATION 14] = 0x6e */
+ASN1_SEQUENCE(KRB5_APREQBODY) = {
+        ASN1_EXP(KRB5_APREQBODY, pvno,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_APREQBODY, msgtype,       ASN1_INTEGER,     1),
+        ASN1_EXP(KRB5_APREQBODY, apoptions,     ASN1_BIT_STRING,  2),
+        ASN1_EXP(KRB5_APREQBODY, ticket,        KRB5_TICKET,      3),
+        ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA,     4),
+} ASN1_SEQUENCE_END(KRB5_APREQBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
+                        KRB5_APREQ, KRB5_APREQBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
+
+
+/*  Authenticator stuff         */
+
+ASN1_SEQUENCE(KRB5_CHECKSUM) = {
+        ASN1_EXP(KRB5_CHECKSUM, ctype,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_CHECKSUM, checksum,       ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+
+
+ASN1_SEQUENCE(KRB5_ENCKEY) = {
+        ASN1_EXP(KRB5_ENCKEY,   ktype,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_ENCKEY,   keyvalue,       ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_ENCKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
+
+
+/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
+ASN1_SEQUENCE(KRB5_AUTHDATA) = {
+        ASN1_EXP(KRB5_AUTHDATA, adtype,         ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_AUTHDATA, addata,         ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+
+
+/* [APPLICATION 2] = 0x62 */
+ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
+        ASN1_EXP(KRB5_AUTHENTBODY,      avno,   ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_AUTHENTBODY,      crealm, ASN1_GENERALSTRING, 1),
+        ASN1_EXP(KRB5_AUTHENTBODY,      cname,  KRB5_PRINCNAME,   2),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  cksum,  KRB5_CHECKSUM,    3),
+        ASN1_EXP(KRB5_AUTHENTBODY,      cusec,  ASN1_INTEGER,     4),
+        ASN1_EXP(KRB5_AUTHENTBODY,      ctime,  ASN1_GENERALIZEDTIME, 5),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  subkey, KRB5_ENCKEY,      6),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  seqnum, ASN1_INTEGER,     7),
+        ASN1_EXP_SEQUENCE_OF_OPT
+                    (KRB5_AUTHENTBODY,  authorization,  KRB5_AUTHDATA, 8),
+} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
+                        KRB5_AUTHENT, KRB5_AUTHENTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
diff --git a/src/lib/libcrypto/krb5/krb5_asn.h b/src/lib/libcrypto/krb5/krb5_asn.h
new file mode 100644
index 0000000000..3329477b07
--- /dev/null
+++ b/src/lib/libcrypto/krb5/krb5_asn.h
@@ -0,0 +1,256 @@
+/* krb5_asn.h */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_KRB5_ASN_H
+#define HEADER_KRB5_ASN_H
+
+/*
+#include <krb5.h>
+*/
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/*      ASN.1 from Kerberos RFC 1510
+*/
+
+/*      EncryptedData ::=   SEQUENCE {
+**              etype[0]                      INTEGER, -- EncryptionType
+**              kvno[1]                       INTEGER OPTIONAL,
+**              cipher[2]                     OCTET STRING -- ciphertext
+**      }
+*/
+typedef struct  krb5_encdata_st
+        {
+        ASN1_INTEGER                    *etype;
+        ASN1_INTEGER                    *kvno;
+        ASN1_OCTET_STRING               *cipher;
+        }       KRB5_ENCDATA;
+
+DECLARE_STACK_OF(KRB5_ENCDATA)
+
+/*      PrincipalName ::=   SEQUENCE {
+**              name-type[0]                  INTEGER,
+**              name-string[1]                SEQUENCE OF GeneralString
+**      }
+*/
+typedef struct  krb5_princname_st
+        {
+        ASN1_INTEGER                    *nametype;
+        STACK_OF(ASN1_GENERALSTRING)    *namestring;
+        }       KRB5_PRINCNAME;
+
+DECLARE_STACK_OF(KRB5_PRINCNAME)
+
+
+/*      Ticket ::=      [APPLICATION 1] SEQUENCE {
+**              tkt-vno[0]                    INTEGER,
+**              realm[1]                      Realm,
+**              sname[2]                      PrincipalName,
+**              enc-part[3]                   EncryptedData
+**      }
+*/
+typedef struct  krb5_tktbody_st
+        {
+        ASN1_INTEGER                    *tktvno;
+        ASN1_GENERALSTRING              *realm;
+        KRB5_PRINCNAME                  *sname;
+        KRB5_ENCDATA                    *encdata;
+        }       KRB5_TKTBODY;
+
+typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
+DECLARE_STACK_OF(KRB5_TKTBODY)
+
+
+/*      AP-REQ ::=      [APPLICATION 14] SEQUENCE {
+**              pvno[0]                       INTEGER,
+**              msg-type[1]                   INTEGER,
+**              ap-options[2]                 APOptions,
+**              ticket[3]                     Ticket,
+**              authenticator[4]              EncryptedData
+**      }
+**
+**      APOptions ::=   BIT STRING {
+**              reserved(0), use-session-key(1), mutual-required(2) }
+*/
+typedef struct  krb5_ap_req_st
+        {
+        ASN1_INTEGER                    *pvno;
+        ASN1_INTEGER                    *msgtype;
+        ASN1_BIT_STRING                 *apoptions;
+        KRB5_TICKET                     *ticket;
+        KRB5_ENCDATA                    *authenticator;
+        }       KRB5_APREQBODY;
+
+typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
+DECLARE_STACK_OF(KRB5_APREQBODY)
+
+
+/*      Authenticator Stuff     */
+
+
+/*      Checksum ::=   SEQUENCE {
+**              cksumtype[0]                  INTEGER,
+**              checksum[1]                   OCTET STRING
+**      }
+*/
+typedef struct  krb5_checksum_st
+        {
+        ASN1_INTEGER                    *ctype;
+        ASN1_OCTET_STRING               *checksum;
+        }       KRB5_CHECKSUM;
+
+DECLARE_STACK_OF(KRB5_CHECKSUM)
+
+
+/*      EncryptionKey ::=   SEQUENCE {
+**              keytype[0]                    INTEGER,
+**              keyvalue[1]                   OCTET STRING
+**      }
+*/
+typedef struct  krb5_encryptionkey_st
+        {
+        ASN1_INTEGER                    *ktype;
+        ASN1_OCTET_STRING               *keyvalue;
+        }       KRB5_ENCKEY;
+
+DECLARE_STACK_OF(KRB5_ENCKEY)
+
+
+/*      AuthorizationData ::=   SEQUENCE OF SEQUENCE {
+**              ad-type[0]                    INTEGER,
+**              ad-data[1]                    OCTET STRING
+**      }
+*/
+typedef struct  krb5_authorization_st
+        {
+        ASN1_INTEGER                    *adtype;
+        ASN1_OCTET_STRING               *addata;
+        }       KRB5_AUTHDATA;
+
+DECLARE_STACK_OF(KRB5_AUTHDATA)
+
+                        
+/*      -- Unencrypted authenticator
+**      Authenticator ::=    [APPLICATION 2] SEQUENCE    {
+**              authenticator-vno[0]          INTEGER,
+**              crealm[1]                     Realm,
+**              cname[2]                      PrincipalName,
+**              cksum[3]                      Checksum OPTIONAL,
+**              cusec[4]                      INTEGER,
+**              ctime[5]                      KerberosTime,
+**              subkey[6]                     EncryptionKey OPTIONAL,
+**              seq-number[7]                 INTEGER OPTIONAL,
+**              authorization-data[8]         AuthorizationData OPTIONAL
+**      }
+*/
+typedef struct  krb5_authenticator_st
+        {
+        ASN1_INTEGER                    *avno;
+        ASN1_GENERALSTRING              *crealm;
+        KRB5_PRINCNAME                  *cname;
+        KRB5_CHECKSUM                   *cksum;
+        ASN1_INTEGER                    *cusec;
+        ASN1_GENERALIZEDTIME            *ctime;
+        KRB5_ENCKEY                     *subkey;
+        ASN1_INTEGER                    *seqnum;
+        KRB5_AUTHDATA                   *authorization;
+        }       KRB5_AUTHENTBODY;
+
+typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
+DECLARE_STACK_OF(KRB5_AUTHENTBODY)
+
+
+/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+**      type *name##_new(void);
+**      void name##_free(type *a);
+**      DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+**       DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+**        type *d2i_##name(type **a, unsigned char **in, long len);
+**        int i2d_##name(type *a, unsigned char **out);
+**        DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
+*/
+
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
+
+DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libcrypto/lhash/Makefile.ssl b/src/lib/libcrypto/lhash/Makefile.ssl
new file mode 100644
index 0000000000..60e7ee3393
--- /dev/null
+++ b/src/lib/libcrypto/lhash/Makefile.ssl
@@ -0,0 +1,93 @@
+#
+# SSLeay/crypto/lhash/Makefile
+#
+
+DIR=    lhash
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=lhash.c lh_stats.c
+LIBOBJ=lhash.o lh_stats.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= lhash.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+lh_stats.o: ../../e_os.h ../../include/openssl/bio.h
+lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+lh_stats.o: ../cryptlib.h lh_stats.c
+lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+lhash.o: ../../include/openssl/symhacks.h lhash.c
diff --git a/src/lib/libcrypto/lhash/lh_stats.c b/src/lib/libcrypto/lhash/lh_stats.c
new file mode 100644
index 0000000000..5aa7766aa6
--- /dev/null
+++ b/src/lib/libcrypto/lhash/lh_stats.c
@@ -0,0 +1,248 @@
+/* crypto/lhash/lh_stats.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+/* If you wish to build this outside of SSLeay, remove the following lines
+ * and things should work as expected */
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/lhash.h>
+
+#ifdef OPENSSL_NO_BIO
+
+void lh_stats(LHASH *lh, FILE *out)
+        {
+        fprintf(out,"num_items             = %lu\n",lh->num_items);
+        fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
+        fprintf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+        fprintf(out,"num_expands           = %lu\n",lh->num_expands);
+        fprintf(out,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
+        fprintf(out,"num_contracts         = %lu\n",lh->num_contracts);
+        fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
+        fprintf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+        fprintf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+        fprintf(out,"num_insert            = %lu\n",lh->num_insert);
+        fprintf(out,"num_replace           = %lu\n",lh->num_replace);
+        fprintf(out,"num_delete            = %lu\n",lh->num_delete);
+        fprintf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
+        fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
+        fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+        fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+#if 0
+        fprintf(out,"p                     = %u\n",lh->p);
+        fprintf(out,"pmax                  = %u\n",lh->pmax);
+        fprintf(out,"up_load               = %lu\n",lh->up_load);
+        fprintf(out,"down_load             = %lu\n",lh->down_load);
+#endif
+        }
+
+void lh_node_stats(LHASH *lh, FILE *out)
+        {
+        LHASH_NODE *n;
+        unsigned int i,num;
+
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                fprintf(out,"node %6u -> %3u\n",i,num);
+                }
+        }
+
+void lh_node_usage_stats(LHASH *lh, FILE *out)
+        {
+        LHASH_NODE *n;
+        unsigned long num;
+        unsigned int i;
+        unsigned long total=0,n_used=0;
+
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                if (num != 0)
+                        {
+                        n_used++;
+                        total+=num;
+                        }
+                }
+        fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+        fprintf(out,"%lu items\n",total);
+        if (n_used == 0) return;
+        fprintf(out,"load %d.%02d  actual load %d.%02d\n",
+                (int)(total/lh->num_nodes),
+                (int)((total%lh->num_nodes)*100/lh->num_nodes),
+                (int)(total/n_used),
+                (int)((total%n_used)*100/n_used));
+        }
+
+#else
+
+#ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *fp)
+        {
+        BIO *bp;
+
+        bp=BIO_new(BIO_s_file());
+        if (bp == NULL) goto end;
+        BIO_set_fp(bp,fp,BIO_NOCLOSE);
+        lh_stats_bio(lh,bp);
+        BIO_free(bp);
+end:;
+        }
+
+void lh_node_stats(const LHASH *lh, FILE *fp)
+        {
+        BIO *bp;
+
+        bp=BIO_new(BIO_s_file());
+        if (bp == NULL) goto end;
+        BIO_set_fp(bp,fp,BIO_NOCLOSE);
+        lh_node_stats_bio(lh,bp);
+        BIO_free(bp);
+end:;
+        }
+
+void lh_node_usage_stats(const LHASH *lh, FILE *fp)
+        {
+        BIO *bp;
+
+        bp=BIO_new(BIO_s_file());
+        if (bp == NULL) goto end;
+        BIO_set_fp(bp,fp,BIO_NOCLOSE);
+        lh_node_usage_stats_bio(lh,bp);
+        BIO_free(bp);
+end:;
+        }
+
+#endif
+
+void lh_stats_bio(const LHASH *lh, BIO *out)
+        {
+        BIO_printf(out,"num_items             = %lu\n",lh->num_items);
+        BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
+        BIO_printf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+        BIO_printf(out,"num_expands           = %lu\n",lh->num_expands);
+        BIO_printf(out,"num_expand_reallocs   = %lu\n",
+                   lh->num_expand_reallocs);
+        BIO_printf(out,"num_contracts         = %lu\n",lh->num_contracts);
+        BIO_printf(out,"num_contract_reallocs = %lu\n",
+                   lh->num_contract_reallocs);
+        BIO_printf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+        BIO_printf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+        BIO_printf(out,"num_insert            = %lu\n",lh->num_insert);
+        BIO_printf(out,"num_replace           = %lu\n",lh->num_replace);
+        BIO_printf(out,"num_delete            = %lu\n",lh->num_delete);
+        BIO_printf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
+        BIO_printf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
+        BIO_printf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+        BIO_printf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+#if 0
+        BIO_printf(out,"p                     = %u\n",lh->p);
+        BIO_printf(out,"pmax                  = %u\n",lh->pmax);
+        BIO_printf(out,"up_load               = %lu\n",lh->up_load);
+        BIO_printf(out,"down_load             = %lu\n",lh->down_load);
+#endif
+        }
+
+void lh_node_stats_bio(const LHASH *lh, BIO *out)
+        {
+        LHASH_NODE *n;
+        unsigned int i,num;
+
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                BIO_printf(out,"node %6u -> %3u\n",i,num);
+                }
+        }
+
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
+        {
+        LHASH_NODE *n;
+        unsigned long num;
+        unsigned int i;
+        unsigned long total=0,n_used=0;
+
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                for (n=lh->b[i],num=0; n != NULL; n=n->next)
+                        num++;
+                if (num != 0)
+                        {
+                        n_used++;
+                        total+=num;
+                        }
+                }
+        BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+        BIO_printf(out,"%lu items\n",total);
+        if (n_used == 0) return;
+        BIO_printf(out,"load %d.%02d  actual load %d.%02d\n",
+                   (int)(total/lh->num_nodes),
+                   (int)((total%lh->num_nodes)*100/lh->num_nodes),
+                   (int)(total/n_used),
+                   (int)((total%n_used)*100/n_used));
+        }
+
+#endif
diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c
new file mode 100644
index 0000000000..0a16fcf27d
--- /dev/null
+++ b/src/lib/libcrypto/lhash/lhash.c
@@ -0,0 +1,470 @@
+/* crypto/lhash/lhash.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Code for dynamic hash table routines
+ * Author - Eric Young v 2.0
+ *
+ * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
+ *           present. eay 18-Jun-98
+ *
+ * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
+ *
+ * 2.0 eay - Fixed a bug that occurred when using lh_delete
+ *           from inside lh_doall().  As entries were deleted,
+ *           the 'table' was 'contract()ed', making some entries
+ *           jump from the end of the table to the start, there by
+ *           skipping the lh_doall() processing. eay - 4/12/95
+ *
+ * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
+ *           were not being free()ed. 21/11/95
+ *
+ * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
+ *           19/09/95
+ *
+ * 1.7 eay - Removed the fputs() for realloc failures - the code
+ *           should silently tolerate them.  I have also fixed things
+ *           lint complained about 04/05/95
+ *
+ * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
+ *
+ * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
+ *
+ * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
+ *
+ * 1.3 eay - Fixed a few lint problems 19/3/1991
+ *
+ * 1.2 eay - Fixed lh_doall problem 13/3/1991
+ *
+ * 1.1 eay - Added lh_doall
+ *
+ * 1.0 eay - First version
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+
+const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
+
+#undef MIN_NODES 
+#define MIN_NODES       16
+#define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256  (default 2) */
+#define DOWN_LOAD       (LH_LOAD_MULT)   /* load times 256  (default 1) */
+
+static void expand(LHASH *lh);
+static void contract(LHASH *lh);
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
+
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
+        {
+        LHASH *ret;
+        int i;
+
+        if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
+                goto err0;
+        if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+                goto err1;
+        for (i=0; i<MIN_NODES; i++)
+                ret->b[i]=NULL;
+        ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);
+        ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);
+        ret->num_nodes=MIN_NODES/2;
+        ret->num_alloc_nodes=MIN_NODES;
+        ret->p=0;
+        ret->pmax=MIN_NODES/2;
+        ret->up_load=UP_LOAD;
+        ret->down_load=DOWN_LOAD;
+        ret->num_items=0;
+
+        ret->num_expands=0;
+        ret->num_expand_reallocs=0;
+        ret->num_contracts=0;
+        ret->num_contract_reallocs=0;
+        ret->num_hash_calls=0;
+        ret->num_comp_calls=0;
+        ret->num_insert=0;
+        ret->num_replace=0;
+        ret->num_delete=0;
+        ret->num_no_delete=0;
+        ret->num_retrieve=0;
+        ret->num_retrieve_miss=0;
+        ret->num_hash_comps=0;
+
+        ret->error=0;
+        return(ret);
+err1:
+        OPENSSL_free(ret);
+err0:
+        return(NULL);
+        }
+
+void lh_free(LHASH *lh)
+        {
+        unsigned int i;
+        LHASH_NODE *n,*nn;
+
+        if (lh == NULL)
+            return;
+
+        for (i=0; i<lh->num_nodes; i++)
+                {
+                n=lh->b[i];
+                while (n != NULL)
+                        {
+                        nn=n->next;
+                        OPENSSL_free(n);
+                        n=nn;
+                        }
+                }
+        OPENSSL_free(lh->b);
+        OPENSSL_free(lh);
+        }
+
+void *lh_insert(LHASH *lh, const void *data)
+        {
+        unsigned long hash;
+        LHASH_NODE *nn,**rn;
+        const void *ret;
+
+        lh->error=0;
+        if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
+                expand(lh);
+
+        rn=getrn(lh,data,&hash);
+
+        if (*rn == NULL)
+                {
+                if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)
+                        {
+                        lh->error++;
+                        return(NULL);
+                        }
+                nn->data=data;
+                nn->next=NULL;
+#ifndef OPENSSL_NO_HASH_COMP
+                nn->hash=hash;
+#endif
+                *rn=nn;
+                ret=NULL;
+                lh->num_insert++;
+                lh->num_items++;
+                }
+        else /* replace same key */
+                {
+                ret= (*rn)->data;
+                (*rn)->data=data;
+                lh->num_replace++;
+                }
+        return((void *)ret);
+        }
+
+void *lh_delete(LHASH *lh, const void *data)
+        {
+        unsigned long hash;
+        LHASH_NODE *nn,**rn;
+        const void *ret;
+
+        lh->error=0;
+        rn=getrn(lh,data,&hash);
+
+        if (*rn == NULL)
+                {
+                lh->num_no_delete++;
+                return(NULL);
+                }
+        else
+                {
+                nn= *rn;
+                *rn=nn->next;
+                ret=nn->data;
+                OPENSSL_free(nn);
+                lh->num_delete++;
+                }
+
+        lh->num_items--;
+        if ((lh->num_nodes > MIN_NODES) &&
+                (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
+                contract(lh);
+
+        return((void *)ret);
+        }
+
+void *lh_retrieve(LHASH *lh, const void *data)
+        {
+        unsigned long hash;
+        LHASH_NODE **rn;
+        const void *ret;
+
+        lh->error=0;
+        rn=getrn(lh,data,&hash);
+
+        if (*rn == NULL)
+                {
+                lh->num_retrieve_miss++;
+                return(NULL);
+                }
+        else
+                {
+                ret= (*rn)->data;
+                lh->num_retrieve++;
+                }
+        return((void *)ret);
+        }
+
+static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+                          LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
+        {
+        int i;
+        LHASH_NODE *a,*n;
+
+        /* reverse the order so we search from 'top to bottom'
+         * We were having memory leaks otherwise */
+        for (i=lh->num_nodes-1; i>=0; i--)
+                {
+                a=lh->b[i];
+                while (a != NULL)
+                        {
+                        /* 28/05/91 - eay - n added so items can be deleted
+                         * via lh_doall */
+                        n=a->next;
+                        if(use_arg)
+                                func_arg(a->data,arg);
+                        else
+                                func(a->data);
+                        a=n;
+                        }
+                }
+        }
+
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
+        {
+        doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
+        }
+
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+        {
+        doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
+        }
+
+static void expand(LHASH *lh)
+        {
+        LHASH_NODE **n,**n1,**n2,*np;
+        unsigned int p,i,j;
+        unsigned long hash,nni;
+
+        lh->num_nodes++;
+        lh->num_expands++;
+        p=(int)lh->p++;
+        n1= &(lh->b[p]);
+        n2= &(lh->b[p+(int)lh->pmax]);
+        *n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */
+        nni=lh->num_alloc_nodes;
+        
+        for (np= *n1; np != NULL; )
+                {
+#ifndef OPENSSL_NO_HASH_COMP
+                hash=np->hash;
+#else
+                hash=lh->hash(np->data);
+                lh->num_hash_calls++;
+#endif
+                if ((hash%nni) != p)
+                        { /* move it */
+                        *n1= (*n1)->next;
+                        np->next= *n2;
+                        *n2=np;
+                        }
+                else
+                        n1= &((*n1)->next);
+                np= *n1;
+                }
+
+        if ((lh->p) >= lh->pmax)
+                {
+                j=(int)lh->num_alloc_nodes*2;
+                n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
+                        (unsigned int)sizeof(LHASH_NODE *)*j);
+                if (n == NULL)
+                        {
+/*                      fputs("realloc error in lhash",stderr); */
+                        lh->error++;
+                        lh->p=0;
+                        return;
+                        }
+                /* else */
+                for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
+                        n[i]=NULL;                        /* 02/03/92 eay */
+                lh->pmax=lh->num_alloc_nodes;
+                lh->num_alloc_nodes=j;
+                lh->num_expand_reallocs++;
+                lh->p=0;
+                lh->b=n;
+                }
+        }
+
+static void contract(LHASH *lh)
+        {
+        LHASH_NODE **n,*n1,*np;
+
+        np=lh->b[lh->p+lh->pmax-1];
+        lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
+        if (lh->p == 0)
+                {
+                n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
+                        (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
+                if (n == NULL)
+                        {
+/*                      fputs("realloc error in lhash",stderr); */
+                        lh->error++;
+                        return;
+                        }
+                lh->num_contract_reallocs++;
+                lh->num_alloc_nodes/=2;
+                lh->pmax/=2;
+                lh->p=lh->pmax-1;
+                lh->b=n;
+                }
+        else
+                lh->p--;
+
+        lh->num_nodes--;
+        lh->num_contracts++;
+
+        n1=lh->b[(int)lh->p];
+        if (n1 == NULL)
+                lh->b[(int)lh->p]=np;
+        else
+                {
+                while (n1->next != NULL)
+                        n1=n1->next;
+                n1->next=np;
+                }
+        }
+
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
+        {
+        LHASH_NODE **ret,*n1;
+        unsigned long hash,nn;
+        int (*cf)();
+
+        hash=(*(lh->hash))(data);
+        lh->num_hash_calls++;
+        *rhash=hash;
+
+        nn=hash%lh->pmax;
+        if (nn < lh->p)
+                nn=hash%lh->num_alloc_nodes;
+
+        cf=lh->comp;
+        ret= &(lh->b[(int)nn]);
+        for (n1= *ret; n1 != NULL; n1=n1->next)
+                {
+#ifndef OPENSSL_NO_HASH_COMP
+                lh->num_hash_comps++;
+                if (n1->hash != hash)
+                        {
+                        ret= &(n1->next);
+                        continue;
+                        }
+#endif
+                lh->num_comp_calls++;
+                if(cf(n1->data,data) == 0)
+                        break;
+                ret= &(n1->next);
+                }
+        return(ret);
+        }
+
+/* The following hash seems to work very well on normal text strings
+ * no collisions on /usr/dict/words and it distributes on %2^n quite
+ * well, not as good as MD5, but still good.
+ */
+unsigned long lh_strhash(const char *c)
+        {
+        unsigned long ret=0;
+        long n;
+        unsigned long v;
+        int r;
+
+        if ((c == NULL) || (*c == '\0'))
+                return(ret);
+/*
+        unsigned char b[16];
+        MD5(c,strlen(c),b);
+        return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); 
+*/
+
+        n=0x100;
+        while (*c)
+                {
+                v=n|(*c);
+                n+=0x100;
+                r= (int)((v>>2)^v)&0x0f;
+                ret=(ret<<r)|(ret>>(32-r));
+                ret&=0xFFFFFFFFL;
+                ret^=v*v;
+                c++;
+                }
+        return((ret>>16)^ret);
+        }
+
+unsigned long lh_num_items(const LHASH *lh)
+        {
+        return lh ? lh->num_items : 0;
+        }
diff --git a/src/lib/libcrypto/lhash/lhash.h b/src/lib/libcrypto/lhash/lhash.h
new file mode 100644
index 0000000000..dee8207333
--- /dev/null
+++ b/src/lib/libcrypto/lhash/lhash.h
@@ -0,0 +1,199 @@
+/* crypto/lhash/lhash.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Header for dynamic hash table routines
+ * Author - Eric Young
+ */
+
+#ifndef HEADER_LHASH_H
+#define HEADER_LHASH_H
+
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h>
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct lhash_node_st
+        {
+        const void *data;
+        struct lhash_node_st *next;
+#ifndef OPENSSL_NO_HASH_COMP
+        unsigned long hash;
+#endif
+        } LHASH_NODE;
+
+typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
+typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
+typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
+typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *);
+
+/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
+ * This way, callbacks can be provided to LHASH structures without function
+ * pointer casting and the macro-defined callbacks provide per-variable casting
+ * before deferring to the underlying type-specific callbacks. NB: It is
+ * possible to place a "static" in front of both the DECLARE and IMPLEMENT
+ * macros if the functions are strictly internal. */
+
+/* First: "hash" functions */
+#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+        unsigned long f_name##_LHASH_HASH(const void *);
+#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+        unsigned long f_name##_LHASH_HASH(const void *arg) { \
+                o_type a = (o_type)arg; \
+                return f_name(a); }
+#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+
+/* Second: "compare" functions */
+#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+        int f_name##_LHASH_COMP(const void *, const void *);
+#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+        int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+                o_type a = (o_type)arg1; \
+                o_type b = (o_type)arg2; \
+                return f_name(a,b); }
+#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+
+/* Third: "doall" functions */
+#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+        void f_name##_LHASH_DOALL(const void *);
+#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+        void f_name##_LHASH_DOALL(const void *arg) { \
+                o_type a = (o_type)arg; \
+                f_name(a); }
+#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+
+/* Fourth: "doall_arg" functions */
+#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+        void f_name##_LHASH_DOALL_ARG(const void *, void *);
+#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+        void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \
+                o_type a = (o_type)arg1; \
+                a_type b = (a_type)arg2; \
+                f_name(a,b); }
+#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+
+typedef struct lhash_st
+        {
+        LHASH_NODE **b;
+        LHASH_COMP_FN_TYPE comp;
+        LHASH_HASH_FN_TYPE hash;
+        unsigned int num_nodes;
+        unsigned int num_alloc_nodes;
+        unsigned int p;
+        unsigned int pmax;
+        unsigned long up_load; /* load times 256 */
+        unsigned long down_load; /* load times 256 */
+        unsigned long num_items;
+
+        unsigned long num_expands;
+        unsigned long num_expand_reallocs;
+        unsigned long num_contracts;
+        unsigned long num_contract_reallocs;
+        unsigned long num_hash_calls;
+        unsigned long num_comp_calls;
+        unsigned long num_insert;
+        unsigned long num_replace;
+        unsigned long num_delete;
+        unsigned long num_no_delete;
+        unsigned long num_retrieve;
+        unsigned long num_retrieve_miss;
+        unsigned long num_hash_comps;
+
+        int error;
+        } LHASH;
+
+#define LH_LOAD_MULT    256
+
+/* Indicates a malloc() error in the last call, this is only bad
+ * in lh_insert(). */
+#define lh_error(lh)    ((lh)->error)
+
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
+void lh_free(LHASH *lh);
+void *lh_insert(LHASH *lh, const void *data);
+void *lh_delete(LHASH *lh, const void *data);
+void *lh_retrieve(LHASH *lh, const void *data);
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
+unsigned long lh_strhash(const char *c);
+unsigned long lh_num_items(const LHASH *lh);
+
+#ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *out);
+void lh_node_stats(const LHASH *lh, FILE *out);
+void lh_node_usage_stats(const LHASH *lh, FILE *out);
+#endif
+
+#ifndef OPENSSL_NO_BIO
+void lh_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
+#endif
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/src/lib/libcrypto/md2/Makefile.ssl b/src/lib/libcrypto/md2/Makefile.ssl
new file mode 100644
index 0000000000..3206924c90
--- /dev/null
+++ b/src/lib/libcrypto/md2/Makefile.ssl
@@ -0,0 +1,93 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+
+DIR=    md2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md2_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md2_dgst.o: md2_dgst.c
+md2_one.o: ../../e_os.h ../../include/openssl/bio.h
+md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h md2_one.c
diff --git a/src/lib/libcrypto/md2/md2_one.c b/src/lib/libcrypto/md2/md2_one.c
index 8c36ba5779..835160ef56 100644
--- a/src/lib/libcrypto/md2/md2_one.c
+++ b/src/lib/libcrypto/md2/md2_one.c
@@ -69,8 +69,7 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
         static unsigned char m[MD2_DIGEST_LENGTH];
 
         if (md == NULL) md=m;
-        if (!MD2_Init(&c))
-                return NULL;
+        MD2_Init(&c);
 #ifndef CHARSET_EBCDIC
         MD2_Update(&c,d,n);
 #else
diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h
new file mode 100644
index 0000000000..733da6acaf
--- /dev/null
+++ b/src/lib/libcrypto/md32_common.h
@@ -0,0 +1,649 @@
+/* crypto/md32_common.h */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at lest 32 bit wide, if it's wider, then
+ *      HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      int             num;
+ *                      ...
+ *                      } HASH_CTX;
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_HOST_ORDER
+ *      name of "block" function treating *aligned* input message
+ *      in host byte order, implemented externally.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function treating *unaligned* input message
+ *      in original (data) byte order, implemented externally (it
+ *      actually is optional if data and host are of the same
+ *      "endianess").
+ * HASH_MAKE_STRING
+ *      macro convering context variables to an ASCII hash string.
+ *
+ * Optional macros:
+ *
+ * B_ENDIAN or L_ENDIAN
+ *      defines host byte-order.
+ * HASH_LONG_LOG2
+ *      defaults to 2 if not states otherwise.
+ * HASH_LBLOCK
+ *      assumed to be HASH_CBLOCK/4 if not stated otherwise.
+ * HASH_BLOCK_DATA_ORDER_ALIGNED
+ *      alternative "block" function capable of treating
+ *      aligned input message in original (data) order,
+ *      implemented externally.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_LBLOCK             MD5_LBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_HOST_ORDER   md5_block_host_order
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ *
+ *                                      <appro@fy.chalmers.se>
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+#error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+#error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+#error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+#error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+#error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+#error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_HOST_ORDER
+#error "HASH_BLOCK_HOST_ORDER must be defined!"
+#endif
+
+#if 0
+/*
+ * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
+ * isn't defined.
+ */
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#ifndef HASH_LBLOCK
+#define HASH_LBLOCK     (HASH_CBLOCK/4)
+#endif
+
+#ifndef HASH_LONG_LOG2
+#define HASH_LONG_LOG2  2
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if 0 /* defined(_MSC_VER) */
+#  define ROTATE(a,n)   _lrotl(a,n)
+# elif defined(__MWERKS__)
+#  if defined(__POWERPC__)
+#   define ROTATE(a,n)  __rlwinm(a,n,0,31)
+#  elif defined(__MC68K__)
+    /* Motorola specific tweak. <appro@fy.chalmers.se> */
+#   define ROTATE(a,n)  ( n<24 ? __rol(a,n) : __ror(a,32-n) )
+#  else
+#   define ROTATE(a,n)  __rol(a,n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /*
+   * Some GNU C inline assembler templates. Note that these are
+   * rotates by *constant* number of bits! But that's exactly
+   * what we need here...
+   *
+   *                                    <appro@fy.chalmers.se>
+   */
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "roll %1,%0"            \
+                                : "=r"(ret)             \
+                                : "I"(n), "0"(a)        \
+                                : "cc");                \
+                           ret;                         \
+                        })
+#  elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "rlwinm %0,%1,%2,0,31"  \
+                                : "=r"(ret)             \
+                                : "r"(a), "I"(n));      \
+                           ret;                         \
+                        })
+#  endif
+# endif
+
+/*
+ * Engage compiler specific "fetch in reverse byte order"
+ * intrinsic function if available.
+ */
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
+#  if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY)
+#   define BE_FETCH32(a)        ({ register unsigned int l=(a);\
+                                asm (                   \
+                                "bswapl %0"             \
+                                : "=r"(l) : "0"(l));    \
+                          l;                            \
+                        })
+#  elif defined(__powerpc)
+#   define LE_FETCH32(a)        ({ register unsigned int l;     \
+                                asm (                   \
+                                "lwbrx %0,0,%1"         \
+                                : "=r"(l)               \
+                                : "r"(a));              \
+                           l;                           \
+                        })
+
+#  elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
+#  define LE_FETCH32(a) ({ register unsigned int l;             \
+                                asm (                           \
+                                "lda [%1]#ASI_PRIMARY_LITTLE,%0"\
+                                : "=r"(l)                       \
+                                : "r"(a));                      \
+                           l;                                   \
+                        })
+#  endif
+# endif
+#endif /* PEDANTIC */
+
+#if HASH_LONG_LOG2==2   /* Engage only if sizeof(HASH_LONG)== 4 */
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#ifdef ROTATE
+/* 5 instructions with rotate instruction, else 9 */
+#define REVERSE_FETCH32(a,l)    (                                       \
+                l=*(const HASH_LONG *)(a),                              \
+                ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))  \
+                                )
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define REVERSE_FETCH32(a,l)    (                               \
+                l=*(const HASH_LONG *)(a),                      \
+                l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),    \
+                ROTATE(l,16)                                    \
+                                )
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ *      - RISCs aren't good at long constants and have to explicitely
+ *        compose 'em with several (well, usually 2) instructions in a
+ *        register before performing the actual operation and (as you
+ *        already realized:-) having same constant should inspire the
+ *        compiler to permanently allocate the only register for it;
+ *      - most modern CPUs have two ALUs, but usually only one has
+ *        circuitry for shifts:-( this minor tweak inspires compiler
+ *        to schedule shift instructions in a better way...
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
+#endif
+
+#ifndef ROTATE
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+/*
+ * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
+ * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
+ * and host are of the same "endianess". It's possible to mask
+ * this with blank #define HASH_BLOCK_DATA_ORDER though...
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#if defined(B_ENDIAN)
+#  if defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED     HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef LE_FETCH32
+#        define HOST_FETCH32(p,l)       LE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)       REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#elif defined(L_ENDIAN)
+#  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED     HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef BE_FETCH32
+#        define HOST_FETCH32(p,l)       BE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)       REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#endif
+
+#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+#define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    ),          \
+                         l)
+#define HOST_p_c2l(c,l,n)       {                                       \
+                        switch (n) {                                    \
+                        case 0: l =((unsigned long)(*((c)++)))<<24;     \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16;     \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8;     \
+                        case 3: l|=((unsigned long)(*((c)++)));         \
+                                } }
+#define HOST_p_c2l_p(c,l,sc,len) {                                      \
+                        switch (sc) {                                   \
+                        case 0: l =((unsigned long)(*((c)++)))<<24;     \
+                                if (--len == 0) break;                  \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16;     \
+                                if (--len == 0) break;                  \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8;     \
+                                } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)       {                                       \
+                        l=0; (c)+=n;                                    \
+                        switch (n) {                                    \
+                        case 3: l =((unsigned long)(*(--(c))))<< 8;     \
+                        case 2: l|=((unsigned long)(*(--(c))))<<16;     \
+                        case 1: l|=((unsigned long)(*(--(c))))<<24;     \
+                                } }
+#define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+#define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24),          \
+                         l)
+#define HOST_p_c2l(c,l,n)       {                                       \
+                        switch (n) {                                    \
+                        case 0: l =((unsigned long)(*((c)++)));         \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8;     \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16;     \
+                        case 3: l|=((unsigned long)(*((c)++)))<<24;     \
+                                } }
+#define HOST_p_c2l_p(c,l,sc,len) {                                      \
+                        switch (sc) {                                   \
+                        case 0: l =((unsigned long)(*((c)++)));         \
+                                if (--len == 0) break;                  \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8;     \
+                                if (--len == 0) break;                  \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16;     \
+                                } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)       {                                       \
+                        l=0; (c)+=n;                                    \
+                        switch (n) {                                    \
+                        case 3: l =((unsigned long)(*(--(c))))<<16;     \
+                        case 2: l|=((unsigned long)(*(--(c))))<< 8;     \
+                        case 1: l|=((unsigned long)(*(--(c))));         \
+                                } }
+#define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
+        {
+        const unsigned char *data=data_;
+        register HASH_LONG * p;
+        register unsigned long l;
+        int sw,sc,ew,ec;
+
+        if (len==0) return 1;
+
+        l=(c->Nl+(len<<3))&0xffffffffL;
+        /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
+         * Wei Dai <weidai@eskimo.com> for pointing it out. */
+        if (l < c->Nl) /* overflow */
+                c->Nh++;
+        c->Nh+=(len>>29);
+        c->Nl=l;
+
+        if (c->num != 0)
+                {
+                p=c->data;
+                sw=c->num>>2;
+                sc=c->num&0x03;
+
+                if ((c->num+len) >= HASH_CBLOCK)
+                        {
+                        l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+                        for (; sw<HASH_LBLOCK; sw++)
+                                {
+                                HOST_c2l(data,l); p[sw]=l;
+                                }
+                        HASH_BLOCK_HOST_ORDER (c,p,1);
+                        len-=(HASH_CBLOCK-c->num);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        c->num+=len;
+                        if ((sc+len) < 4) /* ugly, add char's to a word */
+                                {
+                                l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
+                                }
+                        else
+                                {
+                                ew=(c->num>>2);
+                                ec=(c->num&0x03);
+                                if (sc)
+                                        l=p[sw];
+                                HOST_p_c2l(data,l,sc);
+                                p[sw++]=l;
+                                for (; sw < ew; sw++)
+                                        {
+                                        HOST_c2l(data,l); p[sw]=l;
+                                        }
+                                if (ec)
+                                        {
+                                        HOST_c2l_p(data,l,ec); p[sw]=l;
+                                        }
+                                }
+                        return 1;
+                        }
+                }
+
+        sw=len/HASH_CBLOCK;
+        if (sw > 0)
+                {
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+                /*
+                 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
+                 * only if sizeof(HASH_LONG)==4.
+                 */
+                if ((((unsigned long)data)%4) == 0)
+                        {
+                        /* data is properly aligned so that we can cast it: */
+                        HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
+                        sw*=HASH_CBLOCK;
+                        data+=sw;
+                        len-=sw;
+                        }
+                else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+                        while (sw--)
+                                {
+                                memcpy (p=c->data,data,HASH_CBLOCK);
+                                HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
+                                data+=HASH_CBLOCK;
+                                len-=HASH_CBLOCK;
+                                }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+                        {
+                        HASH_BLOCK_DATA_ORDER(c,data,sw);
+                        sw*=HASH_CBLOCK;
+                        data+=sw;
+                        len-=sw;
+                        }
+#endif
+                }
+
+        if (len!=0)
+                {
+                p = c->data;
+                c->num = len;
+                ew=len>>2;      /* words to copy */
+                ec=len&0x03;
+                for (; ew; ew--,p++)
+                        {
+                        HOST_c2l(data,l); *p=l;
+                        }
+                HOST_c2l_p(data,l,ec);
+                *p=l;
+                }
+        return 1;
+        }
+
+
+void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
+        {
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+        if ((((unsigned long)data)%4) == 0)
+                /* data is properly aligned so that we can cast it: */
+                HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
+        else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+                {
+                memcpy (c->data,data,HASH_CBLOCK);
+                HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
+                }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+        HASH_BLOCK_DATA_ORDER (c,data,1);
+#endif
+        }
+
+
+int HASH_FINAL (unsigned char *md, HASH_CTX *c)
+        {
+        register HASH_LONG *p;
+        register unsigned long l;
+        register int i,j;
+        static const unsigned char end[4]={0x80,0x00,0x00,0x00};
+        const unsigned char *cp=end;
+
+#if 0
+        if(FIPS_mode() && !FIPS_md5_allowed())
+            {
+            FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
+            return 0;
+            }
+#endif
+
+        /* c->num should definitly have room for at least one more byte. */
+        p=c->data;
+        i=c->num>>2;
+        j=c->num&0x03;
+
+#if 0
+        /* purify often complains about the following line as an
+         * Uninitialized Memory Read.  While this can be true, the
+         * following p_c2l macro will reset l when that case is true.
+         * This is because j&0x03 contains the number of 'valid' bytes
+         * already in p[i].  If and only if j&0x03 == 0, the UMR will
+         * occur but this is also the only time p_c2l will do
+         * l= *(cp++) instead of l|= *(cp++)
+         * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+         * 'potential bug' */
+#ifdef PURIFY
+        if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
+#endif
+        l=p[i];
+#else
+        l = (j==0) ? 0 : p[i];
+#endif
+        HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
+
+        if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
+                {
+                if (i<HASH_LBLOCK) p[i]=0;
+                HASH_BLOCK_HOST_ORDER (c,p,1);
+                i=0;
+                }
+        for (; i<(HASH_LBLOCK-2); i++)
+                p[i]=0;
+
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+        p[HASH_LBLOCK-2]=c->Nh;
+        p[HASH_LBLOCK-1]=c->Nl;
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+        p[HASH_LBLOCK-2]=c->Nl;
+        p[HASH_LBLOCK-1]=c->Nh;
+#endif
+        HASH_BLOCK_HOST_ORDER (c,p,1);
+
+#ifndef HASH_MAKE_STRING
+#error "HASH_MAKE_STRING must be defined!"
+#else
+        HASH_MAKE_STRING(c,md);
+#endif
+
+        c->num=0;
+        /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+         * but I'm not worried :-)
+        OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+         */
+        return 1;
+        }
+
+#ifndef MD32_REG_T
+#define MD32_REG_T long
+/*
+ * This comment was originaly written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents* 
+ * performance degradation.
+ *                              <appro@fy.chalmers.se>
+ * Apparently there're LP64 compilers that generate better
+ * code if A-D are declared int. Most notably GCC-x86_64
+ * generates better code.
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
diff --git a/src/lib/libcrypto/md4/Makefile.ssl b/src/lib/libcrypto/md4/Makefile.ssl
new file mode 100644
index 0000000000..7d2e8d8d3b
--- /dev/null
+++ b/src/lib/libcrypto/md4/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/md4/Makefile
+#
+
+DIR=    md4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md4test.c
+APPS=md4.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md4_dgst.c md4_one.c
+LIBOBJ=md4_dgst.o md4_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md4.h
+HEADER= md4_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md4_one.o: md4_one.c
diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h
new file mode 100644
index 0000000000..7e761efb62
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4.h
@@ -0,0 +1,119 @@
+/* crypto/md4/md4.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MD4_H
+#define HEADER_MD4_H
+
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_MD4
+#error MD4 is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD4_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define MD4_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define MD4_LONG unsigned long
+#define MD4_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *                                      <appro@fy.chalmers.se>
+ */
+#else
+#define MD4_LONG unsigned int
+#endif
+
+#define MD4_CBLOCK      64
+#define MD4_LBLOCK      (MD4_CBLOCK/4)
+#define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4state_st
+        {
+        MD4_LONG A,B,C,D;
+        MD4_LONG Nl,Nh;
+        MD4_LONG data[MD4_LBLOCK];
+        int num;
+        } MD4_CTX;
+
+#ifdef OPENSSL_FIPS
+int private_MD4_Init(MD4_CTX *c);
+#endif
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c
new file mode 100644
index 0000000000..ee7cc72262
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4_dgst.c
@@ -0,0 +1,258 @@
+/* crypto/md4/md4_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "md4_locl.h"
+#include <openssl/opensslv.h>
+
+const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+FIPS_NON_FIPS_MD_Init(MD4)
+        {
+        c->A=INIT_DATA_A;
+        c->B=INIT_DATA_B;
+        c->C=INIT_DATA_C;
+        c->D=INIT_DATA_D;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        return 1;
+        }
+
+#ifndef md4_block_host_order
+void md4_block_host_order (MD4_CTX *c, const void *data, int num)
+        {
+        const MD4_LONG *X=data;
+        register unsigned MD32_REG_T A,B,C,D;
+
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+
+        for (;num--;X+=HASH_LBLOCK)
+                {
+        /* Round 0 */
+        R0(A,B,C,D,X[ 0], 3,0);
+        R0(D,A,B,C,X[ 1], 7,0);
+        R0(C,D,A,B,X[ 2],11,0);
+        R0(B,C,D,A,X[ 3],19,0);
+        R0(A,B,C,D,X[ 4], 3,0);
+        R0(D,A,B,C,X[ 5], 7,0);
+        R0(C,D,A,B,X[ 6],11,0);
+        R0(B,C,D,A,X[ 7],19,0);
+        R0(A,B,C,D,X[ 8], 3,0);
+        R0(D,A,B,C,X[ 9], 7,0);
+        R0(C,D,A,B,X[10],11,0);
+        R0(B,C,D,A,X[11],19,0);
+        R0(A,B,C,D,X[12], 3,0);
+        R0(D,A,B,C,X[13], 7,0);
+        R0(C,D,A,B,X[14],11,0);
+        R0(B,C,D,A,X[15],19,0);
+        /* Round 1 */
+        R1(A,B,C,D,X[ 0], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 4], 5,0x5A827999L);
+        R1(C,D,A,B,X[ 8], 9,0x5A827999L);
+        R1(B,C,D,A,X[12],13,0x5A827999L);
+        R1(A,B,C,D,X[ 1], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 5], 5,0x5A827999L);
+        R1(C,D,A,B,X[ 9], 9,0x5A827999L);
+        R1(B,C,D,A,X[13],13,0x5A827999L);
+        R1(A,B,C,D,X[ 2], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 6], 5,0x5A827999L);
+        R1(C,D,A,B,X[10], 9,0x5A827999L);
+        R1(B,C,D,A,X[14],13,0x5A827999L);
+        R1(A,B,C,D,X[ 3], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 7], 5,0x5A827999L);
+        R1(C,D,A,B,X[11], 9,0x5A827999L);
+        R1(B,C,D,A,X[15],13,0x5A827999L);
+        /* Round 2 */
+        R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 4],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[12],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[10], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 6],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[14],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 5],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[13],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[11], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 7],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[15],15,0x6ED9EBA1);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
+
+#ifndef md4_block_data_order
+#ifdef X
+#undef X
+#endif
+void md4_block_data_order (MD4_CTX *c, const void *data_, int num)
+        {
+        const unsigned char *data=data_;
+        register unsigned MD32_REG_T A,B,C,D,l;
+#ifndef MD32_XARRAY
+        /* See comment in crypto/sha/sha_locl.h for details. */
+        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+# define X(i)   XX##i
+#else
+        MD4_LONG XX[MD4_LBLOCK];
+# define X(i)   XX[i]
+#endif
+
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+
+        for (;num--;)
+                {
+        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        /* Round 0 */
+        R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
+        R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
+        R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
+        R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
+        R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
+        R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
+        R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
+        R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
+        R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
+        R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
+        R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
+        R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
+        R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
+        R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
+        R0(C,D,A,B,X(14),11,0);
+        R0(B,C,D,A,X(15),19,0);
+        /* Round 1 */
+        R1(A,B,C,D,X( 0), 3,0x5A827999L);
+        R1(D,A,B,C,X( 4), 5,0x5A827999L);
+        R1(C,D,A,B,X( 8), 9,0x5A827999L);
+        R1(B,C,D,A,X(12),13,0x5A827999L);
+        R1(A,B,C,D,X( 1), 3,0x5A827999L);
+        R1(D,A,B,C,X( 5), 5,0x5A827999L);
+        R1(C,D,A,B,X( 9), 9,0x5A827999L);
+        R1(B,C,D,A,X(13),13,0x5A827999L);
+        R1(A,B,C,D,X( 2), 3,0x5A827999L);
+        R1(D,A,B,C,X( 6), 5,0x5A827999L);
+        R1(C,D,A,B,X(10), 9,0x5A827999L);
+        R1(B,C,D,A,X(14),13,0x5A827999L);
+        R1(A,B,C,D,X( 3), 3,0x5A827999L);
+        R1(D,A,B,C,X( 7), 5,0x5A827999L);
+        R1(C,D,A,B,X(11), 9,0x5A827999L);
+        R1(B,C,D,A,X(15),13,0x5A827999L);
+        /* Round 2 */
+        R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
+        R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
+        R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
+        R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
+        R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
+        R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
+        R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
+
+#ifdef undef
+int printit(unsigned long *l)
+        {
+        int i,ii;
+
+        for (i=0; i<2; i++)
+                {
+                for (ii=0; ii<8; ii++)
+                        {
+                        fprintf(stderr,"%08lx ",l[i*8+ii]);
+                        }
+                fprintf(stderr,"\n");
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h
new file mode 100644
index 0000000000..a8d31d7a73
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4_locl.h
@@ -0,0 +1,154 @@
+/* crypto/md4/md4_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/md4.h>
+
+#ifndef MD4_LONG_LOG2
+#define MD4_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+void md4_block_host_order (MD4_CTX *c, const void *p,int num);
+void md4_block_data_order (MD4_CTX *c, const void *p,int num);
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianness" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#define md4_block_data_order md4_block_host_order
+#endif
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD4_LONG
+#define HASH_LONG_LOG2          MD4_LONG_LOG2
+#define HASH_CTX                MD4_CTX
+#define HASH_CBLOCK             MD4_CBLOCK
+#define HASH_LBLOCK             MD4_LBLOCK
+#define HASH_UPDATE             MD4_Update
+#define HASH_TRANSFORM          MD4_Transform
+#define HASH_FINAL              MD4_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; HOST_l2c(ll,(s));    \
+        ll=(c)->B; HOST_l2c(ll,(s));    \
+        ll=(c)->C; HOST_l2c(ll,(s));    \
+        ll=(c)->D; HOST_l2c(ll,(s));    \
+        } while (0)
+#define HASH_BLOCK_HOST_ORDER   md4_block_host_order
+#if !defined(L_ENDIAN) || defined(md4_block_data_order)
+#define HASH_BLOCK_DATA_ORDER   md4_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md4_block_data_order on copying-n-aligning input data.
+ * But frankly speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
+
+#include "md32_common.h"
+
+/*
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
+*/
+
+/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
+ * simplified to the code below.  Wei attributes these optimizations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); };
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); };\
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); };
diff --git a/src/lib/libcrypto/md4/md4_one.c b/src/lib/libcrypto/md4/md4_one.c
new file mode 100644
index 0000000000..00565507e4
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4_one.c
@@ -0,0 +1,96 @@
+/* crypto/md4/md4_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
+        {
+        MD4_CTX c;
+        static unsigned char m[MD4_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        MD4_Init(&c);
+#ifndef CHARSET_EBCDIC
+        MD4_Update(&c,d,n);
+#else
+        {
+                char temp[1024];
+                unsigned long chunk;
+
+                while (n > 0)
+                {
+                        chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+                        ebcdic2ascii(temp, d, chunk);
+                        MD4_Update(&c,temp,chunk);
+                        n -= chunk;
+                        d += chunk;
+                }
+        }
+#endif
+        MD4_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+        return(md);
+        }
+
diff --git a/src/lib/libcrypto/md5/Makefile.ssl b/src/lib/libcrypto/md5/Makefile.ssl
new file mode 100644
index 0000000000..2361775a2d
--- /dev/null
+++ b/src/lib/libcrypto/md5/Makefile.ssl
@@ -0,0 +1,127 @@
+#
+# SSLeay/crypto/md5/Makefile
+#
+
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+MD5_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=md5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s)
+
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+        $(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+        $(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
+
+asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+
+asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+                -o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+                /usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+
+asm/md5-sparcv9.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+                -o asm/md5-sparcv9.o asm/md5-sparcv9.S
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md5_one.o: md5_one.c
diff --git a/src/lib/libcrypto/md5/asm/md5-586.pl b/src/lib/libcrypto/md5/asm/md5-586.pl
new file mode 100644
index 0000000000..fa3fa3bed5
--- /dev/null
+++ b/src/lib/libcrypto/md5/asm/md5-586.pl
@@ -0,0 +1,306 @@
+#!/usr/local/bin/perl
+
+# Normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X);
+# version, non-normal is the
+# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$A="eax";
+$B="ebx";
+$C="ecx";
+$D="edx";
+$tmp1="edi";
+$tmp2="ebp";
+$X="esi";
+
+# What we need to load into $tmp for the next round
+%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));
+@xo=(
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,  # R0
+ 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,  # R1
+ 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,  # R2
+ 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,  # R3
+ );
+
+&md5_block("md5_block_asm_host_order");
+&asm_finish();
+
+sub Np
+        {
+        local($p)=@_;
+        local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);
+        return($n{$p});
+        }
+
+sub R0
+        {
+        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+        &mov($tmp1,$C)  if $pos < 0;
+        &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
+
+        # body proper
+
+        &comment("R0 $ki");
+        &xor($tmp1,$d); # F function - part 2
+
+        &and($tmp1,$b); # F function - part 3
+        &lea($a,&DWP($t,$a,$tmp2,1));
+
+        &xor($tmp1,$d); # F function - part 4
+
+        &add($a,$tmp1);
+        &mov($tmp1,&Np($c)) if $pos < 1;        # next tmp1 for R0
+        &mov($tmp1,&Np($c)) if $pos == 1;       # next tmp1 for R1
+
+        &rotl($a,$s);
+
+        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+        &add($a,$b);
+        }
+
+sub R1
+        {
+        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+        &comment("R1 $ki");
+
+        &lea($a,&DWP($t,$a,$tmp2,1));
+
+        &xor($tmp1,$b); # G function - part 2
+        &and($tmp1,$d); # G function - part 3
+
+        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+        &xor($tmp1,$c);                 # G function - part 4
+
+        &add($a,$tmp1);
+        &mov($tmp1,&Np($c)) if $pos < 1;        # G function - part 1
+        &mov($tmp1,&Np($c)) if $pos == 1;       # G function - part 1
+
+        &rotl($a,$s);
+
+        &add($a,$b);
+        }
+
+sub R2
+        {
+        local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+        # This one is different, only 3 logical operations
+
+if (($n & 1) == 0)
+        {
+        &comment("R2 $ki");
+        # make sure to do 'D' first, not 'B', else we clash with
+        # the last add from the previous round.
+
+        &xor($tmp1,$d); # H function - part 2
+
+        &xor($tmp1,$b); # H function - part 3
+        &lea($a,&DWP($t,$a,$tmp2,1));
+
+        &add($a,$tmp1);
+
+        &rotl($a,$s);
+
+        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
+        &mov($tmp1,&Np($c));
+        }
+else
+        {
+        &comment("R2 $ki");
+        # make sure to do 'D' first, not 'B', else we clash with
+        # the last add from the previous round.
+
+        &lea($a,&DWP($t,$a,$tmp2,1));
+
+        &add($b,$c);                    # MOVED FORWARD
+        &xor($tmp1,$d); # H function - part 2
+
+        &xor($tmp1,$b); # H function - part 3
+        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+        &add($a,$tmp1);
+        &mov($tmp1,&Np($c)) if $pos < 1;        # H function - part 1
+        &mov($tmp1,-1) if $pos == 1;            # I function - part 1
+
+        &rotl($a,$s);
+
+        &add($a,$b);
+        }
+        }
+
+sub R3
+        {
+        local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
+
+        &comment("R3 $ki");
+
+        # &not($tmp1)
+        &xor($tmp1,$d) if $pos < 0;     # I function - part 2
+
+        &or($tmp1,$b);                          # I function - part 3
+        &lea($a,&DWP($t,$a,$tmp2,1));
+
+        &xor($tmp1,$c);                         # I function - part 4
+        &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))  if $pos != 2; # load X/k value
+        &mov($tmp2,&wparam(0)) if $pos == 2;
+
+        &add($a,$tmp1);
+        &mov($tmp1,-1) if $pos < 1;     # H function - part 1
+        &add($K,64) if $pos >=1 && !$normal;
+
+        &rotl($a,$s);
+
+        &xor($tmp1,&Np($d)) if $pos <= 0;       # I function - part = first time
+        &mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
+        &add($a,$b);
+        }
+
+
+sub md5_block
+        {
+        local($name)=@_;
+
+        &function_begin_B($name,"",3);
+
+        # parameter 1 is the MD5_CTX structure.
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+
+        &push("esi");
+         &push("edi");
+        &mov($tmp1,     &wparam(0)); # edi
+         &mov($X,       &wparam(1)); # esi
+        &mov($C,        &wparam(2));
+         &push("ebp");
+        &shl($C,        6);
+        &push("ebx");
+         &add($C,       $X); # offset we end at
+        &sub($C,        64);
+         &mov($A,       &DWP( 0,$tmp1,"",0));
+        &push($C);      # Put on the TOS
+         &mov($B,       &DWP( 4,$tmp1,"",0));
+        &mov($C,        &DWP( 8,$tmp1,"",0));
+         &mov($D,       &DWP(12,$tmp1,"",0));
+
+        &set_label("start") unless $normal;
+        &comment("");
+        &comment("R0 section");
+
+        &R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);
+        &R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);
+        &R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);
+        &R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);
+        &R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);
+        &R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);
+        &R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);
+        &R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);
+        &R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);
+        &R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);
+        &R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);
+        &R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);
+        &R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);
+        &R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);
+        &R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);
+        &R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);
+
+        &comment("");
+        &comment("R1 section");
+        &R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);
+        &R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);
+        &R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);
+        &R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);
+        &R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);
+        &R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);
+        &R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);
+        &R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);
+        &R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);
+        &R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);
+        &R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);
+        &R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);
+        &R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);
+        &R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);
+        &R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);
+        &R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);
+
+        &comment("");
+        &comment("R2 section");
+        &R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);
+        &R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);
+        &R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);
+        &R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);
+        &R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);
+        &R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);
+        &R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);
+        &R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);
+        &R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);
+        &R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);
+        &R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);
+        &R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);
+        &R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);
+        &R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);
+        &R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);
+        &R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);
+
+        &comment("");
+        &comment("R3 section");
+        &R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);
+        &R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);
+        &R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);
+        &R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);
+        &R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);
+        &R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);
+        &R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);
+        &R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);
+        &R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);
+        &R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);
+        &R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);
+        &R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);
+        &R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);
+        &R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);
+        &R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);
+        &R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);
+
+        # &mov($tmp2,&wparam(0));       # done in the last R3
+        # &mov($tmp1,   &DWP( 0,$tmp2,"",0)); # done is the last R3
+
+        &add($A,$tmp1);
+         &mov($tmp1,    &DWP( 4,$tmp2,"",0));
+
+        &add($B,$tmp1);
+        &mov($tmp1,     &DWP( 8,$tmp2,"",0));
+
+        &add($C,$tmp1);
+        &mov($tmp1,     &DWP(12,$tmp2,"",0));
+
+        &add($D,$tmp1);
+        &mov(&DWP( 0,$tmp2,"",0),$A);
+
+        &mov(&DWP( 4,$tmp2,"",0),$B);
+        &mov($tmp1,&swtmp(0)) unless $normal;
+
+        &mov(&DWP( 8,$tmp2,"",0),$C);
+         &mov(&DWP(12,$tmp2,"",0),$D);
+
+        &cmp($tmp1,$X) unless $normal;                  # check count
+         &jae(&label("start")) unless $normal;
+
+        &pop("eax"); # pop the temp variable off the stack
+         &pop("ebx");
+        &pop("ebp");
+         &pop("edi");
+        &pop("esi");
+         &ret();
+        &function_end_B($name);
+        }
+
diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h
new file mode 100644
index 0000000000..c663dd1816
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5.h
@@ -0,0 +1,119 @@
+/* crypto/md5/md5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MD5_H
+#define HEADER_MD5_H
+
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_MD5
+#error MD5 is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD5_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define MD5_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define MD5_LONG unsigned long
+#define MD5_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *                                      <appro@fy.chalmers.se>
+ */
+#else
+#define MD5_LONG unsigned int
+#endif
+
+#define MD5_CBLOCK      64
+#define MD5_LBLOCK      (MD5_CBLOCK/4)
+#define MD5_DIGEST_LENGTH 16
+
+typedef struct MD5state_st
+        {
+        MD5_LONG A,B,C,D;
+        MD5_LONG Nl,Nh;
+        MD5_LONG data[MD5_LBLOCK];
+        int num;
+        } MD5_CTX;
+
+#ifdef OPENSSL_FIPS
+int private_MD5_Init(MD5_CTX *c);
+#endif
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/md5/md5_dgst.c b/src/lib/libcrypto/md5/md5_dgst.c
new file mode 100644
index 0000000000..54b33c6509
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5_dgst.c
@@ -0,0 +1,292 @@
+/* crypto/md5/md5_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "md5_locl.h"
+#include <openssl/opensslv.h>
+
+const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+FIPS_NON_FIPS_MD_Init(MD5)
+        {
+        c->A=INIT_DATA_A;
+        c->B=INIT_DATA_B;
+        c->C=INIT_DATA_C;
+        c->D=INIT_DATA_D;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        return 1;
+        }
+
+#ifndef md5_block_host_order
+void md5_block_host_order (MD5_CTX *c, const void *data, int num)
+        {
+        const MD5_LONG *X=data;
+        register unsigned MD32_REG_T A,B,C,D;
+
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+
+        for (;num--;X+=HASH_LBLOCK)
+                {
+        /* Round 0 */
+        R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
+        R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
+        R0(C,D,A,B,X[ 2],17,0x242070dbL);
+        R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
+        R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
+        R0(D,A,B,C,X[ 5],12,0x4787c62aL);
+        R0(C,D,A,B,X[ 6],17,0xa8304613L);
+        R0(B,C,D,A,X[ 7],22,0xfd469501L);
+        R0(A,B,C,D,X[ 8], 7,0x698098d8L);
+        R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
+        R0(C,D,A,B,X[10],17,0xffff5bb1L);
+        R0(B,C,D,A,X[11],22,0x895cd7beL);
+        R0(A,B,C,D,X[12], 7,0x6b901122L);
+        R0(D,A,B,C,X[13],12,0xfd987193L);
+        R0(C,D,A,B,X[14],17,0xa679438eL);
+        R0(B,C,D,A,X[15],22,0x49b40821L);
+        /* Round 1 */
+        R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
+        R1(D,A,B,C,X[ 6], 9,0xc040b340L);
+        R1(C,D,A,B,X[11],14,0x265e5a51L);
+        R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
+        R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
+        R1(D,A,B,C,X[10], 9,0x02441453L);
+        R1(C,D,A,B,X[15],14,0xd8a1e681L);
+        R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
+        R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
+        R1(D,A,B,C,X[14], 9,0xc33707d6L);
+        R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
+        R1(B,C,D,A,X[ 8],20,0x455a14edL);
+        R1(A,B,C,D,X[13], 5,0xa9e3e905L);
+        R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
+        R1(C,D,A,B,X[ 7],14,0x676f02d9L);
+        R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
+        R2(D,A,B,C,X[ 8],11,0x8771f681L);
+        R2(C,D,A,B,X[11],16,0x6d9d6122L);
+        R2(B,C,D,A,X[14],23,0xfde5380cL);
+        R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
+        R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
+        R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
+        R2(B,C,D,A,X[10],23,0xbebfbc70L);
+        R2(A,B,C,D,X[13], 4,0x289b7ec6L);
+        R2(D,A,B,C,X[ 0],11,0xeaa127faL);
+        R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
+        R2(B,C,D,A,X[ 6],23,0x04881d05L);
+        R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
+        R2(D,A,B,C,X[12],11,0xe6db99e5L);
+        R2(C,D,A,B,X[15],16,0x1fa27cf8L);
+        R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
+        /* Round 3 */
+        R3(A,B,C,D,X[ 0], 6,0xf4292244L);
+        R3(D,A,B,C,X[ 7],10,0x432aff97L);
+        R3(C,D,A,B,X[14],15,0xab9423a7L);
+        R3(B,C,D,A,X[ 5],21,0xfc93a039L);
+        R3(A,B,C,D,X[12], 6,0x655b59c3L);
+        R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
+        R3(C,D,A,B,X[10],15,0xffeff47dL);
+        R3(B,C,D,A,X[ 1],21,0x85845dd1L);
+        R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
+        R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
+        R3(C,D,A,B,X[ 6],15,0xa3014314L);
+        R3(B,C,D,A,X[13],21,0x4e0811a1L);
+        R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
+        R3(D,A,B,C,X[11],10,0xbd3af235L);
+        R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
+        R3(B,C,D,A,X[ 9],21,0xeb86d391L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
+
+#ifndef md5_block_data_order
+#ifdef X
+#undef X
+#endif
+void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
+        {
+        const unsigned char *data=data_;
+        register unsigned MD32_REG_T A,B,C,D,l;
+#ifndef MD32_XARRAY
+        /* See comment in crypto/sha/sha_locl.h for details. */
+        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+# define X(i)   XX##i
+#else
+        MD5_LONG XX[MD5_LBLOCK];
+# define X(i)   XX[i]
+#endif
+
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+
+        for (;num--;)
+                {
+        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        /* Round 0 */
+        R0(A,B,C,D,X( 0), 7,0xd76aa478L);       HOST_c2l(data,l); X( 2)=l;
+        R0(D,A,B,C,X( 1),12,0xe8c7b756L);       HOST_c2l(data,l); X( 3)=l;
+        R0(C,D,A,B,X( 2),17,0x242070dbL);       HOST_c2l(data,l); X( 4)=l;
+        R0(B,C,D,A,X( 3),22,0xc1bdceeeL);       HOST_c2l(data,l); X( 5)=l;
+        R0(A,B,C,D,X( 4), 7,0xf57c0fafL);       HOST_c2l(data,l); X( 6)=l;
+        R0(D,A,B,C,X( 5),12,0x4787c62aL);       HOST_c2l(data,l); X( 7)=l;
+        R0(C,D,A,B,X( 6),17,0xa8304613L);       HOST_c2l(data,l); X( 8)=l;
+        R0(B,C,D,A,X( 7),22,0xfd469501L);       HOST_c2l(data,l); X( 9)=l;
+        R0(A,B,C,D,X( 8), 7,0x698098d8L);       HOST_c2l(data,l); X(10)=l;
+        R0(D,A,B,C,X( 9),12,0x8b44f7afL);       HOST_c2l(data,l); X(11)=l;
+        R0(C,D,A,B,X(10),17,0xffff5bb1L);       HOST_c2l(data,l); X(12)=l;
+        R0(B,C,D,A,X(11),22,0x895cd7beL);       HOST_c2l(data,l); X(13)=l;
+        R0(A,B,C,D,X(12), 7,0x6b901122L);       HOST_c2l(data,l); X(14)=l;
+        R0(D,A,B,C,X(13),12,0xfd987193L);       HOST_c2l(data,l); X(15)=l;
+        R0(C,D,A,B,X(14),17,0xa679438eL);
+        R0(B,C,D,A,X(15),22,0x49b40821L);
+        /* Round 1 */
+        R1(A,B,C,D,X( 1), 5,0xf61e2562L);
+        R1(D,A,B,C,X( 6), 9,0xc040b340L);
+        R1(C,D,A,B,X(11),14,0x265e5a51L);
+        R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
+        R1(A,B,C,D,X( 5), 5,0xd62f105dL);
+        R1(D,A,B,C,X(10), 9,0x02441453L);
+        R1(C,D,A,B,X(15),14,0xd8a1e681L);
+        R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
+        R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
+        R1(D,A,B,C,X(14), 9,0xc33707d6L);
+        R1(C,D,A,B,X( 3),14,0xf4d50d87L);
+        R1(B,C,D,A,X( 8),20,0x455a14edL);
+        R1(A,B,C,D,X(13), 5,0xa9e3e905L);
+        R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
+        R1(C,D,A,B,X( 7),14,0x676f02d9L);
+        R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A,B,C,D,X( 5), 4,0xfffa3942L);
+        R2(D,A,B,C,X( 8),11,0x8771f681L);
+        R2(C,D,A,B,X(11),16,0x6d9d6122L);
+        R2(B,C,D,A,X(14),23,0xfde5380cL);
+        R2(A,B,C,D,X( 1), 4,0xa4beea44L);
+        R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
+        R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
+        R2(B,C,D,A,X(10),23,0xbebfbc70L);
+        R2(A,B,C,D,X(13), 4,0x289b7ec6L);
+        R2(D,A,B,C,X( 0),11,0xeaa127faL);
+        R2(C,D,A,B,X( 3),16,0xd4ef3085L);
+        R2(B,C,D,A,X( 6),23,0x04881d05L);
+        R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
+        R2(D,A,B,C,X(12),11,0xe6db99e5L);
+        R2(C,D,A,B,X(15),16,0x1fa27cf8L);
+        R2(B,C,D,A,X( 2),23,0xc4ac5665L);
+        /* Round 3 */
+        R3(A,B,C,D,X( 0), 6,0xf4292244L);
+        R3(D,A,B,C,X( 7),10,0x432aff97L);
+        R3(C,D,A,B,X(14),15,0xab9423a7L);
+        R3(B,C,D,A,X( 5),21,0xfc93a039L);
+        R3(A,B,C,D,X(12), 6,0x655b59c3L);
+        R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
+        R3(C,D,A,B,X(10),15,0xffeff47dL);
+        R3(B,C,D,A,X( 1),21,0x85845dd1L);
+        R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
+        R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
+        R3(C,D,A,B,X( 6),15,0xa3014314L);
+        R3(B,C,D,A,X(13),21,0x4e0811a1L);
+        R3(A,B,C,D,X( 4), 6,0xf7537e82L);
+        R3(D,A,B,C,X(11),10,0xbd3af235L);
+        R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
+        R3(B,C,D,A,X( 9),21,0xeb86d391L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
+
+#ifdef undef
+int printit(unsigned long *l)
+        {
+        int i,ii;
+
+        for (i=0; i<2; i++)
+                {
+                for (ii=0; ii<8; ii++)
+                        {
+                        fprintf(stderr,"%08lx ",l[i*8+ii]);
+                        }
+                fprintf(stderr,"\n");
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h
new file mode 100644
index 0000000000..9e360da732
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5_locl.h
@@ -0,0 +1,172 @@
+/* crypto/md5/md5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/md5.h>
+
+#ifndef MD5_LONG_LOG2
+#define MD5_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#ifdef MD5_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#  define md5_block_host_order md5_block_asm_host_order
+# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
+   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+#  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
+# endif
+#endif
+
+void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+void md5_block_data_order (MD5_CTX *c, const void *p,int num);
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianness" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#define md5_block_data_order md5_block_host_order
+#endif
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD5_LONG
+#define HASH_LONG_LOG2          MD5_LONG_LOG2
+#define HASH_CTX                MD5_CTX
+#define HASH_CBLOCK             MD5_CBLOCK
+#define HASH_LBLOCK             MD5_LBLOCK
+#define HASH_UPDATE             MD5_Update
+#define HASH_TRANSFORM          MD5_Transform
+#define HASH_FINAL              MD5_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; HOST_l2c(ll,(s));    \
+        ll=(c)->B; HOST_l2c(ll,(s));    \
+        ll=(c)->C; HOST_l2c(ll,(s));    \
+        ll=(c)->D; HOST_l2c(ll,(s));    \
+        } while (0)
+#define HASH_BLOCK_HOST_ORDER   md5_block_host_order
+#if !defined(L_ENDIAN) || defined(md5_block_data_order)
+#define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md5_block_data_order on copying-n-aligning input data.
+ * But frankly speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
+
+#include "md32_common.h"
+
+/*
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (z))  |  ((y) & (~(z))))
+*/
+
+/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
+ * simplified to the code below.  Wei attributes these optimizations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        ((((b) ^ (c)) & (d)) ^ (c))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+#define I(b,c,d)        (((~(d)) | (b)) ^ (c))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };\
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R3(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+I((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
diff --git a/src/lib/libcrypto/md5/md5_one.c b/src/lib/libcrypto/md5/md5_one.c
new file mode 100644
index 0000000000..c5dd2d81db
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5_one.c
@@ -0,0 +1,96 @@
+/* crypto/md5/md5_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md5.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
+        {
+        MD5_CTX c;
+        static unsigned char m[MD5_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        MD5_Init(&c);
+#ifndef CHARSET_EBCDIC
+        MD5_Update(&c,d,n);
+#else
+        {
+                char temp[1024];
+                unsigned long chunk;
+
+                while (n > 0)
+                {
+                        chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+                        ebcdic2ascii(temp, d, chunk);
+                        MD5_Update(&c,temp,chunk);
+                        n -= chunk;
+                        d += chunk;
+                }
+        }
+#endif
+        MD5_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+        return(md);
+        }
+
diff --git a/src/lib/libcrypto/mdc2/Makefile b/src/lib/libcrypto/mdc2/Makefile
index b8e9a9a4fa..38c785bf95 100644
--- a/src/lib/libcrypto/mdc2/Makefile
+++ b/src/lib/libcrypto/mdc2/Makefile
@@ -1,5 +1,5 @@
 #
-# OpenSSL/crypto/mdc2/Makefile
+# SSLeay/crypto/mdc2/Makefile
 #
 
 DIR=    mdc2
diff --git a/src/lib/libcrypto/mdc2/Makefile.ssl b/src/lib/libcrypto/mdc2/Makefile.ssl
new file mode 100644
index 0000000000..33f366fb08
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/Makefile.ssl
@@ -0,0 +1,98 @@
+#
+# SSLeay/crypto/mdc2/Makefile
+#
+
+DIR=    mdc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= mdc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=mdc2dgst.c mdc2_one.c
+LIBOBJ=mdc2dgst.o mdc2_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= mdc2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
+mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2_one.o: ../cryptlib.h mdc2_one.c
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2dgst.o: mdc2dgst.c
diff --git a/src/lib/libcrypto/mem_clr.c b/src/lib/libcrypto/mem_clr.c
new file mode 100644
index 0000000000..e4b7f540b0
--- /dev/null
+++ b/src/lib/libcrypto/mem_clr.c
@@ -0,0 +1,75 @@
+/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+unsigned char cleanse_ctr = 0;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+        {
+        unsigned char *p = ptr;
+        size_t loop = len;
+        while(loop--)
+                {
+                *(p++) = cleanse_ctr;
+                cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
+                }
+        if(memchr(ptr, cleanse_ctr, len))
+                cleanse_ctr += 63;
+        }
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
new file mode 100644
index 0000000000..e212de27e4
--- /dev/null
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -0,0 +1,787 @@
+/* crypto/mem_dbg.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>       
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "cryptlib.h"
+
+static int mh_mode=CRYPTO_MEM_CHECK_OFF;
+/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
+ * when the application asks for it (usually after library initialisation
+ * for which no book-keeping is desired).
+ *
+ * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
+ * thinks that certain allocations should not be checked (e.g. the data
+ * structures used for memory checking).  It is not suitable as an initial
+ * state: the library will unexpectedly enable memory checking when it
+ * executes one of those sections that want to disable checking
+ * temporarily.
+ *
+ * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
+ */
+
+static unsigned long order = 0; /* number of memory requests */
+static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
+                        * access requires MALLOC2 lock */
+
+
+typedef struct app_mem_info_st
+/* For application-defined information (static C-string `info')
+ * to be displayed in memory leak list.
+ * Each thread has its own stack.  For applications, there is
+ *   CRYPTO_push_info("...")     to push an entry,
+ *   CRYPTO_pop_info()           to pop an entry,
+ *   CRYPTO_remove_all_info()    to pop all entries.
+ */
+        {       
+        unsigned long thread;
+        const char *file;
+        int line;
+        const char *info;
+        struct app_mem_info_st *next; /* tail of thread's stack */
+        int references;
+        } APP_INFO;
+
+static void app_info_free(APP_INFO *);
+
+static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+                          * that are at the top of their thread's stack
+                          * (with `thread' as key);
+                          * access requires MALLOC2 lock */
+
+typedef struct mem_st
+/* memory-block description */
+        {
+        void *addr;
+        int num;
+        const char *file;
+        int line;
+        unsigned long thread;
+        unsigned long order;
+        time_t time;
+        APP_INFO *app_info;
+        } MEM;
+
+static long options =             /* extra information to be recorded */
+#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
+        V_CRYPTO_MDEBUG_TIME |
+#endif
+#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
+        V_CRYPTO_MDEBUG_THREAD |
+#endif
+        0;
+
+
+static unsigned int num_disable = 0; /* num_disable > 0
+                                      *     iff
+                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
+                                      */
+static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
+                                            * CRYPTO_LOCK_MALLOC2 is locked
+                                            * exactly in this case (by the
+                                            * thread named in disabling_thread).
+                                            */
+
+static void app_info_free(APP_INFO *inf)
+        {
+        if (--(inf->references) <= 0)
+                {
+                if (inf->next != NULL)
+                        {
+                        app_info_free(inf->next);
+                        }
+                OPENSSL_free(inf);
+                }
+        }
+
+int CRYPTO_mem_ctrl(int mode)
+        {
+        int ret=mh_mode;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+        switch (mode)
+                {
+        /* for applications (not to be called while multiple threads
+         * use the library): */
+        case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
+                mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
+                num_disable = 0;
+                break;
+        case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+                mh_mode = 0;
+                num_disable = 0; /* should be true *before* MemCheck_stop is used,
+                                    or there'll be a lot of confusion */
+                break;
+
+        /* switch off temporarily (for library-internal use): */
+        case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+                if (mh_mode & CRYPTO_MEM_CHECK_ON)
+                        {
+                        if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
+                                {
+                                /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
+                                 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
+                                 * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release
+                                 * it because we block entry to this function).
+                                 * Give them a chance, first, and then claim the locks in
+                                 * appropriate order (long-time lock first).
+                                 */
+                                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                                /* Note that after we have waited for CRYPTO_LOCK_MALLOC2
+                                 * and CRYPTO_LOCK_MALLOC, we'll still be in the right
+                                 * "case" and "if" branch because MemCheck_start and
+                                 * MemCheck_stop may never be used while there are multiple
+                                 * OpenSSL threads. */
+                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+                                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
+                                disabling_thread=CRYPTO_thread_id();
+                                }
+                        num_disable++;
+                        }
+                break;
+        case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+                if (mh_mode & CRYPTO_MEM_CHECK_ON)
+                        {
+                        if (num_disable) /* always true, or something is going wrong */
+                                {
+                                num_disable--;
+                                if (num_disable == 0)
+                                        {
+                                        mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
+                                        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+                                        }
+                                }
+                        }
+                break;
+
+        default:
+                break;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+        return(ret);
+        }
+
+int CRYPTO_is_mem_check_on(void)
+        {
+        int ret = 0;
+
+        if (mh_mode & CRYPTO_MEM_CHECK_ON)
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
+
+                ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+                        || (disabling_thread != CRYPTO_thread_id());
+
+                CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        return(ret);
+        }       
+
+
+void CRYPTO_dbg_set_options(long bits)
+        {
+        options = bits;
+        }
+
+long CRYPTO_dbg_get_options(void)
+        {
+        return options;
+        }
+
+/* static int mem_cmp(MEM *a, MEM *b) */
+static int mem_cmp(const void *a_void, const void *b_void)
+        {
+        return((const char *)((const MEM *)a_void)->addr
+                - (const char *)((const MEM *)b_void)->addr);
+        }
+
+/* static unsigned long mem_hash(MEM *a) */
+static unsigned long mem_hash(const void *a_void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)((const MEM *)a_void)->addr;
+
+        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+        return(ret);
+        }
+
+/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
+static int app_info_cmp(const void *a_void, const void *b_void)
+        {
+        return(((const APP_INFO *)a_void)->thread
+                != ((const APP_INFO *)b_void)->thread);
+        }
+
+/* static unsigned long app_info_hash(APP_INFO *a) */
+static unsigned long app_info_hash(const void *a_void)
+        {
+        unsigned long ret;
+
+        ret=(unsigned long)((const APP_INFO *)a_void)->thread;
+
+        ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+        return(ret);
+        }
+
+static APP_INFO *pop_info(void)
+        {
+        APP_INFO tmp;
+        APP_INFO *ret = NULL;
+
+        if (amih != NULL)
+                {
+                tmp.thread=CRYPTO_thread_id();
+                if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
+                        {
+                        APP_INFO *next=ret->next;
+
+                        if (next != NULL)
+                                {
+                                next->references++;
+                                lh_insert(amih,(char *)next);
+                                }
+#ifdef LEVITTE_DEBUG_MEM
+                        if (ret->thread != tmp.thread)
+                                {
+                                fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+                                        ret->thread, tmp.thread);
+                                abort();
+                                }
+#endif
+                        if (--(ret->references) <= 0)
+                                {
+                                ret->next = NULL;
+                                if (next != NULL)
+                                        next->references--;
+                                OPENSSL_free(ret);
+                                }
+                        }
+                }
+        return(ret);
+        }
+
+int CRYPTO_push_info_(const char *info, const char *file, int line)
+        {
+        APP_INFO *ami, *amim;
+        int ret=0;
+
+        if (is_MemCheck_on())
+                {
+                MemCheck_off(); /* obtain MALLOC2 lock */
+
+                if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
+                        {
+                        ret=0;
+                        goto err;
+                        }
+                if (amih == NULL)
+                        {
+                        if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
+                                {
+                                OPENSSL_free(ami);
+                                ret=0;
+                                goto err;
+                                }
+                        }
+
+                ami->thread=CRYPTO_thread_id();
+                ami->file=file;
+                ami->line=line;
+                ami->info=info;
+                ami->references=1;
+                ami->next=NULL;
+
+                if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
+                        {
+#ifdef LEVITTE_DEBUG_MEM
+                        if (ami->thread != amim->thread)
+                                {
+                                fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+                                        amim->thread, ami->thread);
+                                abort();
+                                }
+#endif
+                        ami->next=amim;
+                        }
+ err:
+                MemCheck_on(); /* release MALLOC2 lock */
+                }
+
+        return(ret);
+        }
+
+int CRYPTO_pop_info(void)
+        {
+        int ret=0;
+
+        if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
+                {
+                MemCheck_off(); /* obtain MALLOC2 lock */
+
+                ret=(pop_info() != NULL);
+
+                MemCheck_on(); /* release MALLOC2 lock */
+                }
+        return(ret);
+        }
+
+int CRYPTO_remove_all_info(void)
+        {
+        int ret=0;
+
+        if (is_MemCheck_on()) /* _must_ be true */
+                {
+                MemCheck_off(); /* obtain MALLOC2 lock */
+
+                while(pop_info() != NULL)
+                        ret++;
+
+                MemCheck_on(); /* release MALLOC2 lock */
+                }
+        return(ret);
+        }
+
+
+static unsigned long break_order_num=0;
+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
+        int before_p)
+        {
+        MEM *m,*mm;
+        APP_INFO tmp,*amim;
+
+        switch(before_p & 127)
+                {
+        case 0:
+                break;
+        case 1:
+                if (addr == NULL)
+                        break;
+
+                if (is_MemCheck_on())
+                        {
+                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
+                        if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
+                                {
+                                OPENSSL_free(addr);
+                                MemCheck_on(); /* release MALLOC2 lock
+                                                * if num_disabled drops to 0 */
+                                return;
+                                }
+                        if (mh == NULL)
+                                {
+                                if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
+                                        {
+                                        OPENSSL_free(addr);
+                                        OPENSSL_free(m);
+                                        addr=NULL;
+                                        goto err;
+                                        }
+                                }
+
+                        m->addr=addr;
+                        m->file=file;
+                        m->line=line;
+                        m->num=num;
+                        if (options & V_CRYPTO_MDEBUG_THREAD)
+                                m->thread=CRYPTO_thread_id();
+                        else
+                                m->thread=0;
+
+                        if (order == break_order_num)
+                                {
+                                /* BREAK HERE */
+                                m->order=order;
+                                }
+                        m->order=order++;
+#ifdef LEVITTE_DEBUG_MEM
+                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
+                                m->order,
+                                (before_p & 128) ? '*' : '+',
+                                m->addr, m->num);
+#endif
+                        if (options & V_CRYPTO_MDEBUG_TIME)
+                                m->time=time(NULL);
+                        else
+                                m->time=0;
+
+                        tmp.thread=CRYPTO_thread_id();
+                        m->app_info=NULL;
+                        if (amih != NULL
+                                && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
+                                {
+                                m->app_info = amim;
+                                amim->references++;
+                                }
+
+                        if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+                                {
+                                /* Not good, but don't sweat it */
+                                if (mm->app_info != NULL)
+                                        {
+                                        mm->app_info->references--;
+                                        }
+                                OPENSSL_free(mm);
+                                }
+                err:
+                        MemCheck_on(); /* release MALLOC2 lock
+                                        * if num_disabled drops to 0 */
+                        }
+                break;
+                }
+        return;
+        }
+
+void CRYPTO_dbg_free(void *addr, int before_p)
+        {
+        MEM m,*mp;
+
+        switch(before_p)
+                {
+        case 0:
+                if (addr == NULL)
+                        break;
+
+                if (is_MemCheck_on() && (mh != NULL))
+                        {
+                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
+
+                        m.addr=addr;
+                        mp=(MEM *)lh_delete(mh,(char *)&m);
+                        if (mp != NULL)
+                                {
+#ifdef LEVITTE_DEBUG_MEM
+                        fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
+                                mp->order, mp->addr, mp->num);
+#endif
+                                if (mp->app_info != NULL)
+                                        app_info_free(mp->app_info);
+                                OPENSSL_free(mp);
+                                }
+
+                        MemCheck_on(); /* release MALLOC2 lock
+                                        * if num_disabled drops to 0 */
+                        }
+                break;
+        case 1:
+                break;
+                }
+        }
+
+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
+        const char *file, int line, int before_p)
+        {
+        MEM m,*mp;
+
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
+                addr1, addr2, num, file, line, before_p);
+#endif
+
+        switch(before_p)
+                {
+        case 0:
+                break;
+        case 1:
+                if (addr2 == NULL)
+                        break;
+
+                if (addr1 == NULL)
+                        {
+                        CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
+                        break;
+                        }
+
+                if (is_MemCheck_on())
+                        {
+                        MemCheck_off(); /* make sure we hold MALLOC2 lock */
+
+                        m.addr=addr1;
+                        mp=(MEM *)lh_delete(mh,(char *)&m);
+                        if (mp != NULL)
+                                {
+#ifdef LEVITTE_DEBUG_MEM
+                                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+                                        mp->order,
+                                        mp->addr, mp->num,
+                                        addr2, num);
+#endif
+                                mp->addr=addr2;
+                                mp->num=num;
+                                lh_insert(mh,(char *)mp);
+                                }
+
+                        MemCheck_on(); /* release MALLOC2 lock
+                                        * if num_disabled drops to 0 */
+                        }
+                break;
+                }
+        return;
+        }
+
+
+typedef struct mem_leak_st
+        {
+        BIO *bio;
+        int chunks;
+        long bytes;
+        } MEM_LEAK;
+
+static void print_leak(const MEM *m, MEM_LEAK *l)
+        {
+        char buf[1024];
+        char *bufp = buf;
+        APP_INFO *amip;
+        int ami_cnt;
+        struct tm *lcl = NULL;
+        unsigned long ti;
+
+#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
+
+        if(m->addr == (char *)l->bio)
+            return;
+
+        if (options & V_CRYPTO_MDEBUG_TIME)
+                {
+                lcl = localtime(&m->time);
+        
+                BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
+                        lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
+                bufp += strlen(bufp);
+                }
+
+        BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
+                m->order,m->file,m->line);
+        bufp += strlen(bufp);
+
+        if (options & V_CRYPTO_MDEBUG_THREAD)
+                {
+                BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
+                bufp += strlen(bufp);
+                }
+
+        BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
+                m->num,(unsigned long)m->addr);
+        bufp += strlen(bufp);
+
+        BIO_puts(l->bio,buf);
+        
+        l->chunks++;
+        l->bytes+=m->num;
+
+        amip=m->app_info;
+        ami_cnt=0;
+        if (!amip)
+                return;
+        ti=amip->thread;
+        
+        do
+                {
+                int buf_len;
+                int info_len;
+
+                ami_cnt++;
+                memset(buf,'>',ami_cnt);
+                BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
+                        " thread=%lu, file=%s, line=%d, info=\"",
+                        amip->thread, amip->file, amip->line);
+                buf_len=strlen(buf);
+                info_len=strlen(amip->info);
+                if (128 - buf_len - 3 < info_len)
+                        {
+                        memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+                        buf_len = 128 - 3;
+                        }
+                else
+                        {
+                        BUF_strlcpy(buf + buf_len, amip->info,
+                                    sizeof buf - buf_len);
+                        buf_len = strlen(buf);
+                        }
+                BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
+                
+                BIO_puts(l->bio,buf);
+
+                amip = amip->next;
+                }
+        while(amip && amip->thread == ti);
+                
+#ifdef LEVITTE_DEBUG_MEM
+        if (amip)
+                {
+                fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
+                abort();
+                }
+#endif
+        }
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
+
+void CRYPTO_mem_leaks(BIO *b)
+        {
+        MEM_LEAK ml;
+
+        if (mh == NULL && amih == NULL)
+                return;
+
+        MemCheck_off(); /* obtain MALLOC2 lock */
+
+        ml.bio=b;
+        ml.bytes=0;
+        ml.chunks=0;
+        if (mh != NULL)
+                lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
+                                (char *)&ml);
+        if (ml.chunks != 0)
+                {
+                BIO_printf(b,"%ld bytes leaked in %d chunks\n",
+                           ml.bytes,ml.chunks);
+                }
+        else
+                {
+                /* Make sure that, if we found no leaks, memory-leak debugging itself
+                 * does not introduce memory leaks (which might irritate
+                 * external debugging tools).
+                 * (When someone enables leak checking, but does not call
+                 * this function, we declare it to be their fault.)
+                 *
+                 * XXX    This should be in CRYPTO_mem_leaks_cb,
+                 * and CRYPTO_mem_leaks should be implemented by
+                 * using CRYPTO_mem_leaks_cb.
+                 * (Also their should be a variant of lh_doall_arg
+                 * that takes a function pointer instead of a void *;
+                 * this would obviate the ugly and illegal
+                 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
+                 * Otherwise the code police will come and get us.)
+                 */
+                int old_mh_mode;
+
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+
+                /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
+                 * which uses CRYPTO_is_mem_check_on */
+                old_mh_mode = mh_mode;
+                mh_mode = CRYPTO_MEM_CHECK_OFF;
+
+                if (mh != NULL)
+                        {
+                        lh_free(mh);
+                        mh = NULL;
+                        }
+                if (amih != NULL)
+                        {
+                        if (lh_num_items(amih) == 0) 
+                                {
+                                lh_free(amih);
+                                amih = NULL;
+                                }
+                        }
+
+                mh_mode = old_mh_mode;
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                }
+        MemCheck_on(); /* release MALLOC2 lock */
+        }
+
+#ifndef OPENSSL_NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *fp)
+        {
+        BIO *b;
+
+        if (mh == NULL) return;
+        /* Need to turn off memory checking when allocated BIOs ... especially
+         * as we're creating them at a time when we're trying to check we've not
+         * left anything un-free()'d!! */
+        MemCheck_off();
+        b = BIO_new(BIO_s_file());
+        MemCheck_on();
+        if(!b) return;
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        CRYPTO_mem_leaks(b);
+        BIO_free(b);
+        }
+#endif
+
+
+
+/* FIXME: We really don't allow much to the callback.  For example, it has
+   no chance of reaching the info stack for the item it processes.  Should
+   it really be this way?  -- Richard Levitte */
+/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
+ * If this code is restructured, remove the callback type if it is no longer
+ * needed. -- Geoff Thorpe */
+static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
+        {
+        (**cb)(m->order,m->file,m->line,m->num,m->addr);
+        }
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
+
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
+        {
+        if (mh == NULL) return;
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+        lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+        }
diff --git a/src/lib/libcrypto/o_str.c b/src/lib/libcrypto/o_str.c
new file mode 100644
index 0000000000..da8860491d
--- /dev/null
+++ b/src/lib/libcrypto/o_str.c
@@ -0,0 +1,96 @@
+/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <ctype.h>
+#include <e_os.h>
+#include "o_str.h"
+
+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
+        {
+#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+        while (*str1 && *str2 && n)
+                {
+                int res = toupper(*str1) - toupper(*str2);
+                if (res) return res < 0 ? -1 : 1;
+                str1++;
+                str2++;
+                n--;
+                }
+        if (n == 0)
+                return 0;
+        if (*str1)
+                return 1;
+        if (*str2)
+                return -1;
+        return 0;
+#else
+        /* Recursion hazard warning! Whenever strncasecmp is #defined as
+         * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be
+         * defined as well. */
+        return strncasecmp(str1, str2, n);
+#endif
+        }
+int OPENSSL_strcasecmp(const char *str1, const char *str2)
+        {
+#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+        return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
+#else
+        return strcasecmp(str1, str2);
+#endif
+        }
+
diff --git a/src/lib/libcrypto/o_time.c b/src/lib/libcrypto/o_time.c
new file mode 100644
index 0000000000..e29091d650
--- /dev/null
+++ b/src/lib/libcrypto/o_time.c
@@ -0,0 +1,217 @@
+/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include "o_time.h"
+
+#ifdef OPENSSL_SYS_VMS
+# include <libdtdef.h>
+# include <lib$routines.h>
+# include <lnmdef.h>
+# include <starlet.h>
+# include <descrip.h>
+# include <stdlib.h>
+#endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+        {
+        struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
+        /* should return &data, but doesn't on some systems,
+           so we don't even look at the return value */
+        gmtime_r(timer,result);
+        ts = result;
+#elif !defined(OPENSSL_SYS_VMS)
+        ts = gmtime(timer);
+        if (ts == NULL)
+                return NULL;
+
+        memcpy(result, ts, sizeof(struct tm));
+        ts = result;
+#endif
+#ifdef OPENSSL_SYS_VMS
+        if (ts == NULL)
+                {
+                static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
+                static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
+                char logvalue[256];
+                unsigned int reslen = 0;
+                struct {
+                        short buflen;
+                        short code;
+                        void *bufaddr;
+                        unsigned int *reslen;
+                } itemlist[] = {
+                        { 0, LNM$_STRING, 0, 0 },
+                        { 0, 0, 0, 0 },
+                };
+                int status;
+                time_t t;
+
+                /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+                itemlist[0].buflen = sizeof(logvalue);
+                itemlist[0].bufaddr = logvalue;
+                itemlist[0].reslen = &reslen;
+                status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+                if (!(status & 1))
+                        return NULL;
+                logvalue[reslen] = '\0';
+
+                t = *timer;
+
+/* The following is extracted from the DEC C header time.h */
+/*
+**  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
+**  have two implementations.  One implementation is provided
+**  for compatibility and deals with time in terms of local time,
+**  the other __utc_* deals with time in terms of UTC.
+*/
+/* We use the same conditions as in said time.h to check if we should
+   assume that t contains local time (and should therefore be adjusted)
+   or UTC (and should therefore be left untouched). */
+#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
+                /* Get the numerical value of the equivalence string */
+                status = atoi(logvalue);
+
+                /* and use it to move time to GMT */
+                t -= status;
+#endif
+
+                /* then convert the result to the time structure */
+
+                /* Since there was no gmtime_r() to do this stuff for us,
+                   we have to do it the hard way. */
+                {
+                /* The VMS epoch is the astronomical Smithsonian date,
+                   if I remember correctly, which is November 17, 1858.
+                   Furthermore, time is measure in thenths of microseconds
+                   and stored in quadwords (64 bit integers).  unix_epoch
+                   below is January 1st 1970 expressed as a VMS time.  The
+                   following code was used to get this number:
+
+                   #include <stdio.h>
+                   #include <stdlib.h>
+                   #include <lib$routines.h>
+                   #include <starlet.h>
+
+                   main()
+                   {
+                     unsigned long systime[2];
+                     unsigned short epoch_values[7] =
+                       { 1970, 1, 1, 0, 0, 0, 0 };
+
+                     lib$cvt_vectim(epoch_values, systime);
+
+                     printf("%u %u", systime[0], systime[1]);
+                   }
+                */
+                unsigned long unix_epoch[2] = { 1273708544, 8164711 };
+                unsigned long deltatime[2];
+                unsigned long systime[2];
+                struct vms_vectime
+                        {
+                        short year, month, day, hour, minute, second,
+                                centi_second;
+                        } time_values;
+                long operation;
+
+                /* Turn the number of seconds since January 1st 1970 to
+                   an internal delta time.
+                   Note that lib$cvt_to_internal_time() will assume
+                   that t is signed, and will therefore break on 32-bit
+                   systems some time in 2038.
+                */
+                operation = LIB$K_DELTA_SECONDS;
+                status = lib$cvt_to_internal_time(&operation,
+                        &t, deltatime);
+
+                /* Add the delta time with the Unix epoch and we have
+                   the current UTC time in internal format */
+                status = lib$add_times(unix_epoch, deltatime, systime);
+
+                /* Turn the internal time into a time vector */
+                status = sys$numtim(&time_values, systime);
+
+                /* Fill in the struct tm with the result */
+                result->tm_sec = time_values.second;
+                result->tm_min = time_values.minute;
+                result->tm_hour = time_values.hour;
+                result->tm_mday = time_values.day;
+                result->tm_mon = time_values.month - 1;
+                result->tm_year = time_values.year - 1900;
+
+                operation = LIB$K_DAY_OF_WEEK;
+                status = lib$cvt_from_internal_time(&operation,
+                        &result->tm_wday, systime);
+                result->tm_wday %= 7;
+
+                operation = LIB$K_DAY_OF_YEAR;
+                status = lib$cvt_from_internal_time(&operation,
+                        &result->tm_yday, systime);
+                result->tm_yday--;
+
+                result->tm_isdst = 0; /* There's no way to know... */
+
+                ts = result;
+                }
+                }
+#endif
+        return ts;
+        }       
diff --git a/src/lib/libcrypto/o_time.h b/src/lib/libcrypto/o_time.h
new file mode 100644
index 0000000000..e66044626d
--- /dev/null
+++ b/src/lib/libcrypto/o_time.h
@@ -0,0 +1,66 @@
+/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_TIME_H
+#define HEADER_O_TIME_H
+
+#include <time.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+
+#endif
diff --git a/src/lib/libcrypto/objects/Makefile.ssl b/src/lib/libcrypto/objects/Makefile.ssl
new file mode 100644
index 0000000000..3e7a194cf9
--- /dev/null
+++ b/src/lib/libcrypto/objects/Makefile.ssl
@@ -0,0 +1,123 @@
+#
+# SSLeay/crypto/objects/Makefile
+#
+
+DIR=    objects
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+PERL=           perl
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= objects.h obj_mac.h
+HEADER= $(EXHEADER) obj_dat.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    obj_dat.h lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+obj_dat.h: obj_dat.pl obj_mac.h
+        $(PERL) obj_dat.pl obj_mac.h obj_dat.h
+
+# objects.pl both reads and writes obj_mac.num
+obj_mac.h: objects.pl objects.txt obj_mac.num
+        $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+o_names.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+o_names.o: o_names.c
+obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+obj_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_err.o: ../../include/openssl/symhacks.h obj_err.c
+obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_lib.c
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
new file mode 100644
index 0000000000..28c9370ca3
--- /dev/null
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -0,0 +1,369 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+
+/* Later versions of DEC C has started to add lnkage information to certain
+ * functions, which makes it tricky to use them as values to regular function
+ * pointers.  One way is to define a macro that takes care of casting them
+ * correctly.
+ */
+#ifdef OPENSSL_SYS_VMS_DECC
+# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
+#else
+# define OPENSSL_strcmp strcmp
+#endif
+
+/* I use the ex_data stuff to manage the identifiers for the obj_name_types
+ * that applications may define.  I only really use the free function field.
+ */
+static LHASH *names_lh=NULL;
+static int names_type_num=OBJ_NAME_TYPE_NUM;
+
+typedef struct name_funcs_st
+        {
+        unsigned long (*hash_func)(const char *name);
+        int (*cmp_func)(const char *a,const char *b);
+        void (*free_func)(const char *, int, const char *);
+        } NAME_FUNCS;
+
+DECLARE_STACK_OF(NAME_FUNCS)
+IMPLEMENT_STACK_OF(NAME_FUNCS)
+
+static STACK_OF(NAME_FUNCS) *name_funcs_stack;
+
+/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
+ * casting in the functions. This prevents function pointer casting without the
+ * need for macro-generated wrapper functions. */
+
+/* static unsigned long obj_name_hash(OBJ_NAME *a); */
+static unsigned long obj_name_hash(const void *a_void);
+/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
+static int obj_name_cmp(const void *a_void,const void *b_void);
+
+int OBJ_NAME_init(void)
+        {
+        if (names_lh != NULL) return(1);
+        MemCheck_off();
+        names_lh=lh_new(obj_name_hash, obj_name_cmp);
+        MemCheck_on();
+        return(names_lh != NULL);
+        }
+
+int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
+        int (*cmp_func)(const char *, const char *),
+        void (*free_func)(const char *, int, const char *))
+        {
+        int ret;
+        int i;
+        NAME_FUNCS *name_funcs;
+
+        if (name_funcs_stack == NULL)
+                {
+                MemCheck_off();
+                name_funcs_stack=sk_NAME_FUNCS_new_null();
+                MemCheck_on();
+                }
+        if ((name_funcs_stack == NULL))
+                {
+                /* ERROR */
+                return(0);
+                }
+        ret=names_type_num;
+        names_type_num++;
+        for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
+                {
+                MemCheck_off();
+                name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
+                MemCheck_on();
+                if (!name_funcs)
+                        {
+                        OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                name_funcs->hash_func = lh_strhash;
+                name_funcs->cmp_func = OPENSSL_strcmp;
+                name_funcs->free_func = 0; /* NULL is often declared to
+                                                * ((void *)0), which according
+                                                * to Compaq C is not really
+                                                * compatible with a function
+                                                * pointer.      -- Richard Levitte*/
+                MemCheck_off();
+                sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
+                MemCheck_on();
+                }
+        name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
+        if (hash_func != NULL)
+                name_funcs->hash_func = hash_func;
+        if (cmp_func != NULL)
+                name_funcs->cmp_func = cmp_func;
+        if (free_func != NULL)
+                name_funcs->free_func = free_func;
+        return(ret);
+        }
+
+/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
+static int obj_name_cmp(const void *a_void, const void *b_void)
+        {
+        int ret;
+        OBJ_NAME *a = (OBJ_NAME *)a_void;
+        OBJ_NAME *b = (OBJ_NAME *)b_void;
+
+        ret=a->type-b->type;
+        if (ret == 0)
+                {
+                if ((name_funcs_stack != NULL)
+                        && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
+                        {
+                        ret=sk_NAME_FUNCS_value(name_funcs_stack,
+                                a->type)->cmp_func(a->name,b->name);
+                        }
+                else
+                        ret=strcmp(a->name,b->name);
+                }
+        return(ret);
+        }
+
+/* static unsigned long obj_name_hash(OBJ_NAME *a) */
+static unsigned long obj_name_hash(const void *a_void)
+        {
+        unsigned long ret;
+        OBJ_NAME *a = (OBJ_NAME *)a_void;
+
+        if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
+                {
+                ret=sk_NAME_FUNCS_value(name_funcs_stack,
+                        a->type)->hash_func(a->name);
+                }
+        else
+                {
+                ret=lh_strhash(a->name);
+                }
+        ret^=a->type;
+        return(ret);
+        }
+
+const char *OBJ_NAME_get(const char *name, int type)
+        {
+        OBJ_NAME on,*ret;
+        int num=0,alias;
+
+        if (name == NULL) return(NULL);
+        if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);
+
+        alias=type&OBJ_NAME_ALIAS;
+        type&= ~OBJ_NAME_ALIAS;
+
+        on.name=name;
+        on.type=type;
+
+        for (;;)
+        {
+                ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
+                if (ret == NULL) return(NULL);
+                if ((ret->alias) && !alias)
+                        {
+                        if (++num > 10) return(NULL);
+                        on.name=ret->data;
+                        }
+                else
+                        {
+                        return(ret->data);
+                        }
+                }
+        }
+
+int OBJ_NAME_add(const char *name, int type, const char *data)
+        {
+        OBJ_NAME *onp,*ret;
+        int alias;
+
+        if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);
+
+        alias=type&OBJ_NAME_ALIAS;
+        type&= ~OBJ_NAME_ALIAS;
+
+        onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
+        if (onp == NULL)
+                {
+                /* ERROR */
+                return(0);
+                }
+
+        onp->name=name;
+        onp->alias=alias;
+        onp->type=type;
+        onp->data=data;
+
+        ret=(OBJ_NAME *)lh_insert(names_lh,onp);
+        if (ret != NULL)
+                {
+                /* free things */
+                if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
+                        {
+                        /* XXX: I'm not sure I understand why the free
+                         * function should get three arguments...
+                         * -- Richard Levitte
+                         */
+                        sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name,ret->type,ret->data);
+                        }
+                OPENSSL_free(ret);
+                }
+        else
+                {
+                if (lh_error(names_lh))
+                        {
+                        /* ERROR */
+                        return(0);
+                        }
+                }
+        return(1);
+        }
+
+int OBJ_NAME_remove(const char *name, int type)
+        {
+        OBJ_NAME on,*ret;
+
+        if (names_lh == NULL) return(0);
+
+        type&= ~OBJ_NAME_ALIAS;
+        on.name=name;
+        on.type=type;
+        ret=(OBJ_NAME *)lh_delete(names_lh,&on);
+        if (ret != NULL)
+                {
+                /* free things */
+                if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
+                        {
+                        /* XXX: I'm not sure I understand why the free
+                         * function should get three arguments...
+                         * -- Richard Levitte
+                         */
+                        sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name,ret->type,ret->data);
+                        }
+                OPENSSL_free(ret);
+                return(1);
+                }
+        else
+                return(0);
+        }
+
+struct doall
+        {
+        int type;
+        void (*fn)(const OBJ_NAME *,void *arg);
+        void *arg;
+        };
+
+static void do_all_fn(const OBJ_NAME *name,struct doall *d)
+        {
+        if(name->type == d->type)
+                d->fn(name,d->arg);
+        }
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
+
+void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
+        {
+        struct doall d;
+
+        d.type=type;
+        d.fn=fn;
+        d.arg=arg;
+
+        lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
+        }
+
+struct doall_sorted
+        {
+        int type;
+        int n;
+        const OBJ_NAME **names;
+        };
+
+static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)
+        {
+        struct doall_sorted *d=d_;
+
+        if(name->type != d->type)
+                return;
+
+        d->names[d->n++]=name;
+        }
+
+static int do_all_sorted_cmp(const void *n1_,const void *n2_)
+        {
+        const OBJ_NAME * const *n1=n1_;
+        const OBJ_NAME * const *n2=n2_;
+
+        return strcmp((*n1)->name,(*n2)->name);
+        }
+
+void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
+                                void *arg)
+        {
+        struct doall_sorted d;
+        int n;
+
+        d.type=type;
+        d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
+        d.n=0;
+        OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
+
+        qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);
+
+        for(n=0 ; n < d.n ; ++n)
+                fn(d.names[n],arg);
+
+        OPENSSL_free((void *)d.names);
+        }
+
+static int free_type;
+
+static void names_lh_free(OBJ_NAME *onp)
+{
+        if(onp == NULL)
+                return;
+
+        if ((free_type < 0) || (free_type == onp->type))
+                {
+                OBJ_NAME_remove(onp->name,onp->type);
+                }
+        }
+
+static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
+
+static void name_funcs_free(NAME_FUNCS *ptr)
+        {
+        OPENSSL_free(ptr);
+        }
+
+void OBJ_NAME_cleanup(int type)
+        {
+        unsigned long down_load;
+
+        if (names_lh == NULL) return;
+
+        free_type=type;
+        down_load=names_lh->down_load;
+        names_lh->down_load=0;
+
+        lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
+        if (type < 0)
+                {
+                lh_free(names_lh);
+                sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
+                names_lh=NULL;
+                name_funcs_stack = NULL;
+                }
+        else
+                names_lh->down_load=down_load;
+        }
+
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
new file mode 100644
index 0000000000..f549d078ef
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -0,0 +1,668 @@
+/* crypto/objects/obj_dat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+/* obj_dat.h is generated from objects.h by obj_dat.pl */
+#ifndef OPENSSL_NO_OBJECT
+#include "obj_dat.h"
+#else
+/* You will have to load all the objects needed manually in the application */
+#define NUM_NID 0
+#define NUM_SN 0
+#define NUM_LN 0
+#define NUM_OBJ 0
+static unsigned char lvalues[1];
+static ASN1_OBJECT nid_objs[1];
+static ASN1_OBJECT *sn_objs[1];
+static ASN1_OBJECT *ln_objs[1];
+static ASN1_OBJECT *obj_objs[1];
+#endif
+
+static int sn_cmp(const void *a, const void *b);
+static int ln_cmp(const void *a, const void *b);
+static int obj_cmp(const void *a, const void *b);
+#define ADDED_DATA      0
+#define ADDED_SNAME     1
+#define ADDED_LNAME     2
+#define ADDED_NID       3
+
+typedef struct added_obj_st
+        {
+        int type;
+        ASN1_OBJECT *obj;
+        } ADDED_OBJ;
+
+static int new_nid=NUM_NID;
+static LHASH *added=NULL;
+
+static int sn_cmp(const void *a, const void *b)
+        {
+        const ASN1_OBJECT * const *ap = a, * const *bp = b;
+        return(strcmp((*ap)->sn,(*bp)->sn));
+        }
+
+static int ln_cmp(const void *a, const void *b)
+        { 
+        const ASN1_OBJECT * const *ap = a, * const *bp = b;
+        return(strcmp((*ap)->ln,(*bp)->ln));
+        }
+
+/* static unsigned long add_hash(ADDED_OBJ *ca) */
+static unsigned long add_hash(const void *ca_void)
+        {
+        const ASN1_OBJECT *a;
+        int i;
+        unsigned long ret=0;
+        unsigned char *p;
+        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
+
+        a=ca->obj;
+        switch (ca->type)
+                {
+        case ADDED_DATA:
+                ret=a->length<<20L;
+                p=(unsigned char *)a->data;
+                for (i=0; i<a->length; i++)
+                        ret^=p[i]<<((i*3)%24);
+                break;
+        case ADDED_SNAME:
+                ret=lh_strhash(a->sn);
+                break;
+        case ADDED_LNAME:
+                ret=lh_strhash(a->ln);
+                break;
+        case ADDED_NID:
+                ret=a->nid;
+                break;
+        default:
+                /* abort(); */
+                return 0;
+                }
+        ret&=0x3fffffffL;
+        ret|=ca->type<<30L;
+        return(ret);
+        }
+
+/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
+static int add_cmp(const void *ca_void, const void *cb_void)
+        {
+        ASN1_OBJECT *a,*b;
+        int i;
+        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
+        ADDED_OBJ *cb = (ADDED_OBJ *)cb_void;
+
+        i=ca->type-cb->type;
+        if (i) return(i);
+        a=ca->obj;
+        b=cb->obj;
+        switch (ca->type)
+                {
+        case ADDED_DATA:
+                i=(a->length - b->length);
+                if (i) return(i);
+                return(memcmp(a->data,b->data,a->length));
+        case ADDED_SNAME:
+                if (a->sn == NULL) return(-1);
+                else if (b->sn == NULL) return(1);
+                else return(strcmp(a->sn,b->sn));
+        case ADDED_LNAME:
+                if (a->ln == NULL) return(-1);
+                else if (b->ln == NULL) return(1);
+                else return(strcmp(a->ln,b->ln));
+        case ADDED_NID:
+                return(a->nid-b->nid);
+        default:
+                /* abort(); */
+                return 0;
+                }
+        }
+
+static int init_added(void)
+        {
+        if (added != NULL) return(1);
+        added=lh_new(add_hash,add_cmp);
+        return(added != NULL);
+        }
+
+static void cleanup1(ADDED_OBJ *a)
+        {
+        a->obj->nid=0;
+        a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
+                        ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+                        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+        }
+
+static void cleanup2(ADDED_OBJ *a)
+        { a->obj->nid++; }
+
+static void cleanup3(ADDED_OBJ *a)
+        {
+        if (--a->obj->nid == 0)
+                ASN1_OBJECT_free(a->obj);
+        OPENSSL_free(a);
+        }
+
+static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
+
+void OBJ_cleanup(void)
+        {
+        if (added == NULL) return;
+        added->down_load=0;
+        lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
+        lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
+        lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
+        lh_free(added);
+        added=NULL;
+        }
+
+int OBJ_new_nid(int num)
+        {
+        int i;
+
+        i=new_nid;
+        new_nid+=num;
+        return(i);
+        }
+
+int OBJ_add_object(const ASN1_OBJECT *obj)
+        {
+        ASN1_OBJECT *o;
+        ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;
+        int i;
+
+        if (added == NULL)
+                if (!init_added()) return(0);
+        if ((o=OBJ_dup(obj)) == NULL) goto err;
+        if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
+        if ((o->length != 0) && (obj->data != NULL))
+                if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
+        if (o->sn != NULL)
+                if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
+        if (o->ln != NULL)
+                if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
+
+        for (i=ADDED_DATA; i<=ADDED_NID; i++)
+                {
+                if (ao[i] != NULL)
+                        {
+                        ao[i]->type=i;
+                        ao[i]->obj=o;
+                        aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
+                        /* memory leak, buit should not normally matter */
+                        if (aop != NULL)
+                                OPENSSL_free(aop);
+                        }
+                }
+        o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
+                        ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+        return(o->nid);
+err2:
+        OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);
+err:
+        for (i=ADDED_DATA; i<=ADDED_NID; i++)
+                if (ao[i] != NULL) OPENSSL_free(ao[i]);
+        if (o != NULL) OPENSSL_free(o);
+        return(NID_undef);
+        }
+
+ASN1_OBJECT *OBJ_nid2obj(int n)
+        {
+        ADDED_OBJ ad,*adp;
+        ASN1_OBJECT ob;
+
+        if ((n >= 0) && (n < NUM_NID))
+                {
+                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                return((ASN1_OBJECT *)&(nid_objs[n]));
+                }
+        else if (added == NULL)
+                return(NULL);
+        else
+                {
+                ad.type=ADDED_NID;
+                ad.obj= &ob;
+                ob.nid=n;
+                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                if (adp != NULL)
+                        return(adp->obj);
+                else
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                }
+        }
+
+const char *OBJ_nid2sn(int n)
+        {
+        ADDED_OBJ ad,*adp;
+        ASN1_OBJECT ob;
+
+        if ((n >= 0) && (n < NUM_NID))
+                {
+                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                return(nid_objs[n].sn);
+                }
+        else if (added == NULL)
+                return(NULL);
+        else
+                {
+                ad.type=ADDED_NID;
+                ad.obj= &ob;
+                ob.nid=n;
+                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                if (adp != NULL)
+                        return(adp->obj->sn);
+                else
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                }
+        }
+
+const char *OBJ_nid2ln(int n)
+        {
+        ADDED_OBJ ad,*adp;
+        ASN1_OBJECT ob;
+
+        if ((n >= 0) && (n < NUM_NID))
+                {
+                if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                return(nid_objs[n].ln);
+                }
+        else if (added == NULL)
+                return(NULL);
+        else
+                {
+                ad.type=ADDED_NID;
+                ad.obj= &ob;
+                ob.nid=n;
+                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                if (adp != NULL)
+                        return(adp->obj->ln);
+                else
+                        {
+                        OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
+                        return(NULL);
+                        }
+                }
+        }
+
+int OBJ_obj2nid(const ASN1_OBJECT *a)
+        {
+        ASN1_OBJECT **op;
+        ADDED_OBJ ad,*adp;
+
+        if (a == NULL)
+                return(NID_undef);
+        if (a->nid != 0)
+                return(a->nid);
+
+        if (added != NULL)
+                {
+                ad.type=ADDED_DATA;
+                ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
+                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                if (adp != NULL) return (adp->obj->nid);
+                }
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
+                sizeof(ASN1_OBJECT *),obj_cmp);
+        if (op == NULL)
+                return(NID_undef);
+        return((*op)->nid);
+        }
+
+/* Convert an object name into an ASN1_OBJECT
+ * if "noname" is not set then search for short and long names first.
+ * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
+ * it can be used with any objects, not just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
+        {
+        int nid = NID_undef;
+        ASN1_OBJECT *op=NULL;
+        unsigned char *buf,*p;
+        int i, j;
+
+        if(!no_name) {
+                if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
+                        ((nid = OBJ_ln2nid(s)) != NID_undef) ) 
+                                        return OBJ_nid2obj(nid);
+        }
+
+        /* Work out size of content octets */
+        i=a2d_ASN1_OBJECT(NULL,0,s,-1);
+        if (i <= 0) {
+                /* Clear the error */
+                ERR_get_error();
+                return NULL;
+        }
+        /* Work out total size */
+        j = ASN1_object_size(0,i,V_ASN1_OBJECT);
+
+        if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;
+
+        p = buf;
+        /* Write out tag+length */
+        ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+        /* Write out contents */
+        a2d_ASN1_OBJECT(p,i,s,-1);
+        
+        p=buf;
+        op=d2i_ASN1_OBJECT(NULL,&p,j);
+        OPENSSL_free(buf);
+        return op;
+        }
+
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+{
+        int i,idx=0,n=0,len,nid;
+        unsigned long l;
+        unsigned char *p;
+        const char *s;
+        char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
+
+        if (buf_len <= 0) return(0);
+
+        if ((a == NULL) || (a->data == NULL)) {
+                buf[0]='\0';
+                return(0);
+        }
+
+        if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
+                len=a->length;
+                p=a->data;
+
+                idx=0;
+                l=0;
+                while (idx < a->length) {
+                        l|=(p[idx]&0x7f);
+                        if (!(p[idx] & 0x80)) break;
+                        l<<=7L;
+                        idx++;
+                }
+                idx++;
+                i=(int)(l/40);
+                if (i > 2) i=2;
+                l-=(long)(i*40);
+
+                BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
+                i=strlen(tbuf);
+                BUF_strlcpy(buf,tbuf,buf_len);
+                buf_len-=i;
+                buf+=i;
+                n+=i;
+
+                l=0;
+                for (; idx<len; idx++) {
+                        l|=p[idx]&0x7f;
+                        if (!(p[idx] & 0x80)) {
+                                BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
+                                i=strlen(tbuf);
+                                if (buf_len > 0)
+                                        BUF_strlcpy(buf,tbuf,buf_len);
+                                buf_len-=i;
+                                buf+=i;
+                                n+=i;
+                                l=0;
+                        }
+                        l<<=7L;
+                }
+        } else {
+                s=OBJ_nid2ln(nid);
+                if (s == NULL)
+                        s=OBJ_nid2sn(nid);
+                BUF_strlcpy(buf,s,buf_len);
+                n=strlen(s);
+        }
+        return(n);
+}
+
+int OBJ_txt2nid(const char *s)
+{
+        ASN1_OBJECT *obj;
+        int nid;
+        obj = OBJ_txt2obj(s, 0);
+        nid = OBJ_obj2nid(obj);
+        ASN1_OBJECT_free(obj);
+        return nid;
+}
+
+int OBJ_ln2nid(const char *s)
+        {
+        ASN1_OBJECT o,*oo= &o,**op;
+        ADDED_OBJ ad,*adp;
+
+        o.ln=s;
+        if (added != NULL)
+                {
+                ad.type=ADDED_LNAME;
+                ad.obj= &o;
+                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                if (adp != NULL) return (adp->obj->nid);
+                }
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
+                sizeof(ASN1_OBJECT *),ln_cmp);
+        if (op == NULL) return(NID_undef);
+        return((*op)->nid);
+        }
+
+int OBJ_sn2nid(const char *s)
+        {
+        ASN1_OBJECT o,*oo= &o,**op;
+        ADDED_OBJ ad,*adp;
+
+        o.sn=s;
+        if (added != NULL)
+                {
+                ad.type=ADDED_SNAME;
+                ad.obj= &o;
+                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
+                if (adp != NULL) return (adp->obj->nid);
+                }
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
+                sizeof(ASN1_OBJECT *),sn_cmp);
+        if (op == NULL) return(NID_undef);
+        return((*op)->nid);
+        }
+
+static int obj_cmp(const void *ap, const void *bp)
+        {
+        int j;
+        ASN1_OBJECT *a= *(ASN1_OBJECT **)ap;
+        ASN1_OBJECT *b= *(ASN1_OBJECT **)bp;
+
+        j=(a->length - b->length);
+        if (j) return(j);
+        return(memcmp(a->data,b->data,a->length));
+        }
+
+const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
+        int (*cmp)(const void *, const void *))
+        {
+        int l,h,i,c;
+        const char *p;
+
+        if (num == 0) return(NULL);
+        l=0;
+        h=num;
+        while (l < h)
+                {
+                i=(l+h)/2;
+                p= &(base[i*size]);
+                c=(*cmp)(key,p);
+                if (c < 0)
+                        h=i;
+                else if (c > 0)
+                        l=i+1;
+                else
+                        return(p);
+                }
+#ifdef CHARSET_EBCDIC
+/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
+ * I don't have perl (yet), we revert to a *LINEAR* search
+ * when the object wasn't found in the binary search.
+ */
+        for (i=0; i<num; ++i) {
+                p= &(base[i*size]);
+                if ((*cmp)(key,p) == 0)
+                        return p;
+        }
+#endif
+        return(NULL);
+        }
+
+int OBJ_create_objects(BIO *in)
+        {
+        MS_STATIC char buf[512];
+        int i,num=0;
+        char *o,*s,*l=NULL;
+
+        for (;;)
+                {
+                s=o=NULL;
+                i=BIO_gets(in,buf,512);
+                if (i <= 0) return(num);
+                buf[i-1]='\0';
+                if (!isalnum((unsigned char)buf[0])) return(num);
+                o=s=buf;
+                while (isdigit((unsigned char)*s) || (*s == '.'))
+                        s++;
+                if (*s != '\0')
+                        {
+                        *(s++)='\0';
+                        while (isspace((unsigned char)*s))
+                                s++;
+                        if (*s == '\0')
+                                s=NULL;
+                        else
+                                {
+                                l=s;
+                                while ((*l != '\0') && !isspace((unsigned char)*l))
+                                        l++;
+                                if (*l != '\0')
+                                        {
+                                        *(l++)='\0';
+                                        while (isspace((unsigned char)*l))
+                                                l++;
+                                        if (*l == '\0') l=NULL;
+                                        }
+                                else
+                                        l=NULL;
+                                }
+                        }
+                else
+                        s=NULL;
+                if ((o == NULL) || (*o == '\0')) return(num);
+                if (!OBJ_create(o,s,l)) return(num);
+                num++;
+                }
+        /* return(num); */
+        }
+
+int OBJ_create(const char *oid, const char *sn, const char *ln)
+        {
+        int ok=0;
+        ASN1_OBJECT *op=NULL;
+        unsigned char *buf;
+        int i;
+
+        i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
+        if (i <= 0) return(0);
+
+        if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
+                {
+                OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        i=a2d_ASN1_OBJECT(buf,i,oid,-1);
+        if (i == 0)
+                goto err;
+        op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
+        if (op == NULL) 
+                goto err;
+        ok=OBJ_add_object(op);
+err:
+        ASN1_OBJECT_free(op);
+        OPENSSL_free(buf);
+        return(ok);
+        }
+
diff --git a/src/lib/libcrypto/objects/obj_dat.h b/src/lib/libcrypto/objects/obj_dat.h
deleted file mode 100644
index cc22152682..0000000000
--- a/src/lib/libcrypto/objects/obj_dat.h
+++ /dev/null
@@ -1,3762 +0,0 @@
-/* crypto/objects/obj_dat.h */
-
-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl obj_mac.h obj_dat.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define NUM_NID 676
-#define NUM_SN 669
-#define NUM_LN 669
-#define NUM_OBJ 633
-
-static unsigned char lvalues[4575]={
-0x00,                                        /* [  0] OBJ_undef */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 14] OBJ_md2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 22] OBJ_md5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 30] OBJ_rc4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 38] OBJ_rsaEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 47] OBJ_md2WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 56] OBJ_md5WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 65] OBJ_pbeWithMD2AndDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 74] OBJ_pbeWithMD5AndDES_CBC */
-0x55,                                        /* [ 83] OBJ_X500 */
-0x55,0x04,                                   /* [ 84] OBJ_X509 */
-0x55,0x04,0x03,                              /* [ 86] OBJ_commonName */
-0x55,0x04,0x06,                              /* [ 89] OBJ_countryName */
-0x55,0x04,0x07,                              /* [ 92] OBJ_localityName */
-0x55,0x04,0x08,                              /* [ 95] OBJ_stateOrProvinceName */
-0x55,0x04,0x0A,                              /* [ 98] OBJ_organizationName */
-0x55,0x04,0x0B,                              /* [101] OBJ_organizationalUnitName */
-0x55,0x08,0x01,0x01,                         /* [104] OBJ_rsa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [108] OBJ_pkcs7 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [116] OBJ_pkcs7_data */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [125] OBJ_pkcs7_signed */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [134] OBJ_pkcs7_enveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [143] OBJ_pkcs7_signedAndEnveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [152] OBJ_pkcs7_digest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [161] OBJ_pkcs7_encrypted */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [170] OBJ_pkcs3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [178] OBJ_dhKeyAgreement */
-0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
-0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
-0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */
-0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
-0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
-0x2B,0x0E,0x03,0x02,0x0F,                    /* [231] OBJ_shaWithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [236] OBJ_des_ede3_cbc */
-0x2B,0x0E,0x03,0x02,0x08,                    /* [244] OBJ_des_ofb64 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [249] OBJ_pkcs9 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [257] OBJ_pkcs9_emailAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [266] OBJ_pkcs9_unstructuredName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [275] OBJ_pkcs9_contentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [284] OBJ_pkcs9_messageDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [293] OBJ_pkcs9_signingTime */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [302] OBJ_pkcs9_countersignature */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [311] OBJ_pkcs9_challengePassword */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [320] OBJ_pkcs9_unstructuredAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [329] OBJ_pkcs9_extCertAttributes */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [338] OBJ_netscape */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [345] OBJ_netscape_cert_extension */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [353] OBJ_netscape_data_type */
-0x2B,0x0E,0x03,0x02,0x1A,                    /* [361] OBJ_sha1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [366] OBJ_sha1WithRSAEncryption */
-0x2B,0x0E,0x03,0x02,0x0D,                    /* [375] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [380] OBJ_dsa_2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [385] OBJ_pbeWithSHA1AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [394] OBJ_id_pbkdf2 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [403] OBJ_dsaWithSHA1_2 */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [408] OBJ_netscape_cert_type */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [417] OBJ_netscape_base_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [426] OBJ_netscape_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [435] OBJ_netscape_ca_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [444] OBJ_netscape_renewal_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [453] OBJ_netscape_ca_policy_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [462] OBJ_netscape_ssl_server_name */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [471] OBJ_netscape_comment */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [480] OBJ_netscape_cert_sequence */
-0x55,0x1D,                                   /* [489] OBJ_id_ce */
-0x55,0x1D,0x0E,                              /* [491] OBJ_subject_key_identifier */
-0x55,0x1D,0x0F,                              /* [494] OBJ_key_usage */
-0x55,0x1D,0x10,                              /* [497] OBJ_private_key_usage_period */
-0x55,0x1D,0x11,                              /* [500] OBJ_subject_alt_name */
-0x55,0x1D,0x12,                              /* [503] OBJ_issuer_alt_name */
-0x55,0x1D,0x13,                              /* [506] OBJ_basic_constraints */
-0x55,0x1D,0x14,                              /* [509] OBJ_crl_number */
-0x55,0x1D,0x20,                              /* [512] OBJ_certificate_policies */
-0x55,0x1D,0x23,                              /* [515] OBJ_authority_key_identifier */
-0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [518] OBJ_bf_cbc */
-0x55,0x08,0x03,0x65,                         /* [527] OBJ_mdc2 */
-0x55,0x08,0x03,0x64,                         /* [531] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A,                              /* [535] OBJ_givenName */
-0x55,0x04,0x04,                              /* [538] OBJ_surname */
-0x55,0x04,0x2B,                              /* [541] OBJ_initials */
-0x55,0x1D,0x1F,                              /* [544] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [547] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [552] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [555] OBJ_title */
-0x55,0x04,0x0D,                              /* [558] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [579] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [586] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [591] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [598] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [603] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [609] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A,0x01,               /* [617] OBJ_rle_compression */
-0x29,0x01,0x01,0x85,0x1A,0x02,               /* [623] OBJ_zlib_compression */
-0x55,0x1D,0x25,                              /* [629] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [632] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [638] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [645] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [653] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [661] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [669] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [677] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */
-0x55,0x1D,0x1B,                              /* [744] OBJ_delta_crl */
-0x55,0x1D,0x15,                              /* [747] OBJ_crl_reason */
-0x55,0x1D,0x18,                              /* [750] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01,                    /* [753] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [950] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [958] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [966] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */
-0x55,0x04,0x29,                              /* [1029] OBJ_name */
-0x55,0x04,0x2E,                              /* [1032] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1035] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1042] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1049] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1057] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1065] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1073] OBJ_OCSP_sign */
-0x28,                                        /* [1081] OBJ_iso */
-0x2A,                                        /* [1082] OBJ_member_body */
-0x2A,0x86,0x48,                              /* [1083] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38,                    /* [1086] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1091] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1097] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1105] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1863] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1871] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1878] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1885] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1892] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1899] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1906] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1913] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1920] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1927] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1934] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1941] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1948] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1956] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1964] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1972] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1980] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1988] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1996] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2004] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2012] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2020] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2028] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2036] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2044] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2052] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2060] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2068] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2076] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2084] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbgp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbgp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbgp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2164] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2172] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2180] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2188] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2196] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2204] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2212] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2220] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2228] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2236] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2244] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2252] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2260] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2268] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2276] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2284] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2292] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2300] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2308] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2388] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2396] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2412] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2420] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2428] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2436] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2444] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2452] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2460] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2468] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2476] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2484] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2492] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2500] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2508] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2516] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2524] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2532] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2540] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2548] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2556] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2564] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2572] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2580] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2588] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2596] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2604] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2612] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2620] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2628] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2636] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2644] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2652] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2660] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2676] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2684] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2692] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2700] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2708] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2815] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2819] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2824] OBJ_X500algorithms */
-0x2B,                                        /* [2826] OBJ_org */
-0x2B,0x06,                                   /* [2827] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2829] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2832] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2836] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2840] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2844] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2848] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2852] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2856] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2860] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */
-0x50,                                        /* [2894] OBJ_joint_iso_ccitt */
-0x55,0x01,0x05,                              /* [2895] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2898] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2911] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2919] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2927] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2935] OBJ_role */
-0x55,0x1D,0x24,                              /* [2938] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2941] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2944] OBJ_no_rev_avail */
-0x00,                                        /* [2947] OBJ_ccitt */
-0x2A,0x86,0x48,0xCE,0x3D,                    /* [2948] OBJ_ansi_X9_62 */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2953] OBJ_X9_62_prime_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2960] OBJ_X9_62_characteristic_two_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2967] OBJ_X9_62_id_ecPublicKey */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2974] OBJ_X9_62_prime192v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2982] OBJ_X9_62_prime192v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2990] OBJ_X9_62_prime192v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2998] OBJ_X9_62_prime239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3006] OBJ_X9_62_prime239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3014] OBJ_X9_62_prime239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3022] OBJ_X9_62_prime256v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3030] OBJ_ecdsa_with_SHA1 */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */
-0x55,0x1D,0x17,                              /* [3154] OBJ_hold_instruction_code */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3157] OBJ_hold_instruction_none */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3164] OBJ_hold_instruction_call_issuer */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3171] OBJ_hold_instruction_reject */
-0x09,                                        /* [3178] OBJ_data */
-0x09,0x92,0x26,                              /* [3179] OBJ_pss */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3182] OBJ_ucl */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3189] OBJ_pilot */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */
-0x55,0x04,0x2D,                              /* [3843] OBJ_x500UniqueIdentifier */
-0x2B,0x06,0x01,0x07,0x01,                    /* [3846] OBJ_mime_mhs */
-0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3851] OBJ_mime_mhs_headings */
-0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3857] OBJ_mime_mhs_bodies */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3863] OBJ_id_hex_partial_message */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3870] OBJ_id_hex_multipart_message */
-0x55,0x04,0x2C,                              /* [3877] OBJ_generationQualifier */
-0x55,0x04,0x41,                              /* [3880] OBJ_pseudonym */
-0x67,0x2A,                                   /* [3883] OBJ_id_set */
-0x67,0x2A,0x00,                              /* [3885] OBJ_set_ctype */
-0x67,0x2A,0x01,                              /* [3888] OBJ_set_msgExt */
-0x67,0x2A,0x03,                              /* [3891] OBJ_set_attr */
-0x67,0x2A,0x05,                              /* [3894] OBJ_set_policy */
-0x67,0x2A,0x07,                              /* [3897] OBJ_set_certExt */
-0x67,0x2A,0x08,                              /* [3900] OBJ_set_brand */
-0x67,0x2A,0x00,0x00,                         /* [3903] OBJ_setct_PANData */
-0x67,0x2A,0x00,0x01,                         /* [3907] OBJ_setct_PANToken */
-0x67,0x2A,0x00,0x02,                         /* [3911] OBJ_setct_PANOnly */
-0x67,0x2A,0x00,0x03,                         /* [3915] OBJ_setct_OIData */
-0x67,0x2A,0x00,0x04,                         /* [3919] OBJ_setct_PI */
-0x67,0x2A,0x00,0x05,                         /* [3923] OBJ_setct_PIData */
-0x67,0x2A,0x00,0x06,                         /* [3927] OBJ_setct_PIDataUnsigned */
-0x67,0x2A,0x00,0x07,                         /* [3931] OBJ_setct_HODInput */
-0x67,0x2A,0x00,0x08,                         /* [3935] OBJ_setct_AuthResBaggage */
-0x67,0x2A,0x00,0x09,                         /* [3939] OBJ_setct_AuthRevReqBaggage */
-0x67,0x2A,0x00,0x0A,                         /* [3943] OBJ_setct_AuthRevResBaggage */
-0x67,0x2A,0x00,0x0B,                         /* [3947] OBJ_setct_CapTokenSeq */
-0x67,0x2A,0x00,0x0C,                         /* [3951] OBJ_setct_PInitResData */
-0x67,0x2A,0x00,0x0D,                         /* [3955] OBJ_setct_PI_TBS */
-0x67,0x2A,0x00,0x0E,                         /* [3959] OBJ_setct_PResData */
-0x67,0x2A,0x00,0x10,                         /* [3963] OBJ_setct_AuthReqTBS */
-0x67,0x2A,0x00,0x11,                         /* [3967] OBJ_setct_AuthResTBS */
-0x67,0x2A,0x00,0x12,                         /* [3971] OBJ_setct_AuthResTBSX */
-0x67,0x2A,0x00,0x13,                         /* [3975] OBJ_setct_AuthTokenTBS */
-0x67,0x2A,0x00,0x14,                         /* [3979] OBJ_setct_CapTokenData */
-0x67,0x2A,0x00,0x15,                         /* [3983] OBJ_setct_CapTokenTBS */
-0x67,0x2A,0x00,0x16,                         /* [3987] OBJ_setct_AcqCardCodeMsg */
-0x67,0x2A,0x00,0x17,                         /* [3991] OBJ_setct_AuthRevReqTBS */
-0x67,0x2A,0x00,0x18,                         /* [3995] OBJ_setct_AuthRevResData */
-0x67,0x2A,0x00,0x19,                         /* [3999] OBJ_setct_AuthRevResTBS */
-0x67,0x2A,0x00,0x1A,                         /* [4003] OBJ_setct_CapReqTBS */
-0x67,0x2A,0x00,0x1B,                         /* [4007] OBJ_setct_CapReqTBSX */
-0x67,0x2A,0x00,0x1C,                         /* [4011] OBJ_setct_CapResData */
-0x67,0x2A,0x00,0x1D,                         /* [4015] OBJ_setct_CapRevReqTBS */
-0x67,0x2A,0x00,0x1E,                         /* [4019] OBJ_setct_CapRevReqTBSX */
-0x67,0x2A,0x00,0x1F,                         /* [4023] OBJ_setct_CapRevResData */
-0x67,0x2A,0x00,0x20,                         /* [4027] OBJ_setct_CredReqTBS */
-0x67,0x2A,0x00,0x21,                         /* [4031] OBJ_setct_CredReqTBSX */
-0x67,0x2A,0x00,0x22,                         /* [4035] OBJ_setct_CredResData */
-0x67,0x2A,0x00,0x23,                         /* [4039] OBJ_setct_CredRevReqTBS */
-0x67,0x2A,0x00,0x24,                         /* [4043] OBJ_setct_CredRevReqTBSX */
-0x67,0x2A,0x00,0x25,                         /* [4047] OBJ_setct_CredRevResData */
-0x67,0x2A,0x00,0x26,                         /* [4051] OBJ_setct_PCertReqData */
-0x67,0x2A,0x00,0x27,                         /* [4055] OBJ_setct_PCertResTBS */
-0x67,0x2A,0x00,0x28,                         /* [4059] OBJ_setct_BatchAdminReqData */
-0x67,0x2A,0x00,0x29,                         /* [4063] OBJ_setct_BatchAdminResData */
-0x67,0x2A,0x00,0x2A,                         /* [4067] OBJ_setct_CardCInitResTBS */
-0x67,0x2A,0x00,0x2B,                         /* [4071] OBJ_setct_MeAqCInitResTBS */
-0x67,0x2A,0x00,0x2C,                         /* [4075] OBJ_setct_RegFormResTBS */
-0x67,0x2A,0x00,0x2D,                         /* [4079] OBJ_setct_CertReqData */
-0x67,0x2A,0x00,0x2E,                         /* [4083] OBJ_setct_CertReqTBS */
-0x67,0x2A,0x00,0x2F,                         /* [4087] OBJ_setct_CertResData */
-0x67,0x2A,0x00,0x30,                         /* [4091] OBJ_setct_CertInqReqTBS */
-0x67,0x2A,0x00,0x31,                         /* [4095] OBJ_setct_ErrorTBS */
-0x67,0x2A,0x00,0x32,                         /* [4099] OBJ_setct_PIDualSignedTBE */
-0x67,0x2A,0x00,0x33,                         /* [4103] OBJ_setct_PIUnsignedTBE */
-0x67,0x2A,0x00,0x34,                         /* [4107] OBJ_setct_AuthReqTBE */
-0x67,0x2A,0x00,0x35,                         /* [4111] OBJ_setct_AuthResTBE */
-0x67,0x2A,0x00,0x36,                         /* [4115] OBJ_setct_AuthResTBEX */
-0x67,0x2A,0x00,0x37,                         /* [4119] OBJ_setct_AuthTokenTBE */
-0x67,0x2A,0x00,0x38,                         /* [4123] OBJ_setct_CapTokenTBE */
-0x67,0x2A,0x00,0x39,                         /* [4127] OBJ_setct_CapTokenTBEX */
-0x67,0x2A,0x00,0x3A,                         /* [4131] OBJ_setct_AcqCardCodeMsgTBE */
-0x67,0x2A,0x00,0x3B,                         /* [4135] OBJ_setct_AuthRevReqTBE */
-0x67,0x2A,0x00,0x3C,                         /* [4139] OBJ_setct_AuthRevResTBE */
-0x67,0x2A,0x00,0x3D,                         /* [4143] OBJ_setct_AuthRevResTBEB */
-0x67,0x2A,0x00,0x3E,                         /* [4147] OBJ_setct_CapReqTBE */
-0x67,0x2A,0x00,0x3F,                         /* [4151] OBJ_setct_CapReqTBEX */
-0x67,0x2A,0x00,0x40,                         /* [4155] OBJ_setct_CapResTBE */
-0x67,0x2A,0x00,0x41,                         /* [4159] OBJ_setct_CapRevReqTBE */
-0x67,0x2A,0x00,0x42,                         /* [4163] OBJ_setct_CapRevReqTBEX */
-0x67,0x2A,0x00,0x43,                         /* [4167] OBJ_setct_CapRevResTBE */
-0x67,0x2A,0x00,0x44,                         /* [4171] OBJ_setct_CredReqTBE */
-0x67,0x2A,0x00,0x45,                         /* [4175] OBJ_setct_CredReqTBEX */
-0x67,0x2A,0x00,0x46,                         /* [4179] OBJ_setct_CredResTBE */
-0x67,0x2A,0x00,0x47,                         /* [4183] OBJ_setct_CredRevReqTBE */
-0x67,0x2A,0x00,0x48,                         /* [4187] OBJ_setct_CredRevReqTBEX */
-0x67,0x2A,0x00,0x49,                         /* [4191] OBJ_setct_CredRevResTBE */
-0x67,0x2A,0x00,0x4A,                         /* [4195] OBJ_setct_BatchAdminReqTBE */
-0x67,0x2A,0x00,0x4B,                         /* [4199] OBJ_setct_BatchAdminResTBE */
-0x67,0x2A,0x00,0x4C,                         /* [4203] OBJ_setct_RegFormReqTBE */
-0x67,0x2A,0x00,0x4D,                         /* [4207] OBJ_setct_CertReqTBE */
-0x67,0x2A,0x00,0x4E,                         /* [4211] OBJ_setct_CertReqTBEX */
-0x67,0x2A,0x00,0x4F,                         /* [4215] OBJ_setct_CertResTBE */
-0x67,0x2A,0x00,0x50,                         /* [4219] OBJ_setct_CRLNotificationTBS */
-0x67,0x2A,0x00,0x51,                         /* [4223] OBJ_setct_CRLNotificationResTBS */
-0x67,0x2A,0x00,0x52,                         /* [4227] OBJ_setct_BCIDistributionTBS */
-0x67,0x2A,0x01,0x01,                         /* [4231] OBJ_setext_genCrypt */
-0x67,0x2A,0x01,0x03,                         /* [4235] OBJ_setext_miAuth */
-0x67,0x2A,0x01,0x04,                         /* [4239] OBJ_setext_pinSecure */
-0x67,0x2A,0x01,0x05,                         /* [4243] OBJ_setext_pinAny */
-0x67,0x2A,0x01,0x07,                         /* [4247] OBJ_setext_track2 */
-0x67,0x2A,0x01,0x08,                         /* [4251] OBJ_setext_cv */
-0x67,0x2A,0x05,0x00,                         /* [4255] OBJ_set_policy_root */
-0x67,0x2A,0x07,0x00,                         /* [4259] OBJ_setCext_hashedRoot */
-0x67,0x2A,0x07,0x01,                         /* [4263] OBJ_setCext_certType */
-0x67,0x2A,0x07,0x02,                         /* [4267] OBJ_setCext_merchData */
-0x67,0x2A,0x07,0x03,                         /* [4271] OBJ_setCext_cCertRequired */
-0x67,0x2A,0x07,0x04,                         /* [4275] OBJ_setCext_tunneling */
-0x67,0x2A,0x07,0x05,                         /* [4279] OBJ_setCext_setExt */
-0x67,0x2A,0x07,0x06,                         /* [4283] OBJ_setCext_setQualf */
-0x67,0x2A,0x07,0x07,                         /* [4287] OBJ_setCext_PGWYcapabilities */
-0x67,0x2A,0x07,0x08,                         /* [4291] OBJ_setCext_TokenIdentifier */
-0x67,0x2A,0x07,0x09,                         /* [4295] OBJ_setCext_Track2Data */
-0x67,0x2A,0x07,0x0A,                         /* [4299] OBJ_setCext_TokenType */
-0x67,0x2A,0x07,0x0B,                         /* [4303] OBJ_setCext_IssuerCapabilities */
-0x67,0x2A,0x03,0x00,                         /* [4307] OBJ_setAttr_Cert */
-0x67,0x2A,0x03,0x01,                         /* [4311] OBJ_setAttr_PGWYcap */
-0x67,0x2A,0x03,0x02,                         /* [4315] OBJ_setAttr_TokenType */
-0x67,0x2A,0x03,0x03,                         /* [4319] OBJ_setAttr_IssCap */
-0x67,0x2A,0x03,0x00,0x00,                    /* [4323] OBJ_set_rootKeyThumb */
-0x67,0x2A,0x03,0x00,0x01,                    /* [4328] OBJ_set_addPolicy */
-0x67,0x2A,0x03,0x02,0x01,                    /* [4333] OBJ_setAttr_Token_EMV */
-0x67,0x2A,0x03,0x02,0x02,                    /* [4338] OBJ_setAttr_Token_B0Prime */
-0x67,0x2A,0x03,0x03,0x03,                    /* [4343] OBJ_setAttr_IssCap_CVM */
-0x67,0x2A,0x03,0x03,0x04,                    /* [4348] OBJ_setAttr_IssCap_T2 */
-0x67,0x2A,0x03,0x03,0x05,                    /* [4353] OBJ_setAttr_IssCap_Sig */
-0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4358] OBJ_setAttr_GenCryptgrm */
-0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4364] OBJ_setAttr_T2Enc */
-0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4370] OBJ_setAttr_T2cleartxt */
-0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4376] OBJ_setAttr_TokICCsig */
-0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4382] OBJ_setAttr_SecDevSig */
-0x67,0x2A,0x08,0x01,                         /* [4388] OBJ_set_brand_IATA_ATA */
-0x67,0x2A,0x08,0x1E,                         /* [4392] OBJ_set_brand_Diners */
-0x67,0x2A,0x08,0x22,                         /* [4396] OBJ_set_brand_AmericanExpress */
-0x67,0x2A,0x08,0x23,                         /* [4400] OBJ_set_brand_JCB */
-0x67,0x2A,0x08,0x04,                         /* [4404] OBJ_set_brand_Visa */
-0x67,0x2A,0x08,0x05,                         /* [4408] OBJ_set_brand_MasterCard */
-0x67,0x2A,0x08,0xAE,0x7B,                    /* [4412] OBJ_set_brand_Novus */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4417] OBJ_des_cdmf */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4434] OBJ_ms_smartcard_login */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4444] OBJ_ms_upn */
-0x55,0x04,0x09,                              /* [4454] OBJ_streetAddress */
-0x55,0x04,0x11,                              /* [4457] OBJ_postalCode */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4460] OBJ_id_ppl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4467] OBJ_proxyCertInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4475] OBJ_id_ppl_anyLanguage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4483] OBJ_id_ppl_inheritAll */
-0x55,0x1D,0x1E,                              /* [4491] OBJ_name_constraints */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4494] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4502] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4511] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4520] OBJ_sha512WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4529] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4538] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4547] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4556] OBJ_sha512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4565] OBJ_sha224 */
-};
-
-static ASN1_OBJECT nid_objs[NUM_NID]={
-{"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},
-{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},
-{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},
-{"MD2","md2",NID_md2,8,&(lvalues[14]),0},
-{"MD5","md5",NID_md5,8,&(lvalues[22]),0},
-{"RC4","rc4",NID_rc4,8,&(lvalues[30]),0},
-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[38]),0},
-{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
-        &(lvalues[47]),0},
-{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
-        &(lvalues[56]),0},
-{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
-        &(lvalues[65]),0},
-{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
-        &(lvalues[74]),0},
-{"X500","directory services (X.500)",NID_X500,1,&(lvalues[83]),0},
-{"X509","X509",NID_X509,2,&(lvalues[84]),0},
-{"CN","commonName",NID_commonName,3,&(lvalues[86]),0},
-{"C","countryName",NID_countryName,3,&(lvalues[89]),0},
-{"L","localityName",NID_localityName,3,&(lvalues[92]),0},
-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[95]),0},
-{"O","organizationName",NID_organizationName,3,&(lvalues[98]),0},
-{"OU","organizationalUnitName",NID_organizationalUnitName,3,
-        &(lvalues[101]),0},
-{"RSA","rsa",NID_rsa,4,&(lvalues[104]),0},
-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[108]),0},
-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[116]),0},
-{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
-        &(lvalues[125]),0},
-{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
-        &(lvalues[134]),0},
-{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
-        NID_pkcs7_signedAndEnveloped,9,&(lvalues[143]),0},
-{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
-        &(lvalues[152]),0},
-{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
-        &(lvalues[161]),0},
-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[170]),0},
-{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
-        &(lvalues[178]),0},
-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
-{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL},
-{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
-{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
-{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0},
-{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
-{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
-{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
-{"SHA","sha",NID_sha,5,&(lvalues[226]),0},
-{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-        &(lvalues[231]),0},
-{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0},
-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},
-{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},
-{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
-        &(lvalues[257]),0},
-{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-        &(lvalues[266]),0},
-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0},
-{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-        &(lvalues[284]),0},
-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[293]),0},
-{"countersignature","countersignature",NID_pkcs9_countersignature,9,
-        &(lvalues[302]),0},
-{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-        9,&(lvalues[311]),0},
-{"unstructuredAddress","unstructuredAddress",
-        NID_pkcs9_unstructuredAddress,9,&(lvalues[320]),0},
-{"extendedCertificateAttributes","extendedCertificateAttributes",
-        NID_pkcs9_extCertAttributes,9,&(lvalues[329]),0},
-{"Netscape","Netscape Communications Corp.",NID_netscape,7,
-        &(lvalues[338]),0},
-{"nsCertExt","Netscape Certificate Extension",
-        NID_netscape_cert_extension,8,&(lvalues[345]),0},
-{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-        &(lvalues[353]),0},
-{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
-{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
-{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
-{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
-{"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0},
-{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-        &(lvalues[366]),0},
-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[375]),0},
-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[380]),0},
-{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
-        9,&(lvalues[385]),0},
-{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[394]),0},
-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[403]),0},
-{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-        &(lvalues[408]),0},
-{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-        &(lvalues[417]),0},
-{"nsRevocationUrl","Netscape Revocation Url",
-        NID_netscape_revocation_url,9,&(lvalues[426]),0},
-{"nsCaRevocationUrl","Netscape CA Revocation Url",
-        NID_netscape_ca_revocation_url,9,&(lvalues[435]),0},
-{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-        &(lvalues[444]),0},
-{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-        9,&(lvalues[453]),0},
-{"nsSslServerName","Netscape SSL Server Name",
-        NID_netscape_ssl_server_name,9,&(lvalues[462]),0},
-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0},
-{"nsCertSequence","Netscape Certificate Sequence",
-        NID_netscape_cert_sequence,9,&(lvalues[480]),0},
-{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
-{"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0},
-{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-        NID_subject_key_identifier,3,&(lvalues[491]),0},
-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[494]),0},
-{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-        NID_private_key_usage_period,3,&(lvalues[497]),0},
-{"subjectAltName","X509v3 Subject Alternative Name",
-        NID_subject_alt_name,3,&(lvalues[500]),0},
-{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-        3,&(lvalues[503]),0},
-{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-        3,&(lvalues[506]),0},
-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[509]),0},
-{"certificatePolicies","X509v3 Certificate Policies",
-        NID_certificate_policies,3,&(lvalues[512]),0},
-{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-        NID_authority_key_identifier,3,&(lvalues[515]),0},
-{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0},
-{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
-{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
-{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0},
-{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},
-{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
-{"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
-{"SN","surname",NID_surname,3,&(lvalues[538]),0},
-{"initials","initials",NID_initials,3,&(lvalues[541]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"crlDistributionPoints","X509v3 CRL Distribution Points",
-        NID_crl_distribution_points,3,&(lvalues[544]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0},
-{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0},
-{"title","title",NID_title,3,&(lvalues[555]),0},
-{"description","description",NID_description,3,&(lvalues[558]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0},
-{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
-{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
-{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
-{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-        NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0},
-{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-        &(lvalues[603]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0},
-{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
-{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
-{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},
-{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-        &(lvalues[629]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0},
-{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-        &(lvalues[645]),0},
-{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-        &(lvalues[653]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0},
-{"emailProtection","E-mail Protection",NID_email_protect,8,
-        &(lvalues[669]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0},
-{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-        &(lvalues[685]),0},
-{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-        &(lvalues[695]),0},
-{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-        &(lvalues[705]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0},
-{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-        &(lvalues[725]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0},
-{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-        &(lvalues[744]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0},
-{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-        &(lvalues[750]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0},
-{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-        NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0},
-{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-        NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0},
-{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-        NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0},
-{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-        NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0},
-{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-        NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0},
-{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-        NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0},
-{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-        11,&(lvalues[829]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0},
-{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-        &(lvalues[873]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0},
-{"x509Certificate","x509Certificate",NID_x509Certificate,10,
-        &(lvalues[902]),0},
-{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-        &(lvalues[912]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},
-{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-        &(lvalues[966]),0},
-{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
-{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-        &(lvalues[974]),0},
-{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-        &(lvalues[983]),0},
-{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-        &(lvalues[992]),0},
-{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-        &(lvalues[1001]),0},
-{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-        &(lvalues[1010]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0},
-{"name","name",NID_name,3,&(lvalues[1029]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0},
-{"authorityInfoAccess","Authority Information Access",NID_info_access,
-        8,&(lvalues[1049]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0},
-{"ISO","iso",NID_iso,1,&(lvalues[1081]),0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0},
-{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-        &(lvalues[1192]),0},
-{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-        &(lvalues[1203]),0},
-{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-        &(lvalues[1214]),0},
-{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-        11,&(lvalues[1225]),0},
-{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-        NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0},
-{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-        NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0},
-{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-        NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0},
-{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-        NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0},
-{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-        11,&(lvalues[1280]),0},
-{"id-smime-ct-authData","id-smime-ct-authData",
-        NID_id_smime_ct_authData,11,&(lvalues[1291]),0},
-{"id-smime-ct-publishCert","id-smime-ct-publishCert",
-        NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0},
-{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-        11,&(lvalues[1313]),0},
-{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-        11,&(lvalues[1324]),0},
-{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-        NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0},
-{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-        NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0},
-{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-        NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0},
-{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-        NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0},
-{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-        NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0},
-{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-        NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0},
-{"id-smime-aa-contentHint","id-smime-aa-contentHint",
-        NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0},
-{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-        NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0},
-{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-        NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0},
-{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-        NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0},
-{"id-smime-aa-macValue","id-smime-aa-macValue",
-        NID_id_smime_aa_macValue,11,&(lvalues[1445]),0},
-{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-        NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0},
-{"id-smime-aa-contentReference","id-smime-aa-contentReference",
-        NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0},
-{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-        NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0},
-{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-        NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0},
-{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-        NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0},
-{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-        NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0},
-{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-        NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0},
-{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-        NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0},
-{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-        NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0},
-{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-        NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0},
-{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-        NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0},
-{"id-smime-aa-ets-contentTimestamp",
-        "id-smime-aa-ets-contentTimestamp",
-        NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0},
-{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-        NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0},
-{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-        NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0},
-{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-        NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0},
-{"id-smime-aa-ets-revocationValues",
-        "id-smime-aa-ets-revocationValues",
-        NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0},
-{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-        NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0},
-{"id-smime-aa-ets-certCRLTimestamp",
-        "id-smime-aa-ets-certCRLTimestamp",
-        NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0},
-{"id-smime-aa-ets-archiveTimeStamp",
-        "id-smime-aa-ets-archiveTimeStamp",
-        NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0},
-{"id-smime-aa-signatureType","id-smime-aa-signatureType",
-        NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0},
-{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-        NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0},
-{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-        NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0},
-{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-        NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0},
-{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-        NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0},
-{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-        NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0},
-{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-        &(lvalues[1731]),0},
-{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-        NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0},
-{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-        NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0},
-{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-        &(lvalues[1764]),0},
-{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-        NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0},
-{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-        NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0},
-{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-        NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0},
-{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-        NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0},
-{"id-smime-cti-ets-proofOfDelivery",
-        "id-smime-cti-ets-proofOfDelivery",
-        NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0},
-{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-        NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0},
-{"id-smime-cti-ets-proofOfApproval",
-        "id-smime-cti-ets-proofOfApproval",
-        NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0},
-{"id-smime-cti-ets-proofOfCreation",
-        "id-smime-cti-ets-proofOfCreation",
-        NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1863]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0},
-{"id-pkix1-explicit-88","id-pkix1-explicit-88",
-        NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0},
-{"id-pkix1-implicit-88","id-pkix1-implicit-88",
-        NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0},
-{"id-pkix1-explicit-93","id-pkix1-explicit-93",
-        NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0},
-{"id-pkix1-implicit-93","id-pkix1-implicit-93",
-        NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0},
-{"id-mod-kea-profile-88","id-mod-kea-profile-88",
-        NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0},
-{"id-mod-kea-profile-93","id-mod-kea-profile-93",
-        NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0},
-{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-        NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0},
-{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-        NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0},
-{"id-mod-attribute-cert","id-mod-attribute-cert",
-        NID_id_mod_attribute_cert,8,&(lvalues[2036]),0},
-{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-        NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0},
-{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-        &(lvalues[2068]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0},
-{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-        &(lvalues[2092]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
-{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
-        &(lvalues[2116]),0},
-{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
-        NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},
-{"sbgp-routerIdentifier","sbgp-routerIdentifier",
-        NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
-{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-        &(lvalues[2148]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0},
-{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-        8,&(lvalues[2180]),0},
-{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-        NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0},
-{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-        NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0},
-{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-        NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0},
-{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-        NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0},
-{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-        &(lvalues[2220]),0},
-{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-        NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0},
-{"id-it-subscriptionRequest","id-it-subscriptionRequest",
-        NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0},
-{"id-it-subscriptionResponse","id-it-subscriptionResponse",
-        NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0},
-{"id-it-keyPairParamReq","id-it-keyPairParamReq",
-        NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0},
-{"id-it-keyPairParamRep","id-it-keyPairParamRep",
-        NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0},
-{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-        8,&(lvalues[2268]),0},
-{"id-it-implicitConfirm","id-it-implicitConfirm",
-        NID_id_it_implicitConfirm,8,&(lvalues[2276]),0},
-{"id-it-confirmWaitTime","id-it-confirmWaitTime",
-        NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0},
-{"id-it-origPKIMessage","id-it-origPKIMessage",
-        NID_id_it_origPKIMessage,8,&(lvalues[2292]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0},
-{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-        9,&(lvalues[2316]),0},
-{"id-regCtrl-authenticator","id-regCtrl-authenticator",
-        NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0},
-{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-        NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0},
-{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-        NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0},
-{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-        NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0},
-{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-        NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0},
-{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-        NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0},
-{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-        &(lvalues[2379]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0},
-{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-        &(lvalues[2396]),0},
-{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-        NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0},
-{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-        &(lvalues[2420]),0},
-{"id-cmc-identification","id-cmc-identification",
-        NID_id_cmc_identification,8,&(lvalues[2428]),0},
-{"id-cmc-identityProof","id-cmc-identityProof",
-        NID_id_cmc_identityProof,8,&(lvalues[2436]),0},
-{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-        &(lvalues[2444]),0},
-{"id-cmc-transactionId","id-cmc-transactionId",
-        NID_id_cmc_transactionId,8,&(lvalues[2452]),0},
-{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-        &(lvalues[2460]),0},
-{"id-cmc-recipientNonce","id-cmc-recipientNonce",
-        NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0},
-{"id-cmc-addExtensions","id-cmc-addExtensions",
-        NID_id_cmc_addExtensions,8,&(lvalues[2476]),0},
-{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-        8,&(lvalues[2484]),0},
-{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-        8,&(lvalues[2492]),0},
-{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-        NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0},
-{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-        &(lvalues[2508]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0},
-{"id-cmc-revokeRequest","id-cmc-revokeRequest",
-        NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0},
-{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-        &(lvalues[2532]),0},
-{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-        8,&(lvalues[2540]),0},
-{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-        8,&(lvalues[2548]),0},
-{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-        NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0},
-{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-        NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0},
-{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-        NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0},
-{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-        &(lvalues[2580]),0},
-{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-        &(lvalues[2588]),0},
-{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-        8,&(lvalues[2596]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},
-{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-        NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},
-{"id-pda-countryOfResidence","id-pda-countryOfResidence",
-        NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0},
-{"id-aca-authenticationInfo","id-aca-authenticationInfo",
-        NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0},
-{"id-aca-accessIdentity","id-aca-accessIdentity",
-        NID_id_aca_accessIdentity,8,&(lvalues[2636]),0},
-{"id-aca-chargingIdentity","id-aca-chargingIdentity",
-        NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0},
-{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-        NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0},
-{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-        &(lvalues[2684]),0},
-{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-        &(lvalues[2692]),0},
-{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-        &(lvalues[2700]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0},
-{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-        &(lvalues[2716]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0},
-{"acceptableResponses","Acceptable OCSP Responses",
-        NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0},
-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0},
-{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-        9,&(lvalues[2761]),0},
-{"serviceLocator","OCSP Service Locator",
-        NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0},
-{"extendedStatus","Extended OCSP Status",
-        NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0},
-{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-        &(lvalues[2806]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0},
-{"X500algorithms","directory services - algorithms",
-        NID_X500algorithms,2,&(lvalues[2824]),0},
-{"ORG","org",NID_org,1,&(lvalues[2826]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2827]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2829]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0},
-{"private","Private",NID_Private,4,&(lvalues[2844]),0},
-{"security","Security",NID_Security,4,&(lvalues[2848]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0},
-{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0},
-{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
-        &(lvalues[2894]),0},
-{"selected-attribute-types","Selected Attribute Types",
-        NID_selected_attribute_types,3,&(lvalues[2895]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0},
-{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-        &(lvalues[2902]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0},
-{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-        &(lvalues[2919]),0},
-{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-        &(lvalues[2927]),0},
-{"role","role",NID_role,3,&(lvalues[2935]),0},
-{"policyConstraints","X509v3 Policy Constraints",
-        NID_policy_constraints,3,&(lvalues[2938]),0},
-{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-        &(lvalues[2941]),0},
-{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-        &(lvalues[2944]),0},
-{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0},
-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0},
-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0},
-{"characteristic-two-field","characteristic-two-field",
-        NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0},
-{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
-        &(lvalues[2967]),0},
-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0},
-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0},
-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0},
-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0},
-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0},
-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0},
-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0},
-{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
-        &(lvalues[3030]),0},
-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0},
-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0},
-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0},
-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0},
-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0},
-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0},
-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0},
-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0},
-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0},
-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0},
-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0},
-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0},
-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0},
-{"holdInstructionCode","Hold Instruction Code",
-        NID_hold_instruction_code,3,&(lvalues[3154]),0},
-{"holdInstructionNone","Hold Instruction None",
-        NID_hold_instruction_none,7,&(lvalues[3157]),0},
-{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
-        NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0},
-{"holdInstructionReject","Hold Instruction Reject",
-        NID_hold_instruction_reject,7,&(lvalues[3171]),0},
-{"data","data",NID_data,1,&(lvalues[3178]),0},
-{"pss","pss",NID_pss,3,&(lvalues[3179]),0},
-{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0},
-{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0},
-{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
-        &(lvalues[3197]),0},
-{"pilotAttributeSyntax","pilotAttributeSyntax",
-        NID_pilotAttributeSyntax,9,&(lvalues[3206]),0},
-{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
-        &(lvalues[3215]),0},
-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0},
-{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
-        &(lvalues[3233]),0},
-{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
-        NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0},
-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0},
-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0},
-{"account","account",NID_account,10,&(lvalues[3273]),0},
-{"document","document",NID_document,10,&(lvalues[3283]),0},
-{"room","room",NID_room,10,&(lvalues[3293]),0},
-{"documentSeries","documentSeries",NID_documentSeries,10,
-        &(lvalues[3303]),0},
-{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
-        &(lvalues[3313]),0},
-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0},
-{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
-        10,&(lvalues[3333]),0},
-{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
-        &(lvalues[3343]),0},
-{"simpleSecurityObject","simpleSecurityObject",
-        NID_simpleSecurityObject,10,&(lvalues[3353]),0},
-{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
-        &(lvalues[3363]),0},
-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0},
-{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
-        10,&(lvalues[3383]),0},
-{"UID","userId",NID_userId,10,&(lvalues[3393]),0},
-{"textEncodedORAddress","textEncodedORAddress",
-        NID_textEncodedORAddress,10,&(lvalues[3403]),0},
-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0},
-{"info","info",NID_info,10,&(lvalues[3423]),0},
-{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
-        &(lvalues[3433]),0},
-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0},
-{"photo","photo",NID_photo,10,&(lvalues[3453]),0},
-{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0},
-{"host","host",NID_host,10,&(lvalues[3473]),0},
-{"manager","manager",NID_manager,10,&(lvalues[3483]),0},
-{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
-        &(lvalues[3493]),0},
-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0},
-{"documentVersion","documentVersion",NID_documentVersion,10,
-        &(lvalues[3513]),0},
-{"documentAuthor","documentAuthor",NID_documentAuthor,10,
-        &(lvalues[3523]),0},
-{"documentLocation","documentLocation",NID_documentLocation,10,
-        &(lvalues[3533]),0},
-{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
-        10,&(lvalues[3543]),0},
-{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0},
-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0},
-{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
-        &(lvalues[3573]),0},
-{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
-        &(lvalues[3583]),0},
-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0},
-{"pilotAttributeType27","pilotAttributeType27",
-        NID_pilotAttributeType27,10,&(lvalues[3603]),0},
-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0},
-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0},
-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0},
-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0},
-{"associatedDomain","associatedDomain",NID_associatedDomain,10,
-        &(lvalues[3653]),0},
-{"associatedName","associatedName",NID_associatedName,10,
-        &(lvalues[3663]),0},
-{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
-        &(lvalues[3673]),0},
-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0},
-{"mobileTelephoneNumber","mobileTelephoneNumber",
-        NID_mobileTelephoneNumber,10,&(lvalues[3693]),0},
-{"pagerTelephoneNumber","pagerTelephoneNumber",
-        NID_pagerTelephoneNumber,10,&(lvalues[3703]),0},
-{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
-        10,&(lvalues[3713]),0},
-{"organizationalStatus","organizationalStatus",
-        NID_organizationalStatus,10,&(lvalues[3723]),0},
-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0},
-{"mailPreferenceOption","mailPreferenceOption",
-        NID_mailPreferenceOption,10,&(lvalues[3743]),0},
-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0},
-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0},
-{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
-        &(lvalues[3773]),0},
-{"subtreeMinimumQuality","subtreeMinimumQuality",
-        NID_subtreeMinimumQuality,10,&(lvalues[3783]),0},
-{"subtreeMaximumQuality","subtreeMaximumQuality",
-        NID_subtreeMaximumQuality,10,&(lvalues[3793]),0},
-{"personalSignature","personalSignature",NID_personalSignature,10,
-        &(lvalues[3803]),0},
-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0},
-{"audio","audio",NID_audio,10,&(lvalues[3823]),0},
-{"documentPublisher","documentPublisher",NID_documentPublisher,10,
-        &(lvalues[3833]),0},
-{"x500UniqueIdentifier","x500UniqueIdentifier",
-        NID_x500UniqueIdentifier,3,&(lvalues[3843]),0},
-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0},
-{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
-        &(lvalues[3851]),0},
-{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
-        &(lvalues[3857]),0},
-{"id-hex-partial-message","id-hex-partial-message",
-        NID_id_hex_partial_message,7,&(lvalues[3863]),0},
-{"id-hex-multipart-message","id-hex-multipart-message",
-        NID_id_hex_multipart_message,7,&(lvalues[3870]),0},
-{"generationQualifier","generationQualifier",NID_generationQualifier,
-        3,&(lvalues[3877]),0},
-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{"id-set","Secure Electronic Transactions",NID_id_set,2,
-        &(lvalues[3883]),0},
-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0},
-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0},
-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0},
-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0},
-{"set-certExt","certificate extensions",NID_set_certExt,3,
-        &(lvalues[3897]),0},
-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0},
-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0},
-{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
-        &(lvalues[3907]),0},
-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0},
-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0},
-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0},
-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0},
-{"setct-PIDataUnsigned","setct-PIDataUnsigned",
-        NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0},
-{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
-        &(lvalues[3931]),0},
-{"setct-AuthResBaggage","setct-AuthResBaggage",
-        NID_setct_AuthResBaggage,4,&(lvalues[3935]),0},
-{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
-        NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0},
-{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
-        NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0},
-{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
-        &(lvalues[3947]),0},
-{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
-        &(lvalues[3951]),0},
-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0},
-{"setct-PResData","setct-PResData",NID_setct_PResData,4,
-        &(lvalues[3959]),0},
-{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
-        &(lvalues[3963]),0},
-{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
-        &(lvalues[3967]),0},
-{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
-        &(lvalues[3971]),0},
-{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
-        &(lvalues[3975]),0},
-{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
-        &(lvalues[3979]),0},
-{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
-        &(lvalues[3983]),0},
-{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
-        NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0},
-{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
-        4,&(lvalues[3991]),0},
-{"setct-AuthRevResData","setct-AuthRevResData",
-        NID_setct_AuthRevResData,4,&(lvalues[3995]),0},
-{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
-        4,&(lvalues[3999]),0},
-{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
-        &(lvalues[4003]),0},
-{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
-        &(lvalues[4007]),0},
-{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
-        &(lvalues[4011]),0},
-{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
-        &(lvalues[4015]),0},
-{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
-        4,&(lvalues[4019]),0},
-{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
-        4,&(lvalues[4023]),0},
-{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
-        &(lvalues[4027]),0},
-{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
-        &(lvalues[4031]),0},
-{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
-        &(lvalues[4035]),0},
-{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
-        4,&(lvalues[4039]),0},
-{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
-        NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0},
-{"setct-CredRevResData","setct-CredRevResData",
-        NID_setct_CredRevResData,4,&(lvalues[4047]),0},
-{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
-        &(lvalues[4051]),0},
-{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
-        &(lvalues[4055]),0},
-{"setct-BatchAdminReqData","setct-BatchAdminReqData",
-        NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0},
-{"setct-BatchAdminResData","setct-BatchAdminResData",
-        NID_setct_BatchAdminResData,4,&(lvalues[4063]),0},
-{"setct-CardCInitResTBS","setct-CardCInitResTBS",
-        NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0},
-{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
-        NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0},
-{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
-        4,&(lvalues[4075]),0},
-{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
-        &(lvalues[4079]),0},
-{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
-        &(lvalues[4083]),0},
-{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
-        &(lvalues[4087]),0},
-{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
-        4,&(lvalues[4091]),0},
-{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
-        &(lvalues[4095]),0},
-{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
-        NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0},
-{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
-        4,&(lvalues[4103]),0},
-{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
-        &(lvalues[4107]),0},
-{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
-        &(lvalues[4111]),0},
-{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
-        &(lvalues[4115]),0},
-{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
-        &(lvalues[4119]),0},
-{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
-        &(lvalues[4123]),0},
-{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
-        &(lvalues[4127]),0},
-{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
-        NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0},
-{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
-        4,&(lvalues[4135]),0},
-{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
-        4,&(lvalues[4139]),0},
-{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
-        NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0},
-{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
-        &(lvalues[4147]),0},
-{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
-        &(lvalues[4151]),0},
-{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
-        &(lvalues[4155]),0},
-{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
-        &(lvalues[4159]),0},
-{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
-        4,&(lvalues[4163]),0},
-{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
-        &(lvalues[4167]),0},
-{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
-        &(lvalues[4171]),0},
-{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
-        &(lvalues[4175]),0},
-{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
-        &(lvalues[4179]),0},
-{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
-        4,&(lvalues[4183]),0},
-{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
-        NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0},
-{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
-        4,&(lvalues[4191]),0},
-{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
-        NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0},
-{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
-        NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0},
-{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
-        4,&(lvalues[4203]),0},
-{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
-        &(lvalues[4207]),0},
-{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
-        &(lvalues[4211]),0},
-{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
-        &(lvalues[4215]),0},
-{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
-        NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0},
-{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
-        NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0},
-{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
-        NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0},
-{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
-        &(lvalues[4231]),0},
-{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
-        &(lvalues[4235]),0},
-{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
-        &(lvalues[4239]),0},
-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0},
-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0},
-{"setext-cv","additional verification",NID_setext_cv,4,
-        &(lvalues[4251]),0},
-{"set-policy-root","set-policy-root",NID_set_policy_root,4,
-        &(lvalues[4255]),0},
-{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
-        &(lvalues[4259]),0},
-{"setCext-certType","setCext-certType",NID_setCext_certType,4,
-        &(lvalues[4263]),0},
-{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
-        &(lvalues[4267]),0},
-{"setCext-cCertRequired","setCext-cCertRequired",
-        NID_setCext_cCertRequired,4,&(lvalues[4271]),0},
-{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
-        &(lvalues[4275]),0},
-{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
-        &(lvalues[4279]),0},
-{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
-        &(lvalues[4283]),0},
-{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
-        NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0},
-{"setCext-TokenIdentifier","setCext-TokenIdentifier",
-        NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0},
-{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
-        &(lvalues[4295]),0},
-{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
-        &(lvalues[4299]),0},
-{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
-        NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0},
-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0},
-{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
-        4,&(lvalues[4311]),0},
-{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
-        &(lvalues[4315]),0},
-{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
-        &(lvalues[4319]),0},
-{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
-        &(lvalues[4323]),0},
-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0},
-{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
-        &(lvalues[4333]),0},
-{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
-        NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0},
-{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
-        &(lvalues[4343]),0},
-{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
-        &(lvalues[4348]),0},
-{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
-        &(lvalues[4353]),0},
-{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
-        6,&(lvalues[4358]),0},
-{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
-        &(lvalues[4364]),0},
-{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
-        &(lvalues[4370]),0},
-{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
-        &(lvalues[4376]),0},
-{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
-        6,&(lvalues[4382]),0},
-{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
-        &(lvalues[4388]),0},
-{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
-        &(lvalues[4392]),0},
-{"set-brand-AmericanExpress","set-brand-AmericanExpress",
-        NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0},
-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0},
-{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
-        &(lvalues[4404]),0},
-{"set-brand-MasterCard","set-brand-MasterCard",
-        NID_set_brand_MasterCard,4,&(lvalues[4408]),0},
-{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
-        &(lvalues[4412]),0},
-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0},
-{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
-        NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0},
-{NULL,NULL,NID_undef,0,NULL},
-{NULL,NULL,NID_undef,0,NULL},
-{NULL,NULL,NID_undef,0,NULL},
-{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
-        10,&(lvalues[4434]),0},
-{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
-        &(lvalues[4444]),0},
-{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL},
-{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL},
-{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL},
-{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL},
-{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL},
-{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL},
-{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL},
-{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL},
-{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL},
-{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL},
-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4454]),0},
-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4457]),0},
-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4460]),0},
-{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
-        &(lvalues[4467]),0},
-{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,
-        &(lvalues[4475]),0},
-{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
-        &(lvalues[4483]),0},
-{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
-        &(lvalues[4491]),0},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4494]),0},
-{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-        &(lvalues[4502]),0},
-{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-        &(lvalues[4511]),0},
-{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-        &(lvalues[4520]),0},
-{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-        &(lvalues[4529]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4538]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4547]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4556]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4565]),0},
-};
-
-static ASN1_OBJECT *sn_objs[NUM_SN]={
-&(nid_objs[364]),/* "AD_DVCS" */
-&(nid_objs[419]),/* "AES-128-CBC" */
-&(nid_objs[421]),/* "AES-128-CFB" */
-&(nid_objs[650]),/* "AES-128-CFB1" */
-&(nid_objs[653]),/* "AES-128-CFB8" */
-&(nid_objs[418]),/* "AES-128-ECB" */
-&(nid_objs[420]),/* "AES-128-OFB" */
-&(nid_objs[423]),/* "AES-192-CBC" */
-&(nid_objs[425]),/* "AES-192-CFB" */
-&(nid_objs[651]),/* "AES-192-CFB1" */
-&(nid_objs[654]),/* "AES-192-CFB8" */
-&(nid_objs[422]),/* "AES-192-ECB" */
-&(nid_objs[424]),/* "AES-192-OFB" */
-&(nid_objs[427]),/* "AES-256-CBC" */
-&(nid_objs[429]),/* "AES-256-CFB" */
-&(nid_objs[652]),/* "AES-256-CFB1" */
-&(nid_objs[655]),/* "AES-256-CFB8" */
-&(nid_objs[426]),/* "AES-256-ECB" */
-&(nid_objs[428]),/* "AES-256-OFB" */
-&(nid_objs[91]),/* "BF-CBC" */
-&(nid_objs[93]),/* "BF-CFB" */
-&(nid_objs[92]),/* "BF-ECB" */
-&(nid_objs[94]),/* "BF-OFB" */
-&(nid_objs[14]),/* "C" */
-&(nid_objs[108]),/* "CAST5-CBC" */
-&(nid_objs[110]),/* "CAST5-CFB" */
-&(nid_objs[109]),/* "CAST5-ECB" */
-&(nid_objs[111]),/* "CAST5-OFB" */
-&(nid_objs[404]),/* "CCITT" */
-&(nid_objs[13]),/* "CN" */
-&(nid_objs[141]),/* "CRLReason" */
-&(nid_objs[417]),/* "CSPName" */
-&(nid_objs[367]),/* "CrlID" */
-&(nid_objs[391]),/* "DC" */
-&(nid_objs[31]),/* "DES-CBC" */
-&(nid_objs[643]),/* "DES-CDMF" */
-&(nid_objs[30]),/* "DES-CFB" */
-&(nid_objs[656]),/* "DES-CFB1" */
-&(nid_objs[657]),/* "DES-CFB8" */
-&(nid_objs[29]),/* "DES-ECB" */
-&(nid_objs[32]),/* "DES-EDE" */
-&(nid_objs[43]),/* "DES-EDE-CBC" */
-&(nid_objs[60]),/* "DES-EDE-CFB" */
-&(nid_objs[62]),/* "DES-EDE-OFB" */
-&(nid_objs[33]),/* "DES-EDE3" */
-&(nid_objs[44]),/* "DES-EDE3-CBC" */
-&(nid_objs[61]),/* "DES-EDE3-CFB" */
-&(nid_objs[658]),/* "DES-EDE3-CFB1" */
-&(nid_objs[659]),/* "DES-EDE3-CFB8" */
-&(nid_objs[63]),/* "DES-EDE3-OFB" */
-&(nid_objs[45]),/* "DES-OFB" */
-&(nid_objs[80]),/* "DESX-CBC" */
-&(nid_objs[380]),/* "DOD" */
-&(nid_objs[116]),/* "DSA" */
-&(nid_objs[66]),/* "DSA-SHA" */
-&(nid_objs[113]),/* "DSA-SHA1" */
-&(nid_objs[70]),/* "DSA-SHA1-old" */
-&(nid_objs[67]),/* "DSA-old" */
-&(nid_objs[297]),/* "DVCS" */
-&(nid_objs[99]),/* "GN" */
-&(nid_objs[381]),/* "IANA" */
-&(nid_objs[34]),/* "IDEA-CBC" */
-&(nid_objs[35]),/* "IDEA-CFB" */
-&(nid_objs[36]),/* "IDEA-ECB" */
-&(nid_objs[46]),/* "IDEA-OFB" */
-&(nid_objs[181]),/* "ISO" */
-&(nid_objs[183]),/* "ISO-US" */
-&(nid_objs[393]),/* "JOINT-ISO-CCITT" */
-&(nid_objs[15]),/* "L" */
-&(nid_objs[ 3]),/* "MD2" */
-&(nid_objs[257]),/* "MD4" */
-&(nid_objs[ 4]),/* "MD5" */
-&(nid_objs[114]),/* "MD5-SHA1" */
-&(nid_objs[95]),/* "MDC2" */
-&(nid_objs[388]),/* "Mail" */
-&(nid_objs[57]),/* "Netscape" */
-&(nid_objs[366]),/* "Nonce" */
-&(nid_objs[17]),/* "O" */
-&(nid_objs[178]),/* "OCSP" */
-&(nid_objs[180]),/* "OCSPSigning" */
-&(nid_objs[379]),/* "ORG" */
-&(nid_objs[18]),/* "OU" */
-&(nid_objs[ 9]),/* "PBE-MD2-DES" */
-&(nid_objs[168]),/* "PBE-MD2-RC2-64" */
-&(nid_objs[10]),/* "PBE-MD5-DES" */
-&(nid_objs[169]),/* "PBE-MD5-RC2-64" */
-&(nid_objs[147]),/* "PBE-SHA1-2DES" */
-&(nid_objs[146]),/* "PBE-SHA1-3DES" */
-&(nid_objs[170]),/* "PBE-SHA1-DES" */
-&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */
-&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */
-&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */
-&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */
-&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */
-&(nid_objs[161]),/* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
-&(nid_objs[98]),/* "RC2-40-CBC" */
-&(nid_objs[166]),/* "RC2-64-CBC" */
-&(nid_objs[37]),/* "RC2-CBC" */
-&(nid_objs[39]),/* "RC2-CFB" */
-&(nid_objs[38]),/* "RC2-ECB" */
-&(nid_objs[40]),/* "RC2-OFB" */
-&(nid_objs[ 5]),/* "RC4" */
-&(nid_objs[97]),/* "RC4-40" */
-&(nid_objs[120]),/* "RC5-CBC" */
-&(nid_objs[122]),/* "RC5-CFB" */
-&(nid_objs[121]),/* "RC5-ECB" */
-&(nid_objs[123]),/* "RC5-OFB" */
-&(nid_objs[117]),/* "RIPEMD160" */
-&(nid_objs[124]),/* "RLE" */
-&(nid_objs[19]),/* "RSA" */
-&(nid_objs[ 7]),/* "RSA-MD2" */
-&(nid_objs[396]),/* "RSA-MD4" */
-&(nid_objs[ 8]),/* "RSA-MD5" */
-&(nid_objs[96]),/* "RSA-MDC2" */
-&(nid_objs[104]),/* "RSA-NP-MD5" */
-&(nid_objs[119]),/* "RSA-RIPEMD160" */
-&(nid_objs[42]),/* "RSA-SHA" */
-&(nid_objs[65]),/* "RSA-SHA1" */
-&(nid_objs[115]),/* "RSA-SHA1-2" */
-&(nid_objs[671]),/* "RSA-SHA224" */
-&(nid_objs[668]),/* "RSA-SHA256" */
-&(nid_objs[669]),/* "RSA-SHA384" */
-&(nid_objs[670]),/* "RSA-SHA512" */
-&(nid_objs[41]),/* "SHA" */
-&(nid_objs[64]),/* "SHA1" */
-&(nid_objs[675]),/* "SHA224" */
-&(nid_objs[672]),/* "SHA256" */
-&(nid_objs[673]),/* "SHA384" */
-&(nid_objs[674]),/* "SHA512" */
-&(nid_objs[188]),/* "SMIME" */
-&(nid_objs[167]),/* "SMIME-CAPS" */
-&(nid_objs[100]),/* "SN" */
-&(nid_objs[16]),/* "ST" */
-&(nid_objs[143]),/* "SXNetID" */
-&(nid_objs[458]),/* "UID" */
-&(nid_objs[ 0]),/* "UNDEF" */
-&(nid_objs[11]),/* "X500" */
-&(nid_objs[378]),/* "X500algorithms" */
-&(nid_objs[12]),/* "X509" */
-&(nid_objs[184]),/* "X9-57" */
-&(nid_objs[185]),/* "X9cm" */
-&(nid_objs[125]),/* "ZLIB" */
-&(nid_objs[478]),/* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
-&(nid_objs[368]),/* "acceptableResponses" */
-&(nid_objs[446]),/* "account" */
-&(nid_objs[363]),/* "ad_timestamping" */
-&(nid_objs[376]),/* "algorithm" */
-&(nid_objs[405]),/* "ansi-X9-62" */
-&(nid_objs[370]),/* "archiveCutoff" */
-&(nid_objs[484]),/* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
-&(nid_objs[501]),/* "audio" */
-&(nid_objs[177]),/* "authorityInfoAccess" */
-&(nid_objs[90]),/* "authorityKeyIdentifier" */
-&(nid_objs[87]),/* "basicConstraints" */
-&(nid_objs[365]),/* "basicOCSPResponse" */
-&(nid_objs[285]),/* "biometricInfo" */
-&(nid_objs[494]),/* "buildingName" */
-&(nid_objs[483]),/* "cNAMERecord" */
-&(nid_objs[179]),/* "caIssuers" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[152]),/* "certBag" */
-&(nid_objs[89]),/* "certificatePolicies" */
-&(nid_objs[54]),/* "challengePassword" */
-&(nid_objs[407]),/* "characteristic-two-field" */
-&(nid_objs[395]),/* "clearance" */
-&(nid_objs[130]),/* "clientAuth" */
-&(nid_objs[131]),/* "codeSigning" */
-&(nid_objs[50]),/* "contentType" */
-&(nid_objs[53]),/* "countersignature" */
-&(nid_objs[153]),/* "crlBag" */
-&(nid_objs[103]),/* "crlDistributionPoints" */
-&(nid_objs[88]),/* "crlNumber" */
-&(nid_objs[500]),/* "dITRedirect" */
-&(nid_objs[451]),/* "dNSDomain" */
-&(nid_objs[495]),/* "dSAQuality" */
-&(nid_objs[434]),/* "data" */
-&(nid_objs[390]),/* "dcobject" */
-&(nid_objs[140]),/* "deltaCRL" */
-&(nid_objs[107]),/* "description" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
-&(nid_objs[382]),/* "directory" */
-&(nid_objs[174]),/* "dnQualifier" */
-&(nid_objs[447]),/* "document" */
-&(nid_objs[471]),/* "documentAuthor" */
-&(nid_objs[468]),/* "documentIdentifier" */
-&(nid_objs[472]),/* "documentLocation" */
-&(nid_objs[502]),/* "documentPublisher" */
-&(nid_objs[449]),/* "documentSeries" */
-&(nid_objs[469]),/* "documentTitle" */
-&(nid_objs[470]),/* "documentVersion" */
-&(nid_objs[392]),/* "domain" */
-&(nid_objs[452]),/* "domainRelatedObject" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
-&(nid_objs[48]),/* "emailAddress" */
-&(nid_objs[132]),/* "emailProtection" */
-&(nid_objs[389]),/* "enterprises" */
-&(nid_objs[384]),/* "experimental" */
-&(nid_objs[172]),/* "extReq" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
-&(nid_objs[126]),/* "extendedKeyUsage" */
-&(nid_objs[372]),/* "extendedStatus" */
-&(nid_objs[462]),/* "favouriteDrink" */
-&(nid_objs[453]),/* "friendlyCountry" */
-&(nid_objs[490]),/* "friendlyCountryName" */
-&(nid_objs[156]),/* "friendlyName" */
-&(nid_objs[509]),/* "generationQualifier" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
-&(nid_objs[432]),/* "holdInstructionCallIssuer" */
-&(nid_objs[430]),/* "holdInstructionCode" */
-&(nid_objs[431]),/* "holdInstructionNone" */
-&(nid_objs[433]),/* "holdInstructionReject" */
-&(nid_objs[486]),/* "homePostalAddress" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
-&(nid_objs[466]),/* "host" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
-&(nid_objs[266]),/* "id-aca" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
-&(nid_objs[357]),/* "id-aca-group" */
-&(nid_objs[358]),/* "id-aca-role" */
-&(nid_objs[176]),/* "id-ad" */
-&(nid_objs[262]),/* "id-alg" */
-&(nid_objs[323]),/* "id-alg-des40" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
-&(nid_objs[268]),/* "id-cct" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
-&(nid_objs[360]),/* "id-cct-crs" */
-&(nid_objs[81]),/* "id-ce" */
-&(nid_objs[263]),/* "id-cmc" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
-&(nid_objs[328]),/* "id-cmc-identification" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
-&(nid_objs[260]),/* "id-it" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
-&(nid_objs[128]),/* "id-kp" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
-&(nid_objs[274]),/* "id-mod-cmc" */
-&(nid_objs[277]),/* "id-mod-cmp" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
-&(nid_objs[273]),/* "id-mod-crmf" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
-&(nid_objs[264]),/* "id-on" */
-&(nid_objs[347]),/* "id-on-personalData" */
-&(nid_objs[265]),/* "id-pda" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
-&(nid_objs[351]),/* "id-pda-gender" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
-&(nid_objs[175]),/* "id-pe" */
-&(nid_objs[261]),/* "id-pkip" */
-&(nid_objs[258]),/* "id-pkix-mod" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
-&(nid_objs[662]),/* "id-ppl" */
-&(nid_objs[664]),/* "id-ppl-anyLanguage" */
-&(nid_objs[667]),/* "id-ppl-independent" */
-&(nid_objs[665]),/* "id-ppl-inheritAll" */
-&(nid_objs[267]),/* "id-qcs" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[259]),/* "id-qt" */
-&(nid_objs[164]),/* "id-qt-cps" */
-&(nid_objs[165]),/* "id-qt-unotice" */
-&(nid_objs[313]),/* "id-regCtrl" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
-&(nid_objs[314]),/* "id-regInfo" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
-&(nid_objs[512]),/* "id-set" */
-&(nid_objs[191]),/* "id-smime-aa" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
-&(nid_objs[192]),/* "id-smime-alg" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
-&(nid_objs[193]),/* "id-smime-cd" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
-&(nid_objs[190]),/* "id-smime-ct" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
-&(nid_objs[195]),/* "id-smime-cti" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[189]),/* "id-smime-mod" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
-&(nid_objs[194]),/* "id-smime-spq" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[461]),/* "info" */
-&(nid_objs[101]),/* "initials" */
-&(nid_objs[142]),/* "invalidityDate" */
-&(nid_objs[294]),/* "ipsecEndSystem" */
-&(nid_objs[295]),/* "ipsecTunnel" */
-&(nid_objs[296]),/* "ipsecUser" */
-&(nid_objs[86]),/* "issuerAltName" */
-&(nid_objs[492]),/* "janetMailbox" */
-&(nid_objs[150]),/* "keyBag" */
-&(nid_objs[83]),/* "keyUsage" */
-&(nid_objs[477]),/* "lastModifiedBy" */
-&(nid_objs[476]),/* "lastModifiedTime" */
-&(nid_objs[157]),/* "localKeyID" */
-&(nid_objs[480]),/* "mXRecord" */
-&(nid_objs[460]),/* "mail" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
-&(nid_objs[467]),/* "manager" */
-&(nid_objs[182]),/* "member-body" */
-&(nid_objs[51]),/* "messageDigest" */
-&(nid_objs[383]),/* "mgmt" */
-&(nid_objs[504]),/* "mime-mhs" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
-&(nid_objs[136]),/* "msCTLSign" */
-&(nid_objs[135]),/* "msCodeCom" */
-&(nid_objs[134]),/* "msCodeInd" */
-&(nid_objs[138]),/* "msEFS" */
-&(nid_objs[171]),/* "msExtReq" */
-&(nid_objs[137]),/* "msSGC" */
-&(nid_objs[648]),/* "msSmartcardLogin" */
-&(nid_objs[649]),/* "msUPN" */
-&(nid_objs[481]),/* "nSRecord" */
-&(nid_objs[173]),/* "name" */
-&(nid_objs[666]),/* "nameConstraints" */
-&(nid_objs[369]),/* "noCheck" */
-&(nid_objs[403]),/* "noRevAvail" */
-&(nid_objs[72]),/* "nsBaseUrl" */
-&(nid_objs[76]),/* "nsCaPolicyUrl" */
-&(nid_objs[74]),/* "nsCaRevocationUrl" */
-&(nid_objs[58]),/* "nsCertExt" */
-&(nid_objs[79]),/* "nsCertSequence" */
-&(nid_objs[71]),/* "nsCertType" */
-&(nid_objs[78]),/* "nsComment" */
-&(nid_objs[59]),/* "nsDataType" */
-&(nid_objs[75]),/* "nsRenewalUrl" */
-&(nid_objs[73]),/* "nsRevocationUrl" */
-&(nid_objs[139]),/* "nsSGC" */
-&(nid_objs[77]),/* "nsSslServerName" */
-&(nid_objs[491]),/* "organizationalStatus" */
-&(nid_objs[475]),/* "otherMailbox" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
-&(nid_objs[374]),/* "path" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[499]),/* "personalSignature" */
-&(nid_objs[487]),/* "personalTitle" */
-&(nid_objs[464]),/* "photo" */
-&(nid_objs[437]),/* "pilot" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
-&(nid_objs[438]),/* "pilotAttributeType" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
-&(nid_objs[456]),/* "pilotDSA" */
-&(nid_objs[441]),/* "pilotGroups" */
-&(nid_objs[444]),/* "pilotObject" */
-&(nid_objs[440]),/* "pilotObjectClass" */
-&(nid_objs[455]),/* "pilotOrganization" */
-&(nid_objs[445]),/* "pilotPerson" */
-&(nid_objs[ 2]),/* "pkcs" */
-&(nid_objs[186]),/* "pkcs1" */
-&(nid_objs[27]),/* "pkcs3" */
-&(nid_objs[187]),/* "pkcs5" */
-&(nid_objs[20]),/* "pkcs7" */
-&(nid_objs[21]),/* "pkcs7-data" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
-&(nid_objs[47]),/* "pkcs9" */
-&(nid_objs[401]),/* "policyConstraints" */
-&(nid_objs[661]),/* "postalCode" */
-&(nid_objs[406]),/* "prime-field" */
-&(nid_objs[409]),/* "prime192v1" */
-&(nid_objs[410]),/* "prime192v2" */
-&(nid_objs[411]),/* "prime192v3" */
-&(nid_objs[412]),/* "prime239v1" */
-&(nid_objs[413]),/* "prime239v2" */
-&(nid_objs[414]),/* "prime239v3" */
-&(nid_objs[415]),/* "prime256v1" */
-&(nid_objs[385]),/* "private" */
-&(nid_objs[84]),/* "privateKeyUsagePeriod" */
-&(nid_objs[663]),/* "proxyCertInfo" */
-&(nid_objs[510]),/* "pseudonym" */
-&(nid_objs[435]),/* "pss" */
-&(nid_objs[286]),/* "qcStatements" */
-&(nid_objs[457]),/* "qualityLabelledData" */
-&(nid_objs[450]),/* "rFC822localPart" */
-&(nid_objs[400]),/* "role" */
-&(nid_objs[448]),/* "room" */
-&(nid_objs[463]),/* "roomNumber" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
-&(nid_objs[377]),/* "rsaSignature" */
-&(nid_objs[ 1]),/* "rsadsi" */
-&(nid_objs[482]),/* "sOARecord" */
-&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbgp-routerIdentifier" */
-&(nid_objs[159]),/* "sdsiCertificate" */
-&(nid_objs[154]),/* "secretBag" */
-&(nid_objs[474]),/* "secretary" */
-&(nid_objs[386]),/* "security" */
-&(nid_objs[394]),/* "selected-attribute-types" */
-&(nid_objs[105]),/* "serialNumber" */
-&(nid_objs[129]),/* "serverAuth" */
-&(nid_objs[371]),/* "serviceLocator" */
-&(nid_objs[625]),/* "set-addPolicy" */
-&(nid_objs[515]),/* "set-attr" */
-&(nid_objs[518]),/* "set-brand" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
-&(nid_objs[637]),/* "set-brand-Diners" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
-&(nid_objs[639]),/* "set-brand-JCB" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
-&(nid_objs[642]),/* "set-brand-Novus" */
-&(nid_objs[640]),/* "set-brand-Visa" */
-&(nid_objs[517]),/* "set-certExt" */
-&(nid_objs[513]),/* "set-ctype" */
-&(nid_objs[514]),/* "set-msgExt" */
-&(nid_objs[516]),/* "set-policy" */
-&(nid_objs[607]),/* "set-policy-root" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
-&(nid_objs[620]),/* "setAttr-Cert" */
-&(nid_objs[631]),/* "setAttr-GenCryptgrm" */
-&(nid_objs[623]),/* "setAttr-IssCap" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
-&(nid_objs[621]),/* "setAttr-PGWYcap" */
-&(nid_objs[635]),/* "setAttr-SecDevSig" */
-&(nid_objs[632]),/* "setAttr-T2Enc" */
-&(nid_objs[633]),/* "setAttr-T2cleartxt" */
-&(nid_objs[634]),/* "setAttr-TokICCsig" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
-&(nid_objs[618]),/* "setCext-TokenType" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
-&(nid_objs[609]),/* "setCext-certType" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
-&(nid_objs[610]),/* "setCext-merchData" */
-&(nid_objs[613]),/* "setCext-setExt" */
-&(nid_objs[614]),/* "setCext-setQualf" */
-&(nid_objs[612]),/* "setCext-tunneling" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
-&(nid_objs[546]),/* "setct-CapResData" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
-&(nid_objs[565]),/* "setct-CertResData" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
-&(nid_objs[526]),/* "setct-HODInput" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
-&(nid_objs[522]),/* "setct-OIData" */
-&(nid_objs[519]),/* "setct-PANData" */
-&(nid_objs[521]),/* "setct-PANOnly" */
-&(nid_objs[520]),/* "setct-PANToken" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
-&(nid_objs[523]),/* "setct-PI" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
-&(nid_objs[524]),/* "setct-PIData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
-&(nid_objs[531]),/* "setct-PInitResData" */
-&(nid_objs[533]),/* "setct-PResData" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
-&(nid_objs[606]),/* "setext-cv" */
-&(nid_objs[601]),/* "setext-genCrypt" */
-&(nid_objs[602]),/* "setext-miAuth" */
-&(nid_objs[604]),/* "setext-pinAny" */
-&(nid_objs[603]),/* "setext-pinSecure" */
-&(nid_objs[605]),/* "setext-track2" */
-&(nid_objs[52]),/* "signingTime" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
-&(nid_objs[496]),/* "singleLevelQuality" */
-&(nid_objs[387]),/* "snmpv2" */
-&(nid_objs[660]),/* "streetAddress" */
-&(nid_objs[85]),/* "subjectAltName" */
-&(nid_objs[398]),/* "subjectInfoAccess" */
-&(nid_objs[82]),/* "subjectKeyIdentifier" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
-&(nid_objs[402]),/* "targetInformation" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
-&(nid_objs[293]),/* "textNotice" */
-&(nid_objs[133]),/* "timeStamping" */
-&(nid_objs[106]),/* "title" */
-&(nid_objs[375]),/* "trustRoot" */
-&(nid_objs[436]),/* "ucl" */
-&(nid_objs[55]),/* "unstructuredAddress" */
-&(nid_objs[49]),/* "unstructuredName" */
-&(nid_objs[465]),/* "userClass" */
-&(nid_objs[373]),/* "valid" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
-&(nid_objs[158]),/* "x509Certificate" */
-&(nid_objs[160]),/* "x509Crl" */
-};
-
-static ASN1_OBJECT *ln_objs[NUM_LN]={
-&(nid_objs[363]),/* "AD Time Stamping" */
-&(nid_objs[405]),/* "ANSI X9.62" */
-&(nid_objs[368]),/* "Acceptable OCSP Responses" */
-&(nid_objs[664]),/* "Any language" */
-&(nid_objs[177]),/* "Authority Information Access" */
-&(nid_objs[365]),/* "Basic OCSP Response" */
-&(nid_objs[285]),/* "Biometric Info" */
-&(nid_objs[179]),/* "CA Issuers" */
-&(nid_objs[131]),/* "Code Signing" */
-&(nid_objs[382]),/* "Directory" */
-&(nid_objs[392]),/* "Domain" */
-&(nid_objs[132]),/* "E-mail Protection" */
-&(nid_objs[389]),/* "Enterprises" */
-&(nid_objs[384]),/* "Experimental" */
-&(nid_objs[372]),/* "Extended OCSP Status" */
-&(nid_objs[172]),/* "Extension Request" */
-&(nid_objs[432]),/* "Hold Instruction Call Issuer" */
-&(nid_objs[430]),/* "Hold Instruction Code" */
-&(nid_objs[431]),/* "Hold Instruction None" */
-&(nid_objs[433]),/* "Hold Instruction Reject" */
-&(nid_objs[634]),/* "ICC or token signature" */
-&(nid_objs[294]),/* "IPSec End System" */
-&(nid_objs[295]),/* "IPSec Tunnel" */
-&(nid_objs[296]),/* "IPSec User" */
-&(nid_objs[182]),/* "ISO Member Body" */
-&(nid_objs[183]),/* "ISO US Member Body" */
-&(nid_objs[667]),/* "Independent" */
-&(nid_objs[665]),/* "Inherit all" */
-&(nid_objs[142]),/* "Invalidity Date" */
-&(nid_objs[504]),/* "MIME MHS" */
-&(nid_objs[388]),/* "Mail" */
-&(nid_objs[383]),/* "Management" */
-&(nid_objs[417]),/* "Microsoft CSP Name" */
-&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
-&(nid_objs[138]),/* "Microsoft Encrypted File System" */
-&(nid_objs[171]),/* "Microsoft Extension Request" */
-&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
-&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
-&(nid_objs[648]),/* "Microsoft Smartcardlogin" */
-&(nid_objs[136]),/* "Microsoft Trust List Signing" */
-&(nid_objs[649]),/* "Microsoft Universal Principal Name" */
-&(nid_objs[72]),/* "Netscape Base Url" */
-&(nid_objs[76]),/* "Netscape CA Policy Url" */
-&(nid_objs[74]),/* "Netscape CA Revocation Url" */
-&(nid_objs[71]),/* "Netscape Cert Type" */
-&(nid_objs[58]),/* "Netscape Certificate Extension" */
-&(nid_objs[79]),/* "Netscape Certificate Sequence" */
-&(nid_objs[78]),/* "Netscape Comment" */
-&(nid_objs[57]),/* "Netscape Communications Corp." */
-&(nid_objs[59]),/* "Netscape Data Type" */
-&(nid_objs[75]),/* "Netscape Renewal Url" */
-&(nid_objs[73]),/* "Netscape Revocation Url" */
-&(nid_objs[77]),/* "Netscape SSL Server Name" */
-&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
-&(nid_objs[178]),/* "OCSP" */
-&(nid_objs[370]),/* "OCSP Archive Cutoff" */
-&(nid_objs[367]),/* "OCSP CRL ID" */
-&(nid_objs[369]),/* "OCSP No Check" */
-&(nid_objs[366]),/* "OCSP Nonce" */
-&(nid_objs[371]),/* "OCSP Service Locator" */
-&(nid_objs[180]),/* "OCSP Signing" */
-&(nid_objs[161]),/* "PBES2" */
-&(nid_objs[69]),/* "PBKDF2" */
-&(nid_objs[162]),/* "PBMAC1" */
-&(nid_objs[127]),/* "PKIX" */
-&(nid_objs[164]),/* "Policy Qualifier CPS" */
-&(nid_objs[165]),/* "Policy Qualifier User Notice" */
-&(nid_objs[385]),/* "Private" */
-&(nid_objs[663]),/* "Proxy Certificate Information" */
-&(nid_objs[ 1]),/* "RSA Data Security, Inc." */
-&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */
-&(nid_objs[188]),/* "S/MIME" */
-&(nid_objs[167]),/* "S/MIME Capabilities" */
-&(nid_objs[387]),/* "SNMPv2" */
-&(nid_objs[512]),/* "Secure Electronic Transactions" */
-&(nid_objs[386]),/* "Security" */
-&(nid_objs[394]),/* "Selected Attribute Types" */
-&(nid_objs[143]),/* "Strong Extranet ID" */
-&(nid_objs[398]),/* "Subject Information Access" */
-&(nid_objs[130]),/* "TLS Web Client Authentication" */
-&(nid_objs[129]),/* "TLS Web Server Authentication" */
-&(nid_objs[133]),/* "Time Stamping" */
-&(nid_objs[375]),/* "Trust Root" */
-&(nid_objs[12]),/* "X509" */
-&(nid_objs[402]),/* "X509v3 AC Targeting" */
-&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
-&(nid_objs[87]),/* "X509v3 Basic Constraints" */
-&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
-&(nid_objs[88]),/* "X509v3 CRL Number" */
-&(nid_objs[141]),/* "X509v3 CRL Reason Code" */
-&(nid_objs[89]),/* "X509v3 Certificate Policies" */
-&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
-&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
-&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
-&(nid_objs[83]),/* "X509v3 Key Usage" */
-&(nid_objs[666]),/* "X509v3 Name Constraints" */
-&(nid_objs[403]),/* "X509v3 No Revocation Available" */
-&(nid_objs[401]),/* "X509v3 Policy Constraints" */
-&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
-&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
-&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
-&(nid_objs[184]),/* "X9.57" */
-&(nid_objs[185]),/* "X9.57 CM ?" */
-&(nid_objs[478]),/* "aRecord" */
-&(nid_objs[289]),/* "aaControls" */
-&(nid_objs[287]),/* "ac-auditEntity" */
-&(nid_objs[397]),/* "ac-proxying" */
-&(nid_objs[288]),/* "ac-targeting" */
-&(nid_objs[446]),/* "account" */
-&(nid_objs[364]),/* "ad dvcs" */
-&(nid_objs[606]),/* "additional verification" */
-&(nid_objs[419]),/* "aes-128-cbc" */
-&(nid_objs[421]),/* "aes-128-cfb" */
-&(nid_objs[650]),/* "aes-128-cfb1" */
-&(nid_objs[653]),/* "aes-128-cfb8" */
-&(nid_objs[418]),/* "aes-128-ecb" */
-&(nid_objs[420]),/* "aes-128-ofb" */
-&(nid_objs[423]),/* "aes-192-cbc" */
-&(nid_objs[425]),/* "aes-192-cfb" */
-&(nid_objs[651]),/* "aes-192-cfb1" */
-&(nid_objs[654]),/* "aes-192-cfb8" */
-&(nid_objs[422]),/* "aes-192-ecb" */
-&(nid_objs[424]),/* "aes-192-ofb" */
-&(nid_objs[427]),/* "aes-256-cbc" */
-&(nid_objs[429]),/* "aes-256-cfb" */
-&(nid_objs[652]),/* "aes-256-cfb1" */
-&(nid_objs[655]),/* "aes-256-cfb8" */
-&(nid_objs[426]),/* "aes-256-ecb" */
-&(nid_objs[428]),/* "aes-256-ofb" */
-&(nid_objs[376]),/* "algorithm" */
-&(nid_objs[484]),/* "associatedDomain" */
-&(nid_objs[485]),/* "associatedName" */
-&(nid_objs[501]),/* "audio" */
-&(nid_objs[91]),/* "bf-cbc" */
-&(nid_objs[93]),/* "bf-cfb" */
-&(nid_objs[92]),/* "bf-ecb" */
-&(nid_objs[94]),/* "bf-ofb" */
-&(nid_objs[494]),/* "buildingName" */
-&(nid_objs[483]),/* "cNAMERecord" */
-&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
-&(nid_objs[108]),/* "cast5-cbc" */
-&(nid_objs[110]),/* "cast5-cfb" */
-&(nid_objs[109]),/* "cast5-ecb" */
-&(nid_objs[111]),/* "cast5-ofb" */
-&(nid_objs[404]),/* "ccitt" */
-&(nid_objs[152]),/* "certBag" */
-&(nid_objs[517]),/* "certificate extensions" */
-&(nid_objs[54]),/* "challengePassword" */
-&(nid_objs[407]),/* "characteristic-two-field" */
-&(nid_objs[395]),/* "clearance" */
-&(nid_objs[633]),/* "cleartext track 2" */
-&(nid_objs[13]),/* "commonName" */
-&(nid_objs[513]),/* "content types" */
-&(nid_objs[50]),/* "contentType" */
-&(nid_objs[53]),/* "countersignature" */
-&(nid_objs[14]),/* "countryName" */
-&(nid_objs[153]),/* "crlBag" */
-&(nid_objs[500]),/* "dITRedirect" */
-&(nid_objs[451]),/* "dNSDomain" */
-&(nid_objs[495]),/* "dSAQuality" */
-&(nid_objs[434]),/* "data" */
-&(nid_objs[390]),/* "dcObject" */
-&(nid_objs[31]),/* "des-cbc" */
-&(nid_objs[643]),/* "des-cdmf" */
-&(nid_objs[30]),/* "des-cfb" */
-&(nid_objs[656]),/* "des-cfb1" */
-&(nid_objs[657]),/* "des-cfb8" */
-&(nid_objs[29]),/* "des-ecb" */
-&(nid_objs[32]),/* "des-ede" */
-&(nid_objs[43]),/* "des-ede-cbc" */
-&(nid_objs[60]),/* "des-ede-cfb" */
-&(nid_objs[62]),/* "des-ede-ofb" */
-&(nid_objs[33]),/* "des-ede3" */
-&(nid_objs[44]),/* "des-ede3-cbc" */
-&(nid_objs[61]),/* "des-ede3-cfb" */
-&(nid_objs[658]),/* "des-ede3-cfb1" */
-&(nid_objs[659]),/* "des-ede3-cfb8" */
-&(nid_objs[63]),/* "des-ede3-ofb" */
-&(nid_objs[45]),/* "des-ofb" */
-&(nid_objs[107]),/* "description" */
-&(nid_objs[80]),/* "desx-cbc" */
-&(nid_objs[28]),/* "dhKeyAgreement" */
-&(nid_objs[11]),/* "directory services (X.500)" */
-&(nid_objs[378]),/* "directory services - algorithms" */
-&(nid_objs[174]),/* "dnQualifier" */
-&(nid_objs[447]),/* "document" */
-&(nid_objs[471]),/* "documentAuthor" */
-&(nid_objs[468]),/* "documentIdentifier" */
-&(nid_objs[472]),/* "documentLocation" */
-&(nid_objs[502]),/* "documentPublisher" */
-&(nid_objs[449]),/* "documentSeries" */
-&(nid_objs[469]),/* "documentTitle" */
-&(nid_objs[470]),/* "documentVersion" */
-&(nid_objs[380]),/* "dod" */
-&(nid_objs[391]),/* "domainComponent" */
-&(nid_objs[452]),/* "domainRelatedObject" */
-&(nid_objs[116]),/* "dsaEncryption" */
-&(nid_objs[67]),/* "dsaEncryption-old" */
-&(nid_objs[66]),/* "dsaWithSHA" */
-&(nid_objs[113]),/* "dsaWithSHA1" */
-&(nid_objs[70]),/* "dsaWithSHA1-old" */
-&(nid_objs[297]),/* "dvcs" */
-&(nid_objs[416]),/* "ecdsa-with-SHA1" */
-&(nid_objs[48]),/* "emailAddress" */
-&(nid_objs[632]),/* "encrypted track 2" */
-&(nid_objs[56]),/* "extendedCertificateAttributes" */
-&(nid_objs[462]),/* "favouriteDrink" */
-&(nid_objs[453]),/* "friendlyCountry" */
-&(nid_objs[490]),/* "friendlyCountryName" */
-&(nid_objs[156]),/* "friendlyName" */
-&(nid_objs[631]),/* "generate cryptogram" */
-&(nid_objs[509]),/* "generationQualifier" */
-&(nid_objs[601]),/* "generic cryptogram" */
-&(nid_objs[99]),/* "givenName" */
-&(nid_objs[163]),/* "hmacWithSHA1" */
-&(nid_objs[486]),/* "homePostalAddress" */
-&(nid_objs[473]),/* "homeTelephoneNumber" */
-&(nid_objs[466]),/* "host" */
-&(nid_objs[442]),/* "iA5StringSyntax" */
-&(nid_objs[381]),/* "iana" */
-&(nid_objs[266]),/* "id-aca" */
-&(nid_objs[355]),/* "id-aca-accessIdentity" */
-&(nid_objs[354]),/* "id-aca-authenticationInfo" */
-&(nid_objs[356]),/* "id-aca-chargingIdentity" */
-&(nid_objs[399]),/* "id-aca-encAttrs" */
-&(nid_objs[357]),/* "id-aca-group" */
-&(nid_objs[358]),/* "id-aca-role" */
-&(nid_objs[176]),/* "id-ad" */
-&(nid_objs[262]),/* "id-alg" */
-&(nid_objs[323]),/* "id-alg-des40" */
-&(nid_objs[326]),/* "id-alg-dh-pop" */
-&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
-&(nid_objs[324]),/* "id-alg-noSignature" */
-&(nid_objs[268]),/* "id-cct" */
-&(nid_objs[361]),/* "id-cct-PKIData" */
-&(nid_objs[362]),/* "id-cct-PKIResponse" */
-&(nid_objs[360]),/* "id-cct-crs" */
-&(nid_objs[81]),/* "id-ce" */
-&(nid_objs[263]),/* "id-cmc" */
-&(nid_objs[334]),/* "id-cmc-addExtensions" */
-&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
-&(nid_objs[330]),/* "id-cmc-dataReturn" */
-&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
-&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
-&(nid_objs[339]),/* "id-cmc-getCRL" */
-&(nid_objs[338]),/* "id-cmc-getCert" */
-&(nid_objs[328]),/* "id-cmc-identification" */
-&(nid_objs[329]),/* "id-cmc-identityProof" */
-&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
-&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
-&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
-&(nid_objs[343]),/* "id-cmc-queryPending" */
-&(nid_objs[333]),/* "id-cmc-recipientNonce" */
-&(nid_objs[341]),/* "id-cmc-regInfo" */
-&(nid_objs[342]),/* "id-cmc-responseInfo" */
-&(nid_objs[340]),/* "id-cmc-revokeRequest" */
-&(nid_objs[332]),/* "id-cmc-senderNonce" */
-&(nid_objs[327]),/* "id-cmc-statusInfo" */
-&(nid_objs[331]),/* "id-cmc-transactionId" */
-&(nid_objs[408]),/* "id-ecPublicKey" */
-&(nid_objs[508]),/* "id-hex-multipart-message" */
-&(nid_objs[507]),/* "id-hex-partial-message" */
-&(nid_objs[260]),/* "id-it" */
-&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
-&(nid_objs[298]),/* "id-it-caProtEncCert" */
-&(nid_objs[311]),/* "id-it-confirmWaitTime" */
-&(nid_objs[303]),/* "id-it-currentCRL" */
-&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
-&(nid_objs[310]),/* "id-it-implicitConfirm" */
-&(nid_objs[308]),/* "id-it-keyPairParamRep" */
-&(nid_objs[307]),/* "id-it-keyPairParamReq" */
-&(nid_objs[312]),/* "id-it-origPKIMessage" */
-&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
-&(nid_objs[309]),/* "id-it-revPassphrase" */
-&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
-&(nid_objs[305]),/* "id-it-subscriptionRequest" */
-&(nid_objs[306]),/* "id-it-subscriptionResponse" */
-&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
-&(nid_objs[128]),/* "id-kp" */
-&(nid_objs[280]),/* "id-mod-attribute-cert" */
-&(nid_objs[274]),/* "id-mod-cmc" */
-&(nid_objs[277]),/* "id-mod-cmp" */
-&(nid_objs[284]),/* "id-mod-cmp2000" */
-&(nid_objs[273]),/* "id-mod-crmf" */
-&(nid_objs[283]),/* "id-mod-dvcs" */
-&(nid_objs[275]),/* "id-mod-kea-profile-88" */
-&(nid_objs[276]),/* "id-mod-kea-profile-93" */
-&(nid_objs[282]),/* "id-mod-ocsp" */
-&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
-&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
-&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
-&(nid_objs[264]),/* "id-on" */
-&(nid_objs[347]),/* "id-on-personalData" */
-&(nid_objs[265]),/* "id-pda" */
-&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
-&(nid_objs[353]),/* "id-pda-countryOfResidence" */
-&(nid_objs[348]),/* "id-pda-dateOfBirth" */
-&(nid_objs[351]),/* "id-pda-gender" */
-&(nid_objs[349]),/* "id-pda-placeOfBirth" */
-&(nid_objs[175]),/* "id-pe" */
-&(nid_objs[261]),/* "id-pkip" */
-&(nid_objs[258]),/* "id-pkix-mod" */
-&(nid_objs[269]),/* "id-pkix1-explicit-88" */
-&(nid_objs[271]),/* "id-pkix1-explicit-93" */
-&(nid_objs[270]),/* "id-pkix1-implicit-88" */
-&(nid_objs[272]),/* "id-pkix1-implicit-93" */
-&(nid_objs[662]),/* "id-ppl" */
-&(nid_objs[267]),/* "id-qcs" */
-&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
-&(nid_objs[259]),/* "id-qt" */
-&(nid_objs[313]),/* "id-regCtrl" */
-&(nid_objs[316]),/* "id-regCtrl-authenticator" */
-&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
-&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
-&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
-&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
-&(nid_objs[315]),/* "id-regCtrl-regToken" */
-&(nid_objs[314]),/* "id-regInfo" */
-&(nid_objs[322]),/* "id-regInfo-certReq" */
-&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
-&(nid_objs[191]),/* "id-smime-aa" */
-&(nid_objs[215]),/* "id-smime-aa-contentHint" */
-&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
-&(nid_objs[221]),/* "id-smime-aa-contentReference" */
-&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
-&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
-&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
-&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
-&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
-&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
-&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
-&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
-&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
-&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
-&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
-&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
-&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
-&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
-&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
-&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
-&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
-&(nid_objs[219]),/* "id-smime-aa-macValue" */
-&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
-&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
-&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
-&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
-&(nid_objs[239]),/* "id-smime-aa-signatureType" */
-&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
-&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
-&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
-&(nid_objs[192]),/* "id-smime-alg" */
-&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
-&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
-&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
-&(nid_objs[245]),/* "id-smime-alg-ESDH" */
-&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
-&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
-&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
-&(nid_objs[193]),/* "id-smime-cd" */
-&(nid_objs[248]),/* "id-smime-cd-ldap" */
-&(nid_objs[190]),/* "id-smime-ct" */
-&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
-&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
-&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
-&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
-&(nid_objs[205]),/* "id-smime-ct-authData" */
-&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
-&(nid_objs[206]),/* "id-smime-ct-publishCert" */
-&(nid_objs[204]),/* "id-smime-ct-receipt" */
-&(nid_objs[195]),/* "id-smime-cti" */
-&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
-&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
-&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
-&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
-&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
-&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
-&(nid_objs[189]),/* "id-smime-mod" */
-&(nid_objs[196]),/* "id-smime-mod-cms" */
-&(nid_objs[197]),/* "id-smime-mod-ess" */
-&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
-&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
-&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
-&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
-&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
-&(nid_objs[198]),/* "id-smime-mod-oid" */
-&(nid_objs[194]),/* "id-smime-spq" */
-&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
-&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
-&(nid_objs[34]),/* "idea-cbc" */
-&(nid_objs[35]),/* "idea-cfb" */
-&(nid_objs[36]),/* "idea-ecb" */
-&(nid_objs[46]),/* "idea-ofb" */
-&(nid_objs[461]),/* "info" */
-&(nid_objs[101]),/* "initials" */
-&(nid_objs[181]),/* "iso" */
-&(nid_objs[623]),/* "issuer capabilities" */
-&(nid_objs[492]),/* "janetMailbox" */
-&(nid_objs[393]),/* "joint-iso-ccitt" */
-&(nid_objs[150]),/* "keyBag" */
-&(nid_objs[477]),/* "lastModifiedBy" */
-&(nid_objs[476]),/* "lastModifiedTime" */
-&(nid_objs[157]),/* "localKeyID" */
-&(nid_objs[15]),/* "localityName" */
-&(nid_objs[480]),/* "mXRecord" */
-&(nid_objs[493]),/* "mailPreferenceOption" */
-&(nid_objs[467]),/* "manager" */
-&(nid_objs[ 3]),/* "md2" */
-&(nid_objs[ 7]),/* "md2WithRSAEncryption" */
-&(nid_objs[257]),/* "md4" */
-&(nid_objs[396]),/* "md4WithRSAEncryption" */
-&(nid_objs[ 4]),/* "md5" */
-&(nid_objs[114]),/* "md5-sha1" */
-&(nid_objs[104]),/* "md5WithRSA" */
-&(nid_objs[ 8]),/* "md5WithRSAEncryption" */
-&(nid_objs[95]),/* "mdc2" */
-&(nid_objs[96]),/* "mdc2WithRSA" */
-&(nid_objs[602]),/* "merchant initiated auth" */
-&(nid_objs[514]),/* "message extensions" */
-&(nid_objs[51]),/* "messageDigest" */
-&(nid_objs[506]),/* "mime-mhs-bodies" */
-&(nid_objs[505]),/* "mime-mhs-headings" */
-&(nid_objs[488]),/* "mobileTelephoneNumber" */
-&(nid_objs[481]),/* "nSRecord" */
-&(nid_objs[173]),/* "name" */
-&(nid_objs[379]),/* "org" */
-&(nid_objs[17]),/* "organizationName" */
-&(nid_objs[491]),/* "organizationalStatus" */
-&(nid_objs[18]),/* "organizationalUnitName" */
-&(nid_objs[475]),/* "otherMailbox" */
-&(nid_objs[489]),/* "pagerTelephoneNumber" */
-&(nid_objs[374]),/* "path" */
-&(nid_objs[621]),/* "payment gateway capabilities" */
-&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
-&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */
-&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
-&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
-&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */
-&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */
-&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */
-&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
-&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
-&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */
-&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */
-&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */
-&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
-&(nid_objs[499]),/* "personalSignature" */
-&(nid_objs[487]),/* "personalTitle" */
-&(nid_objs[464]),/* "photo" */
-&(nid_objs[437]),/* "pilot" */
-&(nid_objs[439]),/* "pilotAttributeSyntax" */
-&(nid_objs[438]),/* "pilotAttributeType" */
-&(nid_objs[479]),/* "pilotAttributeType27" */
-&(nid_objs[456]),/* "pilotDSA" */
-&(nid_objs[441]),/* "pilotGroups" */
-&(nid_objs[444]),/* "pilotObject" */
-&(nid_objs[440]),/* "pilotObjectClass" */
-&(nid_objs[455]),/* "pilotOrganization" */
-&(nid_objs[445]),/* "pilotPerson" */
-&(nid_objs[186]),/* "pkcs1" */
-&(nid_objs[27]),/* "pkcs3" */
-&(nid_objs[187]),/* "pkcs5" */
-&(nid_objs[20]),/* "pkcs7" */
-&(nid_objs[21]),/* "pkcs7-data" */
-&(nid_objs[25]),/* "pkcs7-digestData" */
-&(nid_objs[26]),/* "pkcs7-encryptedData" */
-&(nid_objs[23]),/* "pkcs7-envelopedData" */
-&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
-&(nid_objs[22]),/* "pkcs7-signedData" */
-&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
-&(nid_objs[47]),/* "pkcs9" */
-&(nid_objs[661]),/* "postalCode" */
-&(nid_objs[406]),/* "prime-field" */
-&(nid_objs[409]),/* "prime192v1" */
-&(nid_objs[410]),/* "prime192v2" */
-&(nid_objs[411]),/* "prime192v3" */
-&(nid_objs[412]),/* "prime239v1" */
-&(nid_objs[413]),/* "prime239v2" */
-&(nid_objs[414]),/* "prime239v3" */
-&(nid_objs[415]),/* "prime256v1" */
-&(nid_objs[510]),/* "pseudonym" */
-&(nid_objs[435]),/* "pss" */
-&(nid_objs[286]),/* "qcStatements" */
-&(nid_objs[457]),/* "qualityLabelledData" */
-&(nid_objs[450]),/* "rFC822localPart" */
-&(nid_objs[98]),/* "rc2-40-cbc" */
-&(nid_objs[166]),/* "rc2-64-cbc" */
-&(nid_objs[37]),/* "rc2-cbc" */
-&(nid_objs[39]),/* "rc2-cfb" */
-&(nid_objs[38]),/* "rc2-ecb" */
-&(nid_objs[40]),/* "rc2-ofb" */
-&(nid_objs[ 5]),/* "rc4" */
-&(nid_objs[97]),/* "rc4-40" */
-&(nid_objs[120]),/* "rc5-cbc" */
-&(nid_objs[122]),/* "rc5-cfb" */
-&(nid_objs[121]),/* "rc5-ecb" */
-&(nid_objs[123]),/* "rc5-ofb" */
-&(nid_objs[460]),/* "rfc822Mailbox" */
-&(nid_objs[117]),/* "ripemd160" */
-&(nid_objs[119]),/* "ripemd160WithRSA" */
-&(nid_objs[400]),/* "role" */
-&(nid_objs[448]),/* "room" */
-&(nid_objs[463]),/* "roomNumber" */
-&(nid_objs[19]),/* "rsa" */
-&(nid_objs[ 6]),/* "rsaEncryption" */
-&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */
-&(nid_objs[377]),/* "rsaSignature" */
-&(nid_objs[124]),/* "run length compression" */
-&(nid_objs[482]),/* "sOARecord" */
-&(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbgp-routerIdentifier" */
-&(nid_objs[159]),/* "sdsiCertificate" */
-&(nid_objs[154]),/* "secretBag" */
-&(nid_objs[474]),/* "secretary" */
-&(nid_objs[635]),/* "secure device signature" */
-&(nid_objs[105]),/* "serialNumber" */
-&(nid_objs[625]),/* "set-addPolicy" */
-&(nid_objs[515]),/* "set-attr" */
-&(nid_objs[518]),/* "set-brand" */
-&(nid_objs[638]),/* "set-brand-AmericanExpress" */
-&(nid_objs[637]),/* "set-brand-Diners" */
-&(nid_objs[636]),/* "set-brand-IATA-ATA" */
-&(nid_objs[639]),/* "set-brand-JCB" */
-&(nid_objs[641]),/* "set-brand-MasterCard" */
-&(nid_objs[642]),/* "set-brand-Novus" */
-&(nid_objs[640]),/* "set-brand-Visa" */
-&(nid_objs[516]),/* "set-policy" */
-&(nid_objs[607]),/* "set-policy-root" */
-&(nid_objs[624]),/* "set-rootKeyThumb" */
-&(nid_objs[620]),/* "setAttr-Cert" */
-&(nid_objs[628]),/* "setAttr-IssCap-CVM" */
-&(nid_objs[630]),/* "setAttr-IssCap-Sig" */
-&(nid_objs[629]),/* "setAttr-IssCap-T2" */
-&(nid_objs[627]),/* "setAttr-Token-B0Prime" */
-&(nid_objs[626]),/* "setAttr-Token-EMV" */
-&(nid_objs[622]),/* "setAttr-TokenType" */
-&(nid_objs[619]),/* "setCext-IssuerCapabilities" */
-&(nid_objs[615]),/* "setCext-PGWYcapabilities" */
-&(nid_objs[616]),/* "setCext-TokenIdentifier" */
-&(nid_objs[618]),/* "setCext-TokenType" */
-&(nid_objs[617]),/* "setCext-Track2Data" */
-&(nid_objs[611]),/* "setCext-cCertRequired" */
-&(nid_objs[609]),/* "setCext-certType" */
-&(nid_objs[608]),/* "setCext-hashedRoot" */
-&(nid_objs[610]),/* "setCext-merchData" */
-&(nid_objs[613]),/* "setCext-setExt" */
-&(nid_objs[614]),/* "setCext-setQualf" */
-&(nid_objs[612]),/* "setCext-tunneling" */
-&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */
-&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */
-&(nid_objs[570]),/* "setct-AuthReqTBE" */
-&(nid_objs[534]),/* "setct-AuthReqTBS" */
-&(nid_objs[527]),/* "setct-AuthResBaggage" */
-&(nid_objs[571]),/* "setct-AuthResTBE" */
-&(nid_objs[572]),/* "setct-AuthResTBEX" */
-&(nid_objs[535]),/* "setct-AuthResTBS" */
-&(nid_objs[536]),/* "setct-AuthResTBSX" */
-&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */
-&(nid_objs[577]),/* "setct-AuthRevReqTBE" */
-&(nid_objs[541]),/* "setct-AuthRevReqTBS" */
-&(nid_objs[529]),/* "setct-AuthRevResBaggage" */
-&(nid_objs[542]),/* "setct-AuthRevResData" */
-&(nid_objs[578]),/* "setct-AuthRevResTBE" */
-&(nid_objs[579]),/* "setct-AuthRevResTBEB" */
-&(nid_objs[543]),/* "setct-AuthRevResTBS" */
-&(nid_objs[573]),/* "setct-AuthTokenTBE" */
-&(nid_objs[537]),/* "setct-AuthTokenTBS" */
-&(nid_objs[600]),/* "setct-BCIDistributionTBS" */
-&(nid_objs[558]),/* "setct-BatchAdminReqData" */
-&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */
-&(nid_objs[559]),/* "setct-BatchAdminResData" */
-&(nid_objs[593]),/* "setct-BatchAdminResTBE" */
-&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */
-&(nid_objs[598]),/* "setct-CRLNotificationTBS" */
-&(nid_objs[580]),/* "setct-CapReqTBE" */
-&(nid_objs[581]),/* "setct-CapReqTBEX" */
-&(nid_objs[544]),/* "setct-CapReqTBS" */
-&(nid_objs[545]),/* "setct-CapReqTBSX" */
-&(nid_objs[546]),/* "setct-CapResData" */
-&(nid_objs[582]),/* "setct-CapResTBE" */
-&(nid_objs[583]),/* "setct-CapRevReqTBE" */
-&(nid_objs[584]),/* "setct-CapRevReqTBEX" */
-&(nid_objs[547]),/* "setct-CapRevReqTBS" */
-&(nid_objs[548]),/* "setct-CapRevReqTBSX" */
-&(nid_objs[549]),/* "setct-CapRevResData" */
-&(nid_objs[585]),/* "setct-CapRevResTBE" */
-&(nid_objs[538]),/* "setct-CapTokenData" */
-&(nid_objs[530]),/* "setct-CapTokenSeq" */
-&(nid_objs[574]),/* "setct-CapTokenTBE" */
-&(nid_objs[575]),/* "setct-CapTokenTBEX" */
-&(nid_objs[539]),/* "setct-CapTokenTBS" */
-&(nid_objs[560]),/* "setct-CardCInitResTBS" */
-&(nid_objs[566]),/* "setct-CertInqReqTBS" */
-&(nid_objs[563]),/* "setct-CertReqData" */
-&(nid_objs[595]),/* "setct-CertReqTBE" */
-&(nid_objs[596]),/* "setct-CertReqTBEX" */
-&(nid_objs[564]),/* "setct-CertReqTBS" */
-&(nid_objs[565]),/* "setct-CertResData" */
-&(nid_objs[597]),/* "setct-CertResTBE" */
-&(nid_objs[586]),/* "setct-CredReqTBE" */
-&(nid_objs[587]),/* "setct-CredReqTBEX" */
-&(nid_objs[550]),/* "setct-CredReqTBS" */
-&(nid_objs[551]),/* "setct-CredReqTBSX" */
-&(nid_objs[552]),/* "setct-CredResData" */
-&(nid_objs[588]),/* "setct-CredResTBE" */
-&(nid_objs[589]),/* "setct-CredRevReqTBE" */
-&(nid_objs[590]),/* "setct-CredRevReqTBEX" */
-&(nid_objs[553]),/* "setct-CredRevReqTBS" */
-&(nid_objs[554]),/* "setct-CredRevReqTBSX" */
-&(nid_objs[555]),/* "setct-CredRevResData" */
-&(nid_objs[591]),/* "setct-CredRevResTBE" */
-&(nid_objs[567]),/* "setct-ErrorTBS" */
-&(nid_objs[526]),/* "setct-HODInput" */
-&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */
-&(nid_objs[522]),/* "setct-OIData" */
-&(nid_objs[519]),/* "setct-PANData" */
-&(nid_objs[521]),/* "setct-PANOnly" */
-&(nid_objs[520]),/* "setct-PANToken" */
-&(nid_objs[556]),/* "setct-PCertReqData" */
-&(nid_objs[557]),/* "setct-PCertResTBS" */
-&(nid_objs[523]),/* "setct-PI" */
-&(nid_objs[532]),/* "setct-PI-TBS" */
-&(nid_objs[524]),/* "setct-PIData" */
-&(nid_objs[525]),/* "setct-PIDataUnsigned" */
-&(nid_objs[568]),/* "setct-PIDualSignedTBE" */
-&(nid_objs[569]),/* "setct-PIUnsignedTBE" */
-&(nid_objs[531]),/* "setct-PInitResData" */
-&(nid_objs[533]),/* "setct-PResData" */
-&(nid_objs[594]),/* "setct-RegFormReqTBE" */
-&(nid_objs[562]),/* "setct-RegFormResTBS" */
-&(nid_objs[604]),/* "setext-pinAny" */
-&(nid_objs[603]),/* "setext-pinSecure" */
-&(nid_objs[605]),/* "setext-track2" */
-&(nid_objs[41]),/* "sha" */
-&(nid_objs[64]),/* "sha1" */
-&(nid_objs[115]),/* "sha1WithRSA" */
-&(nid_objs[65]),/* "sha1WithRSAEncryption" */
-&(nid_objs[675]),/* "sha224" */
-&(nid_objs[671]),/* "sha224WithRSAEncryption" */
-&(nid_objs[672]),/* "sha256" */
-&(nid_objs[668]),/* "sha256WithRSAEncryption" */
-&(nid_objs[673]),/* "sha384" */
-&(nid_objs[669]),/* "sha384WithRSAEncryption" */
-&(nid_objs[674]),/* "sha512" */
-&(nid_objs[670]),/* "sha512WithRSAEncryption" */
-&(nid_objs[42]),/* "shaWithRSAEncryption" */
-&(nid_objs[52]),/* "signingTime" */
-&(nid_objs[454]),/* "simpleSecurityObject" */
-&(nid_objs[496]),/* "singleLevelQuality" */
-&(nid_objs[16]),/* "stateOrProvinceName" */
-&(nid_objs[660]),/* "streetAddress" */
-&(nid_objs[498]),/* "subtreeMaximumQuality" */
-&(nid_objs[497]),/* "subtreeMinimumQuality" */
-&(nid_objs[100]),/* "surname" */
-&(nid_objs[459]),/* "textEncodedORAddress" */
-&(nid_objs[293]),/* "textNotice" */
-&(nid_objs[106]),/* "title" */
-&(nid_objs[436]),/* "ucl" */
-&(nid_objs[ 0]),/* "undefined" */
-&(nid_objs[55]),/* "unstructuredAddress" */
-&(nid_objs[49]),/* "unstructuredName" */
-&(nid_objs[465]),/* "userClass" */
-&(nid_objs[458]),/* "userId" */
-&(nid_objs[373]),/* "valid" */
-&(nid_objs[503]),/* "x500UniqueIdentifier" */
-&(nid_objs[158]),/* "x509Certificate" */
-&(nid_objs[160]),/* "x509Crl" */
-&(nid_objs[125]),/* "zlib compression" */
-};
-
-static ASN1_OBJECT *obj_objs[NUM_OBJ]={
-&(nid_objs[ 0]),/* OBJ_undef                        0 */
-&(nid_objs[404]),/* OBJ_ccitt                        0 */
-&(nid_objs[434]),/* OBJ_data                         0 9 */
-&(nid_objs[181]),/* OBJ_iso                          1 */
-&(nid_objs[182]),/* OBJ_member_body                  1 2 */
-&(nid_objs[379]),/* OBJ_org                          1 3 */
-&(nid_objs[393]),/* OBJ_joint_iso_ccitt              2 */
-&(nid_objs[11]),/* OBJ_X500                         2 5 */
-&(nid_objs[380]),/* OBJ_dod                          1 3 6 */
-&(nid_objs[12]),/* OBJ_X509                         2 5 4 */
-&(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */
-&(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
-&(nid_objs[512]),/* OBJ_id_set                       2 23 42 */
-&(nid_objs[435]),/* OBJ_pss                          0 9 2342 */
-&(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
-&(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
-&(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
-&(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
-&(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
-&(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
-&(nid_objs[14]),/* OBJ_countryName                  2 5 4 6 */
-&(nid_objs[15]),/* OBJ_localityName                 2 5 4 7 */
-&(nid_objs[16]),/* OBJ_stateOrProvinceName          2 5 4 8 */
-&(nid_objs[660]),/* OBJ_streetAddress                2 5 4 9 */
-&(nid_objs[17]),/* OBJ_organizationName             2 5 4 10 */
-&(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
-&(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
-&(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
-&(nid_objs[661]),/* OBJ_postalCode                   2 5 4 17 */
-&(nid_objs[173]),/* OBJ_name                         2 5 4 41 */
-&(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
-&(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
-&(nid_objs[509]),/* OBJ_generationQualifier          2 5 4 44 */
-&(nid_objs[503]),/* OBJ_x500UniqueIdentifier         2 5 4 45 */
-&(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
-&(nid_objs[510]),/* OBJ_pseudonym                    2 5 4 65 */
-&(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
-&(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
-&(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
-&(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
-&(nid_objs[85]),/* OBJ_subject_alt_name             2 5 29 17 */
-&(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
-&(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
-&(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
-&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
-&(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
-&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
-&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
-&(nid_objs[666]),/* OBJ_name_constraints             2 5 29 30 */
-&(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
-&(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
-&(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
-&(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
-&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
-&(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
-&(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
-&(nid_objs[513]),/* OBJ_set_ctype                    2 23 42 0 */
-&(nid_objs[514]),/* OBJ_set_msgExt                   2 23 42 1 */
-&(nid_objs[515]),/* OBJ_set_attr                     2 23 42 3 */
-&(nid_objs[516]),/* OBJ_set_policy                   2 23 42 5 */
-&(nid_objs[517]),/* OBJ_set_certExt                  2 23 42 7 */
-&(nid_objs[518]),/* OBJ_set_brand                    2 23 42 8 */
-&(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
-&(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
-&(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
-&(nid_objs[385]),/* OBJ_Private                      1 3 6 1 4 */
-&(nid_objs[386]),/* OBJ_Security                     1 3 6 1 5 */
-&(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
-&(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
-&(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
-&(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */
-&(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
-&(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
-&(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[519]),/* OBJ_setct_PANData                2 23 42 0 0 */
-&(nid_objs[520]),/* OBJ_setct_PANToken               2 23 42 0 1 */
-&(nid_objs[521]),/* OBJ_setct_PANOnly                2 23 42 0 2 */
-&(nid_objs[522]),/* OBJ_setct_OIData                 2 23 42 0 3 */
-&(nid_objs[523]),/* OBJ_setct_PI                     2 23 42 0 4 */
-&(nid_objs[524]),/* OBJ_setct_PIData                 2 23 42 0 5 */
-&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
-&(nid_objs[526]),/* OBJ_setct_HODInput               2 23 42 0 7 */
-&(nid_objs[527]),/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
-&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
-&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
-&(nid_objs[530]),/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
-&(nid_objs[531]),/* OBJ_setct_PInitResData           2 23 42 0 12 */
-&(nid_objs[532]),/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
-&(nid_objs[533]),/* OBJ_setct_PResData               2 23 42 0 14 */
-&(nid_objs[534]),/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
-&(nid_objs[535]),/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
-&(nid_objs[536]),/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
-&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
-&(nid_objs[538]),/* OBJ_setct_CapTokenData           2 23 42 0 20 */
-&(nid_objs[539]),/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
-&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
-&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
-&(nid_objs[542]),/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
-&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
-&(nid_objs[544]),/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
-&(nid_objs[545]),/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
-&(nid_objs[546]),/* OBJ_setct_CapResData             2 23 42 0 28 */
-&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
-&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
-&(nid_objs[549]),/* OBJ_setct_CapRevResData          2 23 42 0 31 */
-&(nid_objs[550]),/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
-&(nid_objs[551]),/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
-&(nid_objs[552]),/* OBJ_setct_CredResData            2 23 42 0 34 */
-&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
-&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
-&(nid_objs[555]),/* OBJ_setct_CredRevResData         2 23 42 0 37 */
-&(nid_objs[556]),/* OBJ_setct_PCertReqData           2 23 42 0 38 */
-&(nid_objs[557]),/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
-&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
-&(nid_objs[559]),/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
-&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
-&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
-&(nid_objs[562]),/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
-&(nid_objs[563]),/* OBJ_setct_CertReqData            2 23 42 0 45 */
-&(nid_objs[564]),/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
-&(nid_objs[565]),/* OBJ_setct_CertResData            2 23 42 0 47 */
-&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
-&(nid_objs[567]),/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
-&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
-&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
-&(nid_objs[570]),/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
-&(nid_objs[571]),/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
-&(nid_objs[572]),/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
-&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
-&(nid_objs[574]),/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
-&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
-&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
-&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
-&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
-&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
-&(nid_objs[580]),/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
-&(nid_objs[581]),/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
-&(nid_objs[582]),/* OBJ_setct_CapResTBE              2 23 42 0 64 */
-&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
-&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
-&(nid_objs[585]),/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
-&(nid_objs[586]),/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
-&(nid_objs[587]),/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
-&(nid_objs[588]),/* OBJ_setct_CredResTBE             2 23 42 0 70 */
-&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
-&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
-&(nid_objs[591]),/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
-&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
-&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
-&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
-&(nid_objs[595]),/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
-&(nid_objs[596]),/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
-&(nid_objs[597]),/* OBJ_setct_CertResTBE             2 23 42 0 79 */
-&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
-&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
-&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
-&(nid_objs[601]),/* OBJ_setext_genCrypt              2 23 42 1 1 */
-&(nid_objs[602]),/* OBJ_setext_miAuth                2 23 42 1 3 */
-&(nid_objs[603]),/* OBJ_setext_pinSecure             2 23 42 1 4 */
-&(nid_objs[604]),/* OBJ_setext_pinAny                2 23 42 1 5 */
-&(nid_objs[605]),/* OBJ_setext_track2                2 23 42 1 7 */
-&(nid_objs[606]),/* OBJ_setext_cv                    2 23 42 1 8 */
-&(nid_objs[620]),/* OBJ_setAttr_Cert                 2 23 42 3 0 */
-&(nid_objs[621]),/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
-&(nid_objs[622]),/* OBJ_setAttr_TokenType            2 23 42 3 2 */
-&(nid_objs[623]),/* OBJ_setAttr_IssCap               2 23 42 3 3 */
-&(nid_objs[607]),/* OBJ_set_policy_root              2 23 42 5 0 */
-&(nid_objs[608]),/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
-&(nid_objs[609]),/* OBJ_setCext_certType             2 23 42 7 1 */
-&(nid_objs[610]),/* OBJ_setCext_merchData            2 23 42 7 2 */
-&(nid_objs[611]),/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
-&(nid_objs[612]),/* OBJ_setCext_tunneling            2 23 42 7 4 */
-&(nid_objs[613]),/* OBJ_setCext_setExt               2 23 42 7 5 */
-&(nid_objs[614]),/* OBJ_setCext_setQualf             2 23 42 7 6 */
-&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
-&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
-&(nid_objs[617]),/* OBJ_setCext_Track2Data           2 23 42 7 9 */
-&(nid_objs[618]),/* OBJ_setCext_TokenType            2 23 42 7 10 */
-&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
-&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
-&(nid_objs[640]),/* OBJ_set_brand_Visa               2 23 42 8 4 */
-&(nid_objs[641]),/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
-&(nid_objs[637]),/* OBJ_set_brand_Diners             2 23 42 8 30 */
-&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
-&(nid_objs[639]),/* OBJ_set_brand_JCB                2 23 42 8 35 */
-&(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
-&(nid_objs[405]),/* OBJ_ansi_X9_62                   1 2 840 10045 */
-&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
-&(nid_objs[504]),/* OBJ_mime_mhs                     1 3 6 1 7 1 */
-&(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
-&(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
-&(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
-&(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
-&(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
-&(nid_objs[377]),/* OBJ_rsaSignature                 1 3 14 3 2 11 */
-&(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
-&(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
-&(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
-&(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
-&(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
-&(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
-&(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
-&(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
-&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
-&(nid_objs[624]),/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
-&(nid_objs[625]),/* OBJ_set_addPolicy                2 23 42 3 0 1 */
-&(nid_objs[626]),/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
-&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
-&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
-&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
-&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
-&(nid_objs[642]),/* OBJ_set_brand_Novus              2 23 42 8 6011 */
-&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666 2 */
-&(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
-&(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
-&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
-&(nid_objs[505]),/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
-&(nid_objs[506]),/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
-&(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
-&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
-&(nid_objs[632]),/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
-&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
-&(nid_objs[634]),/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
-&(nid_objs[635]),/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
-&(nid_objs[436]),/* OBJ_ucl                          0 9 2342 19200300 */
-&(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
-&(nid_objs[431]),/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
-&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
-&(nid_objs[433]),/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
-&(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
-&(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
-&(nid_objs[406]),/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
-&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
-&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
-&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
-&(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
-&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
-&(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
-&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
-&(nid_objs[260]),/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
-&(nid_objs[261]),/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
-&(nid_objs[262]),/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
-&(nid_objs[263]),/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
-&(nid_objs[264]),/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
-&(nid_objs[265]),/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
-&(nid_objs[266]),/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
-&(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
-&(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
-&(nid_objs[662]),/* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
-&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
-&(nid_objs[507]),/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
-&(nid_objs[508]),/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
-&(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
-&(nid_objs[437]),/* OBJ_pilot                        0 9 2342 19200300 100 */
-&(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */
-&(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
-&(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */
-&(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
-&(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
-&(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
-&(nid_objs[257]),/* OBJ_md4                          1 2 840 113549 2 4 */
-&(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
-&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
-&(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
-&(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
-&(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
-&(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
-&(nid_objs[643]),/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
-&(nid_objs[409]),/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
-&(nid_objs[410]),/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
-&(nid_objs[411]),/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
-&(nid_objs[412]),/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
-&(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
-&(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
-&(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
-&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
-&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
-&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
-&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
-&(nid_objs[273]),/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
-&(nid_objs[274]),/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
-&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
-&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
-&(nid_objs[277]),/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
-&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
-&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
-&(nid_objs[280]),/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
-&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
-&(nid_objs[282]),/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
-&(nid_objs[283]),/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
-&(nid_objs[284]),/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
-&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
-&(nid_objs[285]),/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
-&(nid_objs[286]),/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
-&(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
-&(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
-&(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
-&(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
-&(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
-&(nid_objs[663]),/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
-&(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
-&(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
-&(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
-&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
-&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
-&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
-&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
-&(nid_objs[294]),/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
-&(nid_objs[295]),/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
-&(nid_objs[296]),/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
-&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
-&(nid_objs[180]),/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
-&(nid_objs[297]),/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
-&(nid_objs[298]),/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
-&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
-&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
-&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
-&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
-&(nid_objs[303]),/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
-&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
-&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
-&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
-&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
-&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
-&(nid_objs[309]),/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
-&(nid_objs[310]),/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
-&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
-&(nid_objs[312]),/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
-&(nid_objs[313]),/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
-&(nid_objs[314]),/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
-&(nid_objs[323]),/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
-&(nid_objs[324]),/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
-&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
-&(nid_objs[326]),/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
-&(nid_objs[327]),/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
-&(nid_objs[328]),/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
-&(nid_objs[329]),/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
-&(nid_objs[330]),/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
-&(nid_objs[331]),/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
-&(nid_objs[332]),/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
-&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
-&(nid_objs[334]),/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
-&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
-&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
-&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
-&(nid_objs[338]),/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
-&(nid_objs[339]),/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
-&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
-&(nid_objs[341]),/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
-&(nid_objs[342]),/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
-&(nid_objs[343]),/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
-&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
-&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
-&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
-&(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
-&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
-&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
-&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
-&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
-&(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
-&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
-&(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
-&(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
-&(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
-&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
-&(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
-&(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
-&(nid_objs[362]),/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
-&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
-&(nid_objs[665]),/* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
-&(nid_objs[667]),/* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
-&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
-&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
-&(nid_objs[363]),/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
-&(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
-&(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
-&(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
-&(nid_objs[438]),/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
-&(nid_objs[439]),/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
-&(nid_objs[440]),/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
-&(nid_objs[441]),/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
-&(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
-&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
-&(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
-&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
-&(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
-&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
-&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
-&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
-&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
-&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
-&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
-&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
-&(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
-&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
-&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
-&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
-&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
-&(nid_objs[69]),/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
-&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
-&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
-&(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
-&(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
-&(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
-&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
-&(nid_objs[25]),/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
-&(nid_objs[26]),/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
-&(nid_objs[48]),/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
-&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
-&(nid_objs[50]),/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
-&(nid_objs[51]),/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
-&(nid_objs[52]),/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
-&(nid_objs[53]),/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
-&(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
-&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
-&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
-&(nid_objs[172]),/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
-&(nid_objs[167]),/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
-&(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
-&(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
-&(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
-&(nid_objs[417]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
-&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
-&(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
-&(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
-&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
-&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
-&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
-&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
-&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
-&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
-&(nid_objs[322]),/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
-&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
-&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
-&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
-&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
-&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
-&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
-&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
-&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
-&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
-&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
-&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
-&(nid_objs[418]),/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
-&(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
-&(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
-&(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
-&(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
-&(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
-&(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
-&(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
-&(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
-&(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
-&(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
-&(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
-&(nid_objs[672]),/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
-&(nid_objs[673]),/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
-&(nid_objs[674]),/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
-&(nid_objs[675]),/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
-&(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
-&(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
-&(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
-&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
-&(nid_objs[75]),/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
-&(nid_objs[76]),/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
-&(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
-&(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
-&(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
-&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
-&(nid_objs[458]),/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
-&(nid_objs[459]),/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
-&(nid_objs[460]),/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
-&(nid_objs[461]),/* OBJ_info                         0 9 2342 19200300 100 1 4 */
-&(nid_objs[462]),/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
-&(nid_objs[463]),/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
-&(nid_objs[464]),/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
-&(nid_objs[465]),/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
-&(nid_objs[466]),/* OBJ_host                         0 9 2342 19200300 100 1 9 */
-&(nid_objs[467]),/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
-&(nid_objs[468]),/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
-&(nid_objs[469]),/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
-&(nid_objs[470]),/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
-&(nid_objs[471]),/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
-&(nid_objs[472]),/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
-&(nid_objs[473]),/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
-&(nid_objs[474]),/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
-&(nid_objs[475]),/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
-&(nid_objs[476]),/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
-&(nid_objs[477]),/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
-&(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
-&(nid_objs[478]),/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
-&(nid_objs[479]),/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
-&(nid_objs[480]),/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
-&(nid_objs[481]),/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
-&(nid_objs[482]),/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
-&(nid_objs[483]),/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
-&(nid_objs[484]),/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
-&(nid_objs[485]),/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
-&(nid_objs[486]),/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
-&(nid_objs[487]),/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
-&(nid_objs[488]),/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
-&(nid_objs[489]),/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
-&(nid_objs[490]),/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
-&(nid_objs[491]),/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
-&(nid_objs[492]),/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
-&(nid_objs[493]),/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
-&(nid_objs[494]),/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
-&(nid_objs[495]),/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
-&(nid_objs[496]),/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
-&(nid_objs[497]),/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
-&(nid_objs[498]),/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
-&(nid_objs[499]),/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
-&(nid_objs[500]),/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
-&(nid_objs[501]),/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
-&(nid_objs[502]),/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
-&(nid_objs[442]),/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
-&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
-&(nid_objs[444]),/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
-&(nid_objs[445]),/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
-&(nid_objs[446]),/* OBJ_account                      0 9 2342 19200300 100 4 5 */
-&(nid_objs[447]),/* OBJ_document                     0 9 2342 19200300 100 4 6 */
-&(nid_objs[448]),/* OBJ_room                         0 9 2342 19200300 100 4 7 */
-&(nid_objs[449]),/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
-&(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
-&(nid_objs[450]),/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
-&(nid_objs[451]),/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
-&(nid_objs[452]),/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
-&(nid_objs[453]),/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
-&(nid_objs[454]),/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
-&(nid_objs[455]),/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
-&(nid_objs[456]),/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
-&(nid_objs[457]),/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
-&(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
-&(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
-&(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
-&(nid_objs[192]),/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
-&(nid_objs[193]),/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
-&(nid_objs[194]),/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
-&(nid_objs[195]),/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
-&(nid_objs[158]),/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
-&(nid_objs[159]),/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
-&(nid_objs[160]),/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
-&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
-&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
-&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
-&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
-&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
-&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
-&(nid_objs[171]),/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
-&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
-&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
-&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
-&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
-&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
-&(nid_objs[648]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
-&(nid_objs[649]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
-&(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
-&(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
-&(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
-&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
-&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
-&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
-&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
-&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
-&(nid_objs[204]),/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
-&(nid_objs[205]),/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
-&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
-&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
-&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
-&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
-&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
-&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
-&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
-&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
-&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
-&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
-&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
-&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
-&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
-&(nid_objs[219]),/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
-&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
-&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
-&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
-&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
-&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
-&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
-&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
-&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
-&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
-&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
-&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
-&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
-&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
-&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
-&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
-&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
-&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
-&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
-&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
-&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
-&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
-&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
-&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
-&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
-&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
-&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
-&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
-&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
-&(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
-&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
-&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
-&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
-&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
-&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
-&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
-&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
-&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
-&(nid_objs[150]),/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
-&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
-&(nid_objs[152]),/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
-&(nid_objs[153]),/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
-&(nid_objs[154]),/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
-&(nid_objs[155]),/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
-&(nid_objs[34]),/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
-};
-
diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl
new file mode 100644
index 0000000000..d0371661f9
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_dat.pl
@@ -0,0 +1,307 @@
+#!/usr/local/bin/perl
+
+# fixes bug in floating point emulation on sparc64 when
+# this script produces off-by-one output on sparc64
+use integer;
+
+sub obj_cmp
+        {
+        local(@a,@b,$_,$r);
+
+        $A=$obj_len{$obj{$nid{$a}}};
+        $B=$obj_len{$obj{$nid{$b}}};
+
+        $r=($A-$B);
+        return($r) if $r != 0;
+
+        $A=$obj_der{$obj{$nid{$a}}};
+        $B=$obj_der{$obj{$nid{$b}}};
+
+        return($A cmp $B);
+        }
+
+sub expand_obj
+        {
+        local(*v)=@_;
+        local($k,$d);
+        local($i);
+
+        do      {
+                $i=0;
+                foreach $k (keys %v)
+                        {
+                        if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/))
+                                { $i++; }
+                        }
+                } while($i);
+        foreach $k (keys %v)
+                {
+                @a=split(/,/,$v{$k});
+                $objn{$k}=$#a+1;
+                }
+        return(%objn);
+        }
+
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+
+while (<IN>)
+        {
+        next unless /^\#define\s+(\S+)\s+(.*)$/;
+        $v=$1;
+        $d=$2;
+        $d =~ s/^\"//;
+        $d =~ s/\"$//;
+        if ($v =~ /^SN_(.*)$/)
+                {
+                if(defined $snames{$d})
+                        {
+                        print "WARNING: Duplicate short name \"$d\"\n";
+                        }
+                else 
+                        { $snames{$d} = "X"; }
+                $sn{$1}=$d;
+                }
+        elsif ($v =~ /^LN_(.*)$/)
+                {
+                if(defined $lnames{$d})
+                        {
+                        print "WARNING: Duplicate long name \"$d\"\n";
+                        }
+                else 
+                        { $lnames{$d} = "X"; }
+                $ln{$1}=$d;
+                }
+        elsif ($v =~ /^NID_(.*)$/)
+                { $nid{$d}=$1; }
+        elsif ($v =~ /^OBJ_(.*)$/)
+                {
+                $obj{$1}=$v;
+                $objd{$v}=$d;
+                }
+        }
+close IN;
+
+%ob=&expand_obj(*objd);
+
+@a=sort { $a <=> $b } keys %nid;
+$n=$a[$#a]+1;
+
+@lvalues=();
+$lvalues=0;
+
+for ($i=0; $i<$n; $i++)
+        {
+        if (!defined($nid{$i}))
+                {
+                push(@out,"{NULL,NULL,NID_undef,0,NULL},\n");
+                }
+        else
+                {
+                $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
+                $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
+
+                if ($sn eq "NULL") {
+                        $sn=$ln;
+                        $sn{$nid{$i}} = $ln;
+                }
+
+                if ($ln eq "NULL") {
+                        $ln=$sn;
+                        $ln{$nid{$i}} = $sn;
+                }
+                        
+                $out ="{";
+                $out.="\"$sn\"";
+                $out.=","."\"$ln\"";
+                $out.=",NID_$nid{$i},";
+                if (defined($obj{$nid{$i}}))
+                        {
+                        $v=$objd{$obj{$nid{$i}}};
+                        $v =~ s/L//g;
+                        $v =~ s/,/ /g;
+                        $r=&der_it($v);
+                        $z="";
+                        $length=0;
+                        foreach (unpack("C*",$r))
+                                {
+                                $z.=sprintf("0x%02X,",$_);
+                                $length++;
+                                }
+                        $obj_der{$obj{$nid{$i}}}=$z;
+                        $obj_len{$obj{$nid{$i}}}=$length;
+
+                        push(@lvalues,sprintf("%-45s/* [%3d] %s */\n",
+                                $z,$lvalues,$obj{$nid{$i}}));
+                        $out.="$length,&(lvalues[$lvalues]),0";
+                        $lvalues+=$length;
+                        }
+                else
+                        {
+                        $out.="0,NULL";
+                        }
+                $out.="},\n";
+                push(@out,$out);
+                }
+        }
+
+@a=grep(defined($sn{$nid{$_}}),0 .. $n);
+foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
+        {
+        push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_));
+        }
+
+@a=grep(defined($ln{$nid{$_}}),0 .. $n);
+foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
+        {
+        push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_));
+        }
+
+@a=grep(defined($obj{$nid{$_}}),0 .. $n);
+foreach (sort obj_cmp @a)
+        {
+        $m=$obj{$nid{$_}};
+        $v=$objd{$m};
+        $v =~ s/L//g;
+        $v =~ s/,/ /g;
+        push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
+        }
+
+print OUT <<'EOF';
+/* crypto/objects/obj_dat.h */
+
+/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl obj_mac.h obj_dat.h
+ */
+
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+EOF
+
+printf OUT "#define NUM_NID %d\n",$n;
+printf OUT "#define NUM_SN %d\n",$#sn+1;
+printf OUT "#define NUM_LN %d\n",$#ln+1;
+printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
+
+printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;
+print OUT @lvalues;
+print OUT "};\n\n";
+
+printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
+foreach (@out)
+        {
+        if (length($_) > 75)
+                {
+                $out="";
+                foreach (split(/,/))
+                        {
+                        $t=$out.$_.",";
+                        if (length($t) > 70)
+                                {
+                                print OUT "$out\n";
+                                $t="\t$_,";
+                                }
+                        $out=$t;
+                        }
+                chop $out;
+                print OUT "$out";
+                }
+        else
+                { print OUT $_; }
+        }
+print  OUT "};\n\n";
+
+printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+print  OUT @sn;
+print  OUT "};\n\n";
+
+printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
+print  OUT @ln;
+print  OUT "};\n\n";
+
+printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
+print  OUT @ob;
+print  OUT "};\n\n";
+
+close OUT;
+
+sub der_it
+        {
+        local($v)=@_;
+        local(@a,$i,$ret,@r);
+
+        @a=split(/\s+/,$v);
+        $ret.=pack("C*",$a[0]*40+$a[1]);
+        shift @a;
+        shift @a;
+        foreach (@a)
+                {
+                @r=();
+                $t=0;
+                while ($_ >= 128)
+                        {
+                        $x=$_%128;
+                        $_/=128;
+                        push(@r,((($t++)?0x80:0)|$x));
+                        }
+                push(@r,((($t++)?0x80:0)|$_));
+                $ret.=pack("C*",reverse(@r));
+                }
+        return($ret);
+        }
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c
new file mode 100644
index 0000000000..2b5f43e3cc
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_err.c
@@ -0,0 +1,101 @@
+/* crypto/objects/obj_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA OBJ_str_functs[]=
+        {
+{ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0),    "OBJ_add_object"},
+{ERR_PACK(0,OBJ_F_OBJ_CREATE,0),        "OBJ_create"},
+{ERR_PACK(0,OBJ_F_OBJ_DUP,0),   "OBJ_dup"},
+{ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0),        "OBJ_NAME_new_index"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0),        "OBJ_nid2ln"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0),       "OBJ_nid2obj"},
+{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0),        "OBJ_nid2sn"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA OBJ_str_reasons[]=
+        {
+{OBJ_R_MALLOC_FAILURE                    ,"malloc failure"},
+{OBJ_R_UNKNOWN_NID                       ,"unknown nid"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_OBJ_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
+                ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c
new file mode 100644
index 0000000000..b0b0f2ff24
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_lib.c
@@ -0,0 +1,127 @@
+/* crypto/objects/obj_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
+        {
+        ASN1_OBJECT *r;
+        int i;
+        char *ln=NULL;
+
+        if (o == NULL) return(NULL);
+        if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+                return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
+                                             duplication is this??? */
+
+        r=ASN1_OBJECT_new();
+        if (r == NULL)
+                {
+                OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
+                return(NULL);
+                }
+        r->data=OPENSSL_malloc(o->length);
+        if (r->data == NULL)
+                goto err;
+        memcpy(r->data,o->data,o->length);
+        r->length=o->length;
+        r->nid=o->nid;
+        r->ln=r->sn=NULL;
+        if (o->ln != NULL)
+                {
+                i=strlen(o->ln)+1;
+                r->ln=ln=OPENSSL_malloc(i);
+                if (r->ln == NULL) goto err;
+                memcpy(ln,o->ln,i);
+                }
+
+        if (o->sn != NULL)
+                {
+                char *s;
+
+                i=strlen(o->sn)+1;
+                r->sn=s=OPENSSL_malloc(i);
+                if (r->sn == NULL) goto err;
+                memcpy(s,o->sn,i);
+                }
+        r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
+                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+        return(r);
+err:
+        OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
+        if (r != NULL)
+                {
+                if (ln != NULL) OPENSSL_free(ln);
+                if (r->data != NULL) OPENSSL_free(r->data);
+                OPENSSL_free(r);
+                }
+        return(NULL);
+        }
+
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
+        {
+        int ret;
+
+        ret=(a->length-b->length);
+        if (ret) return(ret);
+        return(memcmp(a->data,b->data,a->length));
+        }
diff --git a/src/lib/libcrypto/objects/obj_mac.h b/src/lib/libcrypto/objects/obj_mac.h
deleted file mode 100644
index 51bb50047f..0000000000
--- a/src/lib/libcrypto/objects/obj_mac.h
+++ /dev/null
@@ -1,2987 +0,0 @@
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef                        "UNDEF"
-#define LN_undef                        "undefined"
-#define NID_undef                       0
-#define OBJ_undef                       0L
-
-#define SN_ccitt                "CCITT"
-#define LN_ccitt                "ccitt"
-#define NID_ccitt               404
-#define OBJ_ccitt               0L
-
-#define SN_iso          "ISO"
-#define LN_iso          "iso"
-#define NID_iso         181
-#define OBJ_iso         1L
-
-#define SN_joint_iso_ccitt              "JOINT-ISO-CCITT"
-#define LN_joint_iso_ccitt              "joint-iso-ccitt"
-#define NID_joint_iso_ccitt             393
-#define OBJ_joint_iso_ccitt             2L
-
-#define SN_member_body          "member-body"
-#define LN_member_body          "ISO Member Body"
-#define NID_member_body         182
-#define OBJ_member_body         OBJ_iso,2L
-
-#define SN_selected_attribute_types             "selected-attribute-types"
-#define LN_selected_attribute_types             "Selected Attribute Types"
-#define NID_selected_attribute_types            394
-#define OBJ_selected_attribute_types            OBJ_joint_iso_ccitt,5L,1L,5L
-
-#define SN_clearance            "clearance"
-#define NID_clearance           395
-#define OBJ_clearance           OBJ_selected_attribute_types,55L
-
-#define SN_ISO_US               "ISO-US"
-#define LN_ISO_US               "ISO US Member Body"
-#define NID_ISO_US              183
-#define OBJ_ISO_US              OBJ_member_body,840L
-
-#define SN_X9_57                "X9-57"
-#define LN_X9_57                "X9.57"
-#define NID_X9_57               184
-#define OBJ_X9_57               OBJ_ISO_US,10040L
-
-#define SN_X9cm         "X9cm"
-#define LN_X9cm         "X9.57 CM ?"
-#define NID_X9cm                185
-#define OBJ_X9cm                OBJ_X9_57,4L
-
-#define SN_dsa          "DSA"
-#define LN_dsa          "dsaEncryption"
-#define NID_dsa         116
-#define OBJ_dsa         OBJ_X9cm,1L
-
-#define SN_dsaWithSHA1          "DSA-SHA1"
-#define LN_dsaWithSHA1          "dsaWithSHA1"
-#define NID_dsaWithSHA1         113
-#define OBJ_dsaWithSHA1         OBJ_X9cm,3L
-
-#define SN_ansi_X9_62           "ansi-X9-62"
-#define LN_ansi_X9_62           "ANSI X9.62"
-#define NID_ansi_X9_62          405
-#define OBJ_ansi_X9_62          OBJ_ISO_US,10045L
-
-#define OBJ_X9_62_id_fieldType          OBJ_ansi_X9_62,1L
-
-#define SN_X9_62_prime_field            "prime-field"
-#define NID_X9_62_prime_field           406
-#define OBJ_X9_62_prime_field           OBJ_X9_62_id_fieldType,1L
-
-#define SN_X9_62_characteristic_two_field               "characteristic-two-field"
-#define NID_X9_62_characteristic_two_field              407
-#define OBJ_X9_62_characteristic_two_field              OBJ_X9_62_id_fieldType,2L
-
-#define OBJ_X9_62_id_publicKeyType              OBJ_ansi_X9_62,2L
-
-#define SN_X9_62_id_ecPublicKey         "id-ecPublicKey"
-#define NID_X9_62_id_ecPublicKey                408
-#define OBJ_X9_62_id_ecPublicKey                OBJ_X9_62_id_publicKeyType,1L
-
-#define OBJ_X9_62_ellipticCurve         OBJ_ansi_X9_62,3L
-
-#define OBJ_X9_62_c_TwoCurve            OBJ_X9_62_ellipticCurve,0L
-
-#define OBJ_X9_62_primeCurve            OBJ_X9_62_ellipticCurve,1L
-
-#define SN_X9_62_prime192v1             "prime192v1"
-#define NID_X9_62_prime192v1            409
-#define OBJ_X9_62_prime192v1            OBJ_X9_62_primeCurve,1L
-
-#define SN_X9_62_prime192v2             "prime192v2"
-#define NID_X9_62_prime192v2            410
-#define OBJ_X9_62_prime192v2            OBJ_X9_62_primeCurve,2L
-
-#define SN_X9_62_prime192v3             "prime192v3"
-#define NID_X9_62_prime192v3            411
-#define OBJ_X9_62_prime192v3            OBJ_X9_62_primeCurve,3L
-
-#define SN_X9_62_prime239v1             "prime239v1"
-#define NID_X9_62_prime239v1            412
-#define OBJ_X9_62_prime239v1            OBJ_X9_62_primeCurve,4L
-
-#define SN_X9_62_prime239v2             "prime239v2"
-#define NID_X9_62_prime239v2            413
-#define OBJ_X9_62_prime239v2            OBJ_X9_62_primeCurve,5L
-
-#define SN_X9_62_prime239v3             "prime239v3"
-#define NID_X9_62_prime239v3            414
-#define OBJ_X9_62_prime239v3            OBJ_X9_62_primeCurve,6L
-
-#define SN_X9_62_prime256v1             "prime256v1"
-#define NID_X9_62_prime256v1            415
-#define OBJ_X9_62_prime256v1            OBJ_X9_62_primeCurve,7L
-
-#define OBJ_X9_62_id_ecSigType          OBJ_ansi_X9_62,4L
-
-#define SN_ecdsa_with_SHA1              "ecdsa-with-SHA1"
-#define NID_ecdsa_with_SHA1             416
-#define OBJ_ecdsa_with_SHA1             OBJ_X9_62_id_ecSigType,1L
-
-#define SN_cast5_cbc            "CAST5-CBC"
-#define LN_cast5_cbc            "cast5-cbc"
-#define NID_cast5_cbc           108
-#define OBJ_cast5_cbc           OBJ_ISO_US,113533L,7L,66L,10L
-
-#define SN_cast5_ecb            "CAST5-ECB"
-#define LN_cast5_ecb            "cast5-ecb"
-#define NID_cast5_ecb           109
-
-#define SN_cast5_cfb64          "CAST5-CFB"
-#define LN_cast5_cfb64          "cast5-cfb"
-#define NID_cast5_cfb64         110
-
-#define SN_cast5_ofb64          "CAST5-OFB"
-#define LN_cast5_ofb64          "cast5-ofb"
-#define NID_cast5_ofb64         111
-
-#define LN_pbeWithMD5AndCast5_CBC               "pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC              112
-#define OBJ_pbeWithMD5AndCast5_CBC              OBJ_ISO_US,113533L,7L,66L,12L
-
-#define SN_rsadsi               "rsadsi"
-#define LN_rsadsi               "RSA Data Security, Inc."
-#define NID_rsadsi              1
-#define OBJ_rsadsi              OBJ_ISO_US,113549L
-
-#define SN_pkcs         "pkcs"
-#define LN_pkcs         "RSA Data Security, Inc. PKCS"
-#define NID_pkcs                2
-#define OBJ_pkcs                OBJ_rsadsi,1L
-
-#define SN_pkcs1                "pkcs1"
-#define NID_pkcs1               186
-#define OBJ_pkcs1               OBJ_pkcs,1L
-
-#define LN_rsaEncryption                "rsaEncryption"
-#define NID_rsaEncryption               6
-#define OBJ_rsaEncryption               OBJ_pkcs1,1L
-
-#define SN_md2WithRSAEncryption         "RSA-MD2"
-#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption                7
-#define OBJ_md2WithRSAEncryption                OBJ_pkcs1,2L
-
-#define SN_md4WithRSAEncryption         "RSA-MD4"
-#define LN_md4WithRSAEncryption         "md4WithRSAEncryption"
-#define NID_md4WithRSAEncryption                396
-#define OBJ_md4WithRSAEncryption                OBJ_pkcs1,3L
-
-#define SN_md5WithRSAEncryption         "RSA-MD5"
-#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption                8
-#define OBJ_md5WithRSAEncryption                OBJ_pkcs1,4L
-
-#define SN_sha1WithRSAEncryption                "RSA-SHA1"
-#define LN_sha1WithRSAEncryption                "sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption               65
-#define OBJ_sha1WithRSAEncryption               OBJ_pkcs1,5L
-
-#define SN_sha256WithRSAEncryption              "RSA-SHA256"
-#define LN_sha256WithRSAEncryption              "sha256WithRSAEncryption"
-#define NID_sha256WithRSAEncryption             668
-#define OBJ_sha256WithRSAEncryption             OBJ_pkcs1,11L
-
-#define SN_sha384WithRSAEncryption              "RSA-SHA384"
-#define LN_sha384WithRSAEncryption              "sha384WithRSAEncryption"
-#define NID_sha384WithRSAEncryption             669
-#define OBJ_sha384WithRSAEncryption             OBJ_pkcs1,12L
-
-#define SN_sha512WithRSAEncryption              "RSA-SHA512"
-#define LN_sha512WithRSAEncryption              "sha512WithRSAEncryption"
-#define NID_sha512WithRSAEncryption             670
-#define OBJ_sha512WithRSAEncryption             OBJ_pkcs1,13L
-
-#define SN_sha224WithRSAEncryption              "RSA-SHA224"
-#define LN_sha224WithRSAEncryption              "sha224WithRSAEncryption"
-#define NID_sha224WithRSAEncryption             671
-#define OBJ_sha224WithRSAEncryption             OBJ_pkcs1,14L
-
-#define SN_pkcs3                "pkcs3"
-#define NID_pkcs3               27
-#define OBJ_pkcs3               OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement               "dhKeyAgreement"
-#define NID_dhKeyAgreement              28
-#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
-
-#define SN_pkcs5                "pkcs5"
-#define NID_pkcs5               187
-#define OBJ_pkcs5               OBJ_pkcs,5L
-
-#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC                9
-#define OBJ_pbeWithMD2AndDES_CBC                OBJ_pkcs5,1L
-
-#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC                10
-#define OBJ_pbeWithMD5AndDES_CBC                OBJ_pkcs5,3L
-
-#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC                168
-#define OBJ_pbeWithMD2AndRC2_CBC                OBJ_pkcs5,4L
-
-#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC                169
-#define OBJ_pbeWithMD5AndRC2_CBC                OBJ_pkcs5,6L
-
-#define SN_pbeWithSHA1AndDES_CBC                "PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC                "pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC               170
-#define OBJ_pbeWithSHA1AndDES_CBC               OBJ_pkcs5,10L
-
-#define SN_pbeWithSHA1AndRC2_CBC                "PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC                "pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC               68
-#define OBJ_pbeWithSHA1AndRC2_CBC               OBJ_pkcs5,11L
-
-#define LN_id_pbkdf2            "PBKDF2"
-#define NID_id_pbkdf2           69
-#define OBJ_id_pbkdf2           OBJ_pkcs5,12L
-
-#define LN_pbes2                "PBES2"
-#define NID_pbes2               161
-#define OBJ_pbes2               OBJ_pkcs5,13L
-
-#define LN_pbmac1               "PBMAC1"
-#define NID_pbmac1              162
-#define OBJ_pbmac1              OBJ_pkcs5,14L
-
-#define SN_pkcs7                "pkcs7"
-#define NID_pkcs7               20
-#define OBJ_pkcs7               OBJ_pkcs,7L
-
-#define LN_pkcs7_data           "pkcs7-data"
-#define NID_pkcs7_data          21
-#define OBJ_pkcs7_data          OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed         "pkcs7-signedData"
-#define NID_pkcs7_signed                22
-#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
-#define NID_pkcs7_enveloped             23
-#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped             "pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped            24
-#define OBJ_pkcs7_signedAndEnveloped            OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest         "pkcs7-digestData"
-#define NID_pkcs7_digest                25
-#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
-#define NID_pkcs7_encrypted             26
-#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
-
-#define SN_pkcs9                "pkcs9"
-#define NID_pkcs9               47
-#define OBJ_pkcs9               OBJ_pkcs,9L
-
-#define LN_pkcs9_emailAddress           "emailAddress"
-#define NID_pkcs9_emailAddress          48
-#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName               "unstructuredName"
-#define NID_pkcs9_unstructuredName              49
-#define OBJ_pkcs9_unstructuredName              OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType            "contentType"
-#define NID_pkcs9_contentType           50
-#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest          "messageDigest"
-#define NID_pkcs9_messageDigest         51
-#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime            "signingTime"
-#define NID_pkcs9_signingTime           52
-#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature               "countersignature"
-#define NID_pkcs9_countersignature              53
-#define OBJ_pkcs9_countersignature              OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword              "challengePassword"
-#define NID_pkcs9_challengePassword             54
-#define OBJ_pkcs9_challengePassword             OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress            "unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress           55
-#define OBJ_pkcs9_unstructuredAddress           OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes              "extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes             56
-#define OBJ_pkcs9_extCertAttributes             OBJ_pkcs9,9L
-
-#define SN_ext_req              "extReq"
-#define LN_ext_req              "Extension Request"
-#define NID_ext_req             172
-#define OBJ_ext_req             OBJ_pkcs9,14L
-
-#define SN_SMIMECapabilities            "SMIME-CAPS"
-#define LN_SMIMECapabilities            "S/MIME Capabilities"
-#define NID_SMIMECapabilities           167
-#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
-
-#define SN_SMIME                "SMIME"
-#define LN_SMIME                "S/MIME"
-#define NID_SMIME               188
-#define OBJ_SMIME               OBJ_pkcs9,16L
-
-#define SN_id_smime_mod         "id-smime-mod"
-#define NID_id_smime_mod                189
-#define OBJ_id_smime_mod                OBJ_SMIME,0L
-
-#define SN_id_smime_ct          "id-smime-ct"
-#define NID_id_smime_ct         190
-#define OBJ_id_smime_ct         OBJ_SMIME,1L
-
-#define SN_id_smime_aa          "id-smime-aa"
-#define NID_id_smime_aa         191
-#define OBJ_id_smime_aa         OBJ_SMIME,2L
-
-#define SN_id_smime_alg         "id-smime-alg"
-#define NID_id_smime_alg                192
-#define OBJ_id_smime_alg                OBJ_SMIME,3L
-
-#define SN_id_smime_cd          "id-smime-cd"
-#define NID_id_smime_cd         193
-#define OBJ_id_smime_cd         OBJ_SMIME,4L
-
-#define SN_id_smime_spq         "id-smime-spq"
-#define NID_id_smime_spq                194
-#define OBJ_id_smime_spq                OBJ_SMIME,5L
-
-#define SN_id_smime_cti         "id-smime-cti"
-#define NID_id_smime_cti                195
-#define OBJ_id_smime_cti                OBJ_SMIME,6L
-
-#define SN_id_smime_mod_cms             "id-smime-mod-cms"
-#define NID_id_smime_mod_cms            196
-#define OBJ_id_smime_mod_cms            OBJ_id_smime_mod,1L
-
-#define SN_id_smime_mod_ess             "id-smime-mod-ess"
-#define NID_id_smime_mod_ess            197
-#define OBJ_id_smime_mod_ess            OBJ_id_smime_mod,2L
-
-#define SN_id_smime_mod_oid             "id-smime-mod-oid"
-#define NID_id_smime_mod_oid            198
-#define OBJ_id_smime_mod_oid            OBJ_id_smime_mod,3L
-
-#define SN_id_smime_mod_msg_v3          "id-smime-mod-msg-v3"
-#define NID_id_smime_mod_msg_v3         199
-#define OBJ_id_smime_mod_msg_v3         OBJ_id_smime_mod,4L
-
-#define SN_id_smime_mod_ets_eSignature_88               "id-smime-mod-ets-eSignature-88"
-#define NID_id_smime_mod_ets_eSignature_88              200
-#define OBJ_id_smime_mod_ets_eSignature_88              OBJ_id_smime_mod,5L
-
-#define SN_id_smime_mod_ets_eSignature_97               "id-smime-mod-ets-eSignature-97"
-#define NID_id_smime_mod_ets_eSignature_97              201
-#define OBJ_id_smime_mod_ets_eSignature_97              OBJ_id_smime_mod,6L
-
-#define SN_id_smime_mod_ets_eSigPolicy_88               "id-smime-mod-ets-eSigPolicy-88"
-#define NID_id_smime_mod_ets_eSigPolicy_88              202
-#define OBJ_id_smime_mod_ets_eSigPolicy_88              OBJ_id_smime_mod,7L
-
-#define SN_id_smime_mod_ets_eSigPolicy_97               "id-smime-mod-ets-eSigPolicy-97"
-#define NID_id_smime_mod_ets_eSigPolicy_97              203
-#define OBJ_id_smime_mod_ets_eSigPolicy_97              OBJ_id_smime_mod,8L
-
-#define SN_id_smime_ct_receipt          "id-smime-ct-receipt"
-#define NID_id_smime_ct_receipt         204
-#define OBJ_id_smime_ct_receipt         OBJ_id_smime_ct,1L
-
-#define SN_id_smime_ct_authData         "id-smime-ct-authData"
-#define NID_id_smime_ct_authData                205
-#define OBJ_id_smime_ct_authData                OBJ_id_smime_ct,2L
-
-#define SN_id_smime_ct_publishCert              "id-smime-ct-publishCert"
-#define NID_id_smime_ct_publishCert             206
-#define OBJ_id_smime_ct_publishCert             OBJ_id_smime_ct,3L
-
-#define SN_id_smime_ct_TSTInfo          "id-smime-ct-TSTInfo"
-#define NID_id_smime_ct_TSTInfo         207
-#define OBJ_id_smime_ct_TSTInfo         OBJ_id_smime_ct,4L
-
-#define SN_id_smime_ct_TDTInfo          "id-smime-ct-TDTInfo"
-#define NID_id_smime_ct_TDTInfo         208
-#define OBJ_id_smime_ct_TDTInfo         OBJ_id_smime_ct,5L
-
-#define SN_id_smime_ct_contentInfo              "id-smime-ct-contentInfo"
-#define NID_id_smime_ct_contentInfo             209
-#define OBJ_id_smime_ct_contentInfo             OBJ_id_smime_ct,6L
-
-#define SN_id_smime_ct_DVCSRequestData          "id-smime-ct-DVCSRequestData"
-#define NID_id_smime_ct_DVCSRequestData         210
-#define OBJ_id_smime_ct_DVCSRequestData         OBJ_id_smime_ct,7L
-
-#define SN_id_smime_ct_DVCSResponseData         "id-smime-ct-DVCSResponseData"
-#define NID_id_smime_ct_DVCSResponseData                211
-#define OBJ_id_smime_ct_DVCSResponseData                OBJ_id_smime_ct,8L
-
-#define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
-#define NID_id_smime_aa_receiptRequest          212
-#define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
-
-#define SN_id_smime_aa_securityLabel            "id-smime-aa-securityLabel"
-#define NID_id_smime_aa_securityLabel           213
-#define OBJ_id_smime_aa_securityLabel           OBJ_id_smime_aa,2L
-
-#define SN_id_smime_aa_mlExpandHistory          "id-smime-aa-mlExpandHistory"
-#define NID_id_smime_aa_mlExpandHistory         214
-#define OBJ_id_smime_aa_mlExpandHistory         OBJ_id_smime_aa,3L
-
-#define SN_id_smime_aa_contentHint              "id-smime-aa-contentHint"
-#define NID_id_smime_aa_contentHint             215
-#define OBJ_id_smime_aa_contentHint             OBJ_id_smime_aa,4L
-
-#define SN_id_smime_aa_msgSigDigest             "id-smime-aa-msgSigDigest"
-#define NID_id_smime_aa_msgSigDigest            216
-#define OBJ_id_smime_aa_msgSigDigest            OBJ_id_smime_aa,5L
-
-#define SN_id_smime_aa_encapContentType         "id-smime-aa-encapContentType"
-#define NID_id_smime_aa_encapContentType                217
-#define OBJ_id_smime_aa_encapContentType                OBJ_id_smime_aa,6L
-
-#define SN_id_smime_aa_contentIdentifier                "id-smime-aa-contentIdentifier"
-#define NID_id_smime_aa_contentIdentifier               218
-#define OBJ_id_smime_aa_contentIdentifier               OBJ_id_smime_aa,7L
-
-#define SN_id_smime_aa_macValue         "id-smime-aa-macValue"
-#define NID_id_smime_aa_macValue                219
-#define OBJ_id_smime_aa_macValue                OBJ_id_smime_aa,8L
-
-#define SN_id_smime_aa_equivalentLabels         "id-smime-aa-equivalentLabels"
-#define NID_id_smime_aa_equivalentLabels                220
-#define OBJ_id_smime_aa_equivalentLabels                OBJ_id_smime_aa,9L
-
-#define SN_id_smime_aa_contentReference         "id-smime-aa-contentReference"
-#define NID_id_smime_aa_contentReference                221
-#define OBJ_id_smime_aa_contentReference                OBJ_id_smime_aa,10L
-
-#define SN_id_smime_aa_encrypKeyPref            "id-smime-aa-encrypKeyPref"
-#define NID_id_smime_aa_encrypKeyPref           222
-#define OBJ_id_smime_aa_encrypKeyPref           OBJ_id_smime_aa,11L
-
-#define SN_id_smime_aa_signingCertificate               "id-smime-aa-signingCertificate"
-#define NID_id_smime_aa_signingCertificate              223
-#define OBJ_id_smime_aa_signingCertificate              OBJ_id_smime_aa,12L
-
-#define SN_id_smime_aa_smimeEncryptCerts                "id-smime-aa-smimeEncryptCerts"
-#define NID_id_smime_aa_smimeEncryptCerts               224
-#define OBJ_id_smime_aa_smimeEncryptCerts               OBJ_id_smime_aa,13L
-
-#define SN_id_smime_aa_timeStampToken           "id-smime-aa-timeStampToken"
-#define NID_id_smime_aa_timeStampToken          225
-#define OBJ_id_smime_aa_timeStampToken          OBJ_id_smime_aa,14L
-
-#define SN_id_smime_aa_ets_sigPolicyId          "id-smime-aa-ets-sigPolicyId"
-#define NID_id_smime_aa_ets_sigPolicyId         226
-#define OBJ_id_smime_aa_ets_sigPolicyId         OBJ_id_smime_aa,15L
-
-#define SN_id_smime_aa_ets_commitmentType               "id-smime-aa-ets-commitmentType"
-#define NID_id_smime_aa_ets_commitmentType              227
-#define OBJ_id_smime_aa_ets_commitmentType              OBJ_id_smime_aa,16L
-
-#define SN_id_smime_aa_ets_signerLocation               "id-smime-aa-ets-signerLocation"
-#define NID_id_smime_aa_ets_signerLocation              228
-#define OBJ_id_smime_aa_ets_signerLocation              OBJ_id_smime_aa,17L
-
-#define SN_id_smime_aa_ets_signerAttr           "id-smime-aa-ets-signerAttr"
-#define NID_id_smime_aa_ets_signerAttr          229
-#define OBJ_id_smime_aa_ets_signerAttr          OBJ_id_smime_aa,18L
-
-#define SN_id_smime_aa_ets_otherSigCert         "id-smime-aa-ets-otherSigCert"
-#define NID_id_smime_aa_ets_otherSigCert                230
-#define OBJ_id_smime_aa_ets_otherSigCert                OBJ_id_smime_aa,19L
-
-#define SN_id_smime_aa_ets_contentTimestamp             "id-smime-aa-ets-contentTimestamp"
-#define NID_id_smime_aa_ets_contentTimestamp            231
-#define OBJ_id_smime_aa_ets_contentTimestamp            OBJ_id_smime_aa,20L
-
-#define SN_id_smime_aa_ets_CertificateRefs              "id-smime-aa-ets-CertificateRefs"
-#define NID_id_smime_aa_ets_CertificateRefs             232
-#define OBJ_id_smime_aa_ets_CertificateRefs             OBJ_id_smime_aa,21L
-
-#define SN_id_smime_aa_ets_RevocationRefs               "id-smime-aa-ets-RevocationRefs"
-#define NID_id_smime_aa_ets_RevocationRefs              233
-#define OBJ_id_smime_aa_ets_RevocationRefs              OBJ_id_smime_aa,22L
-
-#define SN_id_smime_aa_ets_certValues           "id-smime-aa-ets-certValues"
-#define NID_id_smime_aa_ets_certValues          234
-#define OBJ_id_smime_aa_ets_certValues          OBJ_id_smime_aa,23L
-
-#define SN_id_smime_aa_ets_revocationValues             "id-smime-aa-ets-revocationValues"
-#define NID_id_smime_aa_ets_revocationValues            235
-#define OBJ_id_smime_aa_ets_revocationValues            OBJ_id_smime_aa,24L
-
-#define SN_id_smime_aa_ets_escTimeStamp         "id-smime-aa-ets-escTimeStamp"
-#define NID_id_smime_aa_ets_escTimeStamp                236
-#define OBJ_id_smime_aa_ets_escTimeStamp                OBJ_id_smime_aa,25L
-
-#define SN_id_smime_aa_ets_certCRLTimestamp             "id-smime-aa-ets-certCRLTimestamp"
-#define NID_id_smime_aa_ets_certCRLTimestamp            237
-#define OBJ_id_smime_aa_ets_certCRLTimestamp            OBJ_id_smime_aa,26L
-
-#define SN_id_smime_aa_ets_archiveTimeStamp             "id-smime-aa-ets-archiveTimeStamp"
-#define NID_id_smime_aa_ets_archiveTimeStamp            238
-#define OBJ_id_smime_aa_ets_archiveTimeStamp            OBJ_id_smime_aa,27L
-
-#define SN_id_smime_aa_signatureType            "id-smime-aa-signatureType"
-#define NID_id_smime_aa_signatureType           239
-#define OBJ_id_smime_aa_signatureType           OBJ_id_smime_aa,28L
-
-#define SN_id_smime_aa_dvcs_dvc         "id-smime-aa-dvcs-dvc"
-#define NID_id_smime_aa_dvcs_dvc                240
-#define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
-
-#define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
-#define NID_id_smime_alg_ESDHwith3DES           241
-#define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
-
-#define SN_id_smime_alg_ESDHwithRC2             "id-smime-alg-ESDHwithRC2"
-#define NID_id_smime_alg_ESDHwithRC2            242
-#define OBJ_id_smime_alg_ESDHwithRC2            OBJ_id_smime_alg,2L
-
-#define SN_id_smime_alg_3DESwrap                "id-smime-alg-3DESwrap"
-#define NID_id_smime_alg_3DESwrap               243
-#define OBJ_id_smime_alg_3DESwrap               OBJ_id_smime_alg,3L
-
-#define SN_id_smime_alg_RC2wrap         "id-smime-alg-RC2wrap"
-#define NID_id_smime_alg_RC2wrap                244
-#define OBJ_id_smime_alg_RC2wrap                OBJ_id_smime_alg,4L
-
-#define SN_id_smime_alg_ESDH            "id-smime-alg-ESDH"
-#define NID_id_smime_alg_ESDH           245
-#define OBJ_id_smime_alg_ESDH           OBJ_id_smime_alg,5L
-
-#define SN_id_smime_alg_CMS3DESwrap             "id-smime-alg-CMS3DESwrap"
-#define NID_id_smime_alg_CMS3DESwrap            246
-#define OBJ_id_smime_alg_CMS3DESwrap            OBJ_id_smime_alg,6L
-
-#define SN_id_smime_alg_CMSRC2wrap              "id-smime-alg-CMSRC2wrap"
-#define NID_id_smime_alg_CMSRC2wrap             247
-#define OBJ_id_smime_alg_CMSRC2wrap             OBJ_id_smime_alg,7L
-
-#define SN_id_smime_cd_ldap             "id-smime-cd-ldap"
-#define NID_id_smime_cd_ldap            248
-#define OBJ_id_smime_cd_ldap            OBJ_id_smime_cd,1L
-
-#define SN_id_smime_spq_ets_sqt_uri             "id-smime-spq-ets-sqt-uri"
-#define NID_id_smime_spq_ets_sqt_uri            249
-#define OBJ_id_smime_spq_ets_sqt_uri            OBJ_id_smime_spq,1L
-
-#define SN_id_smime_spq_ets_sqt_unotice         "id-smime-spq-ets-sqt-unotice"
-#define NID_id_smime_spq_ets_sqt_unotice                250
-#define OBJ_id_smime_spq_ets_sqt_unotice                OBJ_id_smime_spq,2L
-
-#define SN_id_smime_cti_ets_proofOfOrigin               "id-smime-cti-ets-proofOfOrigin"
-#define NID_id_smime_cti_ets_proofOfOrigin              251
-#define OBJ_id_smime_cti_ets_proofOfOrigin              OBJ_id_smime_cti,1L
-
-#define SN_id_smime_cti_ets_proofOfReceipt              "id-smime-cti-ets-proofOfReceipt"
-#define NID_id_smime_cti_ets_proofOfReceipt             252
-#define OBJ_id_smime_cti_ets_proofOfReceipt             OBJ_id_smime_cti,2L
-
-#define SN_id_smime_cti_ets_proofOfDelivery             "id-smime-cti-ets-proofOfDelivery"
-#define NID_id_smime_cti_ets_proofOfDelivery            253
-#define OBJ_id_smime_cti_ets_proofOfDelivery            OBJ_id_smime_cti,3L
-
-#define SN_id_smime_cti_ets_proofOfSender               "id-smime-cti-ets-proofOfSender"
-#define NID_id_smime_cti_ets_proofOfSender              254
-#define OBJ_id_smime_cti_ets_proofOfSender              OBJ_id_smime_cti,4L
-
-#define SN_id_smime_cti_ets_proofOfApproval             "id-smime-cti-ets-proofOfApproval"
-#define NID_id_smime_cti_ets_proofOfApproval            255
-#define OBJ_id_smime_cti_ets_proofOfApproval            OBJ_id_smime_cti,5L
-
-#define SN_id_smime_cti_ets_proofOfCreation             "id-smime-cti-ets-proofOfCreation"
-#define NID_id_smime_cti_ets_proofOfCreation            256
-#define OBJ_id_smime_cti_ets_proofOfCreation            OBJ_id_smime_cti,6L
-
-#define LN_friendlyName         "friendlyName"
-#define NID_friendlyName                156
-#define OBJ_friendlyName                OBJ_pkcs9,20L
-
-#define LN_localKeyID           "localKeyID"
-#define NID_localKeyID          157
-#define OBJ_localKeyID          OBJ_pkcs9,21L
-
-#define SN_ms_csp_name          "CSPName"
-#define LN_ms_csp_name          "Microsoft CSP Name"
-#define NID_ms_csp_name         417
-#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
-
-#define OBJ_certTypes           OBJ_pkcs9,22L
-
-#define LN_x509Certificate              "x509Certificate"
-#define NID_x509Certificate             158
-#define OBJ_x509Certificate             OBJ_certTypes,1L
-
-#define LN_sdsiCertificate              "sdsiCertificate"
-#define NID_sdsiCertificate             159
-#define OBJ_sdsiCertificate             OBJ_certTypes,2L
-
-#define OBJ_crlTypes            OBJ_pkcs9,23L
-
-#define LN_x509Crl              "x509Crl"
-#define NID_x509Crl             160
-#define OBJ_x509Crl             OBJ_crlTypes,1L
-
-#define OBJ_pkcs12              OBJ_pkcs,12L
-
-#define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
-
-#define SN_pbe_WithSHA1And128BitRC4             "PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4             "pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4            144
-#define OBJ_pbe_WithSHA1And128BitRC4            OBJ_pkcs12_pbeids,1L
-
-#define SN_pbe_WithSHA1And40BitRC4              "PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4              "pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4             145
-#define OBJ_pbe_WithSHA1And40BitRC4             OBJ_pkcs12_pbeids,2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC           "PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC           "pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC          146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC           "PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC           "pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC          147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC                148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC                OBJ_pkcs12_pbeids,5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC          "PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC          "pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC         149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC         OBJ_pkcs12_pbeids,6L
-
-#define OBJ_pkcs12_Version1             OBJ_pkcs12,10L
-
-#define OBJ_pkcs12_BagIds               OBJ_pkcs12_Version1,1L
-
-#define LN_keyBag               "keyBag"
-#define NID_keyBag              150
-#define OBJ_keyBag              OBJ_pkcs12_BagIds,1L
-
-#define LN_pkcs8ShroudedKeyBag          "pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag         151
-#define OBJ_pkcs8ShroudedKeyBag         OBJ_pkcs12_BagIds,2L
-
-#define LN_certBag              "certBag"
-#define NID_certBag             152
-#define OBJ_certBag             OBJ_pkcs12_BagIds,3L
-
-#define LN_crlBag               "crlBag"
-#define NID_crlBag              153
-#define OBJ_crlBag              OBJ_pkcs12_BagIds,4L
-
-#define LN_secretBag            "secretBag"
-#define NID_secretBag           154
-#define OBJ_secretBag           OBJ_pkcs12_BagIds,5L
-
-#define LN_safeContentsBag              "safeContentsBag"
-#define NID_safeContentsBag             155
-#define OBJ_safeContentsBag             OBJ_pkcs12_BagIds,6L
-
-#define SN_md2          "MD2"
-#define LN_md2          "md2"
-#define NID_md2         3
-#define OBJ_md2         OBJ_rsadsi,2L,2L
-
-#define SN_md4          "MD4"
-#define LN_md4          "md4"
-#define NID_md4         257
-#define OBJ_md4         OBJ_rsadsi,2L,4L
-
-#define SN_md5          "MD5"
-#define LN_md5          "md5"
-#define NID_md5         4
-#define OBJ_md5         OBJ_rsadsi,2L,5L
-
-#define SN_md5_sha1             "MD5-SHA1"
-#define LN_md5_sha1             "md5-sha1"
-#define NID_md5_sha1            114
-
-#define LN_hmacWithSHA1         "hmacWithSHA1"
-#define NID_hmacWithSHA1                163
-#define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
-
-#define SN_rc2_cbc              "RC2-CBC"
-#define LN_rc2_cbc              "rc2-cbc"
-#define NID_rc2_cbc             37
-#define OBJ_rc2_cbc             OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb              "RC2-ECB"
-#define LN_rc2_ecb              "rc2-ecb"
-#define NID_rc2_ecb             38
-
-#define SN_rc2_cfb64            "RC2-CFB"
-#define LN_rc2_cfb64            "rc2-cfb"
-#define NID_rc2_cfb64           39
-
-#define SN_rc2_ofb64            "RC2-OFB"
-#define LN_rc2_ofb64            "rc2-ofb"
-#define NID_rc2_ofb64           40
-
-#define SN_rc2_40_cbc           "RC2-40-CBC"
-#define LN_rc2_40_cbc           "rc2-40-cbc"
-#define NID_rc2_40_cbc          98
-
-#define SN_rc2_64_cbc           "RC2-64-CBC"
-#define LN_rc2_64_cbc           "rc2-64-cbc"
-#define NID_rc2_64_cbc          166
-
-#define SN_rc4          "RC4"
-#define LN_rc4          "rc4"
-#define NID_rc4         5
-#define OBJ_rc4         OBJ_rsadsi,3L,4L
-
-#define SN_rc4_40               "RC4-40"
-#define LN_rc4_40               "rc4-40"
-#define NID_rc4_40              97
-
-#define SN_des_ede3_cbc         "DES-EDE3-CBC"
-#define LN_des_ede3_cbc         "des-ede3-cbc"
-#define NID_des_ede3_cbc                44
-#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
-
-#define SN_rc5_cbc              "RC5-CBC"
-#define LN_rc5_cbc              "rc5-cbc"
-#define NID_rc5_cbc             120
-#define OBJ_rc5_cbc             OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb              "RC5-ECB"
-#define LN_rc5_ecb              "rc5-ecb"
-#define NID_rc5_ecb             121
-
-#define SN_rc5_cfb64            "RC5-CFB"
-#define LN_rc5_cfb64            "rc5-cfb"
-#define NID_rc5_cfb64           122
-
-#define SN_rc5_ofb64            "RC5-OFB"
-#define LN_rc5_ofb64            "rc5-ofb"
-#define NID_rc5_ofb64           123
-
-#define SN_ms_ext_req           "msExtReq"
-#define LN_ms_ext_req           "Microsoft Extension Request"
-#define NID_ms_ext_req          171
-#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define SN_ms_code_ind          "msCodeInd"
-#define LN_ms_code_ind          "Microsoft Individual Code Signing"
-#define NID_ms_code_ind         134
-#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com          "msCodeCom"
-#define LN_ms_code_com          "Microsoft Commercial Code Signing"
-#define NID_ms_code_com         135
-#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign          "msCTLSign"
-#define LN_ms_ctl_sign          "Microsoft Trust List Signing"
-#define NID_ms_ctl_sign         136
-#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc               "msSGC"
-#define LN_ms_sgc               "Microsoft Server Gated Crypto"
-#define NID_ms_sgc              137
-#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs               "msEFS"
-#define LN_ms_efs               "Microsoft Encrypted File System"
-#define NID_ms_efs              138
-#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-#define SN_ms_smartcard_login           "msSmartcardLogin"
-#define LN_ms_smartcard_login           "Microsoft Smartcardlogin"
-#define NID_ms_smartcard_login          648
-#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
-
-#define SN_ms_upn               "msUPN"
-#define LN_ms_upn               "Microsoft Universal Principal Name"
-#define NID_ms_upn              649
-#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
-
-#define SN_idea_cbc             "IDEA-CBC"
-#define LN_idea_cbc             "idea-cbc"
-#define NID_idea_cbc            34
-#define OBJ_idea_cbc            1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_ecb             "IDEA-ECB"
-#define LN_idea_ecb             "idea-ecb"
-#define NID_idea_ecb            36
-
-#define SN_idea_cfb64           "IDEA-CFB"
-#define LN_idea_cfb64           "idea-cfb"
-#define NID_idea_cfb64          35
-
-#define SN_idea_ofb64           "IDEA-OFB"
-#define LN_idea_ofb64           "idea-ofb"
-#define NID_idea_ofb64          46
-
-#define SN_bf_cbc               "BF-CBC"
-#define LN_bf_cbc               "bf-cbc"
-#define NID_bf_cbc              91
-#define OBJ_bf_cbc              1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb               "BF-ECB"
-#define LN_bf_ecb               "bf-ecb"
-#define NID_bf_ecb              92
-
-#define SN_bf_cfb64             "BF-CFB"
-#define LN_bf_cfb64             "bf-cfb"
-#define NID_bf_cfb64            93
-
-#define SN_bf_ofb64             "BF-OFB"
-#define LN_bf_ofb64             "bf-ofb"
-#define NID_bf_ofb64            94
-
-#define SN_id_pkix              "PKIX"
-#define NID_id_pkix             127
-#define OBJ_id_pkix             1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_pkix_mod          "id-pkix-mod"
-#define NID_id_pkix_mod         258
-#define OBJ_id_pkix_mod         OBJ_id_pkix,0L
-
-#define SN_id_pe                "id-pe"
-#define NID_id_pe               175
-#define OBJ_id_pe               OBJ_id_pkix,1L
-
-#define SN_id_qt                "id-qt"
-#define NID_id_qt               259
-#define OBJ_id_qt               OBJ_id_pkix,2L
-
-#define SN_id_kp                "id-kp"
-#define NID_id_kp               128
-#define OBJ_id_kp               OBJ_id_pkix,3L
-
-#define SN_id_it                "id-it"
-#define NID_id_it               260
-#define OBJ_id_it               OBJ_id_pkix,4L
-
-#define SN_id_pkip              "id-pkip"
-#define NID_id_pkip             261
-#define OBJ_id_pkip             OBJ_id_pkix,5L
-
-#define SN_id_alg               "id-alg"
-#define NID_id_alg              262
-#define OBJ_id_alg              OBJ_id_pkix,6L
-
-#define SN_id_cmc               "id-cmc"
-#define NID_id_cmc              263
-#define OBJ_id_cmc              OBJ_id_pkix,7L
-
-#define SN_id_on                "id-on"
-#define NID_id_on               264
-#define OBJ_id_on               OBJ_id_pkix,8L
-
-#define SN_id_pda               "id-pda"
-#define NID_id_pda              265
-#define OBJ_id_pda              OBJ_id_pkix,9L
-
-#define SN_id_aca               "id-aca"
-#define NID_id_aca              266
-#define OBJ_id_aca              OBJ_id_pkix,10L
-
-#define SN_id_qcs               "id-qcs"
-#define NID_id_qcs              267
-#define OBJ_id_qcs              OBJ_id_pkix,11L
-
-#define SN_id_cct               "id-cct"
-#define NID_id_cct              268
-#define OBJ_id_cct              OBJ_id_pkix,12L
-
-#define SN_id_ppl               "id-ppl"
-#define NID_id_ppl              662
-#define OBJ_id_ppl              OBJ_id_pkix,21L
-
-#define SN_id_ad                "id-ad"
-#define NID_id_ad               176
-#define OBJ_id_ad               OBJ_id_pkix,48L
-
-#define SN_id_pkix1_explicit_88         "id-pkix1-explicit-88"
-#define NID_id_pkix1_explicit_88                269
-#define OBJ_id_pkix1_explicit_88                OBJ_id_pkix_mod,1L
-
-#define SN_id_pkix1_implicit_88         "id-pkix1-implicit-88"
-#define NID_id_pkix1_implicit_88                270
-#define OBJ_id_pkix1_implicit_88                OBJ_id_pkix_mod,2L
-
-#define SN_id_pkix1_explicit_93         "id-pkix1-explicit-93"
-#define NID_id_pkix1_explicit_93                271
-#define OBJ_id_pkix1_explicit_93                OBJ_id_pkix_mod,3L
-
-#define SN_id_pkix1_implicit_93         "id-pkix1-implicit-93"
-#define NID_id_pkix1_implicit_93                272
-#define OBJ_id_pkix1_implicit_93                OBJ_id_pkix_mod,4L
-
-#define SN_id_mod_crmf          "id-mod-crmf"
-#define NID_id_mod_crmf         273
-#define OBJ_id_mod_crmf         OBJ_id_pkix_mod,5L
-
-#define SN_id_mod_cmc           "id-mod-cmc"
-#define NID_id_mod_cmc          274
-#define OBJ_id_mod_cmc          OBJ_id_pkix_mod,6L
-
-#define SN_id_mod_kea_profile_88                "id-mod-kea-profile-88"
-#define NID_id_mod_kea_profile_88               275
-#define OBJ_id_mod_kea_profile_88               OBJ_id_pkix_mod,7L
-
-#define SN_id_mod_kea_profile_93                "id-mod-kea-profile-93"
-#define NID_id_mod_kea_profile_93               276
-#define OBJ_id_mod_kea_profile_93               OBJ_id_pkix_mod,8L
-
-#define SN_id_mod_cmp           "id-mod-cmp"
-#define NID_id_mod_cmp          277
-#define OBJ_id_mod_cmp          OBJ_id_pkix_mod,9L
-
-#define SN_id_mod_qualified_cert_88             "id-mod-qualified-cert-88"
-#define NID_id_mod_qualified_cert_88            278
-#define OBJ_id_mod_qualified_cert_88            OBJ_id_pkix_mod,10L
-
-#define SN_id_mod_qualified_cert_93             "id-mod-qualified-cert-93"
-#define NID_id_mod_qualified_cert_93            279
-#define OBJ_id_mod_qualified_cert_93            OBJ_id_pkix_mod,11L
-
-#define SN_id_mod_attribute_cert                "id-mod-attribute-cert"
-#define NID_id_mod_attribute_cert               280
-#define OBJ_id_mod_attribute_cert               OBJ_id_pkix_mod,12L
-
-#define SN_id_mod_timestamp_protocol            "id-mod-timestamp-protocol"
-#define NID_id_mod_timestamp_protocol           281
-#define OBJ_id_mod_timestamp_protocol           OBJ_id_pkix_mod,13L
-
-#define SN_id_mod_ocsp          "id-mod-ocsp"
-#define NID_id_mod_ocsp         282
-#define OBJ_id_mod_ocsp         OBJ_id_pkix_mod,14L
-
-#define SN_id_mod_dvcs          "id-mod-dvcs"
-#define NID_id_mod_dvcs         283
-#define OBJ_id_mod_dvcs         OBJ_id_pkix_mod,15L
-
-#define SN_id_mod_cmp2000               "id-mod-cmp2000"
-#define NID_id_mod_cmp2000              284
-#define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
-
-#define SN_info_access          "authorityInfoAccess"
-#define LN_info_access          "Authority Information Access"
-#define NID_info_access         177
-#define OBJ_info_access         OBJ_id_pe,1L
-
-#define SN_biometricInfo                "biometricInfo"
-#define LN_biometricInfo                "Biometric Info"
-#define NID_biometricInfo               285
-#define OBJ_biometricInfo               OBJ_id_pe,2L
-
-#define SN_qcStatements         "qcStatements"
-#define NID_qcStatements                286
-#define OBJ_qcStatements                OBJ_id_pe,3L
-
-#define SN_ac_auditEntity               "ac-auditEntity"
-#define NID_ac_auditEntity              287
-#define OBJ_ac_auditEntity              OBJ_id_pe,4L
-
-#define SN_ac_targeting         "ac-targeting"
-#define NID_ac_targeting                288
-#define OBJ_ac_targeting                OBJ_id_pe,5L
-
-#define SN_aaControls           "aaControls"
-#define NID_aaControls          289
-#define OBJ_aaControls          OBJ_id_pe,6L
-
-#define SN_sbgp_ipAddrBlock             "sbgp-ipAddrBlock"
-#define NID_sbgp_ipAddrBlock            290
-#define OBJ_sbgp_ipAddrBlock            OBJ_id_pe,7L
-
-#define SN_sbgp_autonomousSysNum                "sbgp-autonomousSysNum"
-#define NID_sbgp_autonomousSysNum               291
-#define OBJ_sbgp_autonomousSysNum               OBJ_id_pe,8L
-
-#define SN_sbgp_routerIdentifier                "sbgp-routerIdentifier"
-#define NID_sbgp_routerIdentifier               292
-#define OBJ_sbgp_routerIdentifier               OBJ_id_pe,9L
-
-#define SN_ac_proxying          "ac-proxying"
-#define NID_ac_proxying         397
-#define OBJ_ac_proxying         OBJ_id_pe,10L
-
-#define SN_sinfo_access         "subjectInfoAccess"
-#define LN_sinfo_access         "Subject Information Access"
-#define NID_sinfo_access                398
-#define OBJ_sinfo_access                OBJ_id_pe,11L
-
-#define SN_proxyCertInfo                "proxyCertInfo"
-#define LN_proxyCertInfo                "Proxy Certificate Information"
-#define NID_proxyCertInfo               663
-#define OBJ_proxyCertInfo               OBJ_id_pe,14L
-
-#define SN_id_qt_cps            "id-qt-cps"
-#define LN_id_qt_cps            "Policy Qualifier CPS"
-#define NID_id_qt_cps           164
-#define OBJ_id_qt_cps           OBJ_id_qt,1L
-
-#define SN_id_qt_unotice                "id-qt-unotice"
-#define LN_id_qt_unotice                "Policy Qualifier User Notice"
-#define NID_id_qt_unotice               165
-#define OBJ_id_qt_unotice               OBJ_id_qt,2L
-
-#define SN_textNotice           "textNotice"
-#define NID_textNotice          293
-#define OBJ_textNotice          OBJ_id_qt,3L
-
-#define SN_server_auth          "serverAuth"
-#define LN_server_auth          "TLS Web Server Authentication"
-#define NID_server_auth         129
-#define OBJ_server_auth         OBJ_id_kp,1L
-
-#define SN_client_auth          "clientAuth"
-#define LN_client_auth          "TLS Web Client Authentication"
-#define NID_client_auth         130
-#define OBJ_client_auth         OBJ_id_kp,2L
-
-#define SN_code_sign            "codeSigning"
-#define LN_code_sign            "Code Signing"
-#define NID_code_sign           131
-#define OBJ_code_sign           OBJ_id_kp,3L
-
-#define SN_email_protect                "emailProtection"
-#define LN_email_protect                "E-mail Protection"
-#define NID_email_protect               132
-#define OBJ_email_protect               OBJ_id_kp,4L
-
-#define SN_ipsecEndSystem               "ipsecEndSystem"
-#define LN_ipsecEndSystem               "IPSec End System"
-#define NID_ipsecEndSystem              294
-#define OBJ_ipsecEndSystem              OBJ_id_kp,5L
-
-#define SN_ipsecTunnel          "ipsecTunnel"
-#define LN_ipsecTunnel          "IPSec Tunnel"
-#define NID_ipsecTunnel         295
-#define OBJ_ipsecTunnel         OBJ_id_kp,6L
-
-#define SN_ipsecUser            "ipsecUser"
-#define LN_ipsecUser            "IPSec User"
-#define NID_ipsecUser           296
-#define OBJ_ipsecUser           OBJ_id_kp,7L
-
-#define SN_time_stamp           "timeStamping"
-#define LN_time_stamp           "Time Stamping"
-#define NID_time_stamp          133
-#define OBJ_time_stamp          OBJ_id_kp,8L
-
-#define SN_OCSP_sign            "OCSPSigning"
-#define LN_OCSP_sign            "OCSP Signing"
-#define NID_OCSP_sign           180
-#define OBJ_OCSP_sign           OBJ_id_kp,9L
-
-#define SN_dvcs         "DVCS"
-#define LN_dvcs         "dvcs"
-#define NID_dvcs                297
-#define OBJ_dvcs                OBJ_id_kp,10L
-
-#define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
-#define NID_id_it_caProtEncCert         298
-#define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
-
-#define SN_id_it_signKeyPairTypes               "id-it-signKeyPairTypes"
-#define NID_id_it_signKeyPairTypes              299
-#define OBJ_id_it_signKeyPairTypes              OBJ_id_it,2L
-
-#define SN_id_it_encKeyPairTypes                "id-it-encKeyPairTypes"
-#define NID_id_it_encKeyPairTypes               300
-#define OBJ_id_it_encKeyPairTypes               OBJ_id_it,3L
-
-#define SN_id_it_preferredSymmAlg               "id-it-preferredSymmAlg"
-#define NID_id_it_preferredSymmAlg              301
-#define OBJ_id_it_preferredSymmAlg              OBJ_id_it,4L
-
-#define SN_id_it_caKeyUpdateInfo                "id-it-caKeyUpdateInfo"
-#define NID_id_it_caKeyUpdateInfo               302
-#define OBJ_id_it_caKeyUpdateInfo               OBJ_id_it,5L
-
-#define SN_id_it_currentCRL             "id-it-currentCRL"
-#define NID_id_it_currentCRL            303
-#define OBJ_id_it_currentCRL            OBJ_id_it,6L
-
-#define SN_id_it_unsupportedOIDs                "id-it-unsupportedOIDs"
-#define NID_id_it_unsupportedOIDs               304
-#define OBJ_id_it_unsupportedOIDs               OBJ_id_it,7L
-
-#define SN_id_it_subscriptionRequest            "id-it-subscriptionRequest"
-#define NID_id_it_subscriptionRequest           305
-#define OBJ_id_it_subscriptionRequest           OBJ_id_it,8L
-
-#define SN_id_it_subscriptionResponse           "id-it-subscriptionResponse"
-#define NID_id_it_subscriptionResponse          306
-#define OBJ_id_it_subscriptionResponse          OBJ_id_it,9L
-
-#define SN_id_it_keyPairParamReq                "id-it-keyPairParamReq"
-#define NID_id_it_keyPairParamReq               307
-#define OBJ_id_it_keyPairParamReq               OBJ_id_it,10L
-
-#define SN_id_it_keyPairParamRep                "id-it-keyPairParamRep"
-#define NID_id_it_keyPairParamRep               308
-#define OBJ_id_it_keyPairParamRep               OBJ_id_it,11L
-
-#define SN_id_it_revPassphrase          "id-it-revPassphrase"
-#define NID_id_it_revPassphrase         309
-#define OBJ_id_it_revPassphrase         OBJ_id_it,12L
-
-#define SN_id_it_implicitConfirm                "id-it-implicitConfirm"
-#define NID_id_it_implicitConfirm               310
-#define OBJ_id_it_implicitConfirm               OBJ_id_it,13L
-
-#define SN_id_it_confirmWaitTime                "id-it-confirmWaitTime"
-#define NID_id_it_confirmWaitTime               311
-#define OBJ_id_it_confirmWaitTime               OBJ_id_it,14L
-
-#define SN_id_it_origPKIMessage         "id-it-origPKIMessage"
-#define NID_id_it_origPKIMessage                312
-#define OBJ_id_it_origPKIMessage                OBJ_id_it,15L
-
-#define SN_id_regCtrl           "id-regCtrl"
-#define NID_id_regCtrl          313
-#define OBJ_id_regCtrl          OBJ_id_pkip,1L
-
-#define SN_id_regInfo           "id-regInfo"
-#define NID_id_regInfo          314
-#define OBJ_id_regInfo          OBJ_id_pkip,2L
-
-#define SN_id_regCtrl_regToken          "id-regCtrl-regToken"
-#define NID_id_regCtrl_regToken         315
-#define OBJ_id_regCtrl_regToken         OBJ_id_regCtrl,1L
-
-#define SN_id_regCtrl_authenticator             "id-regCtrl-authenticator"
-#define NID_id_regCtrl_authenticator            316
-#define OBJ_id_regCtrl_authenticator            OBJ_id_regCtrl,2L
-
-#define SN_id_regCtrl_pkiPublicationInfo                "id-regCtrl-pkiPublicationInfo"
-#define NID_id_regCtrl_pkiPublicationInfo               317
-#define OBJ_id_regCtrl_pkiPublicationInfo               OBJ_id_regCtrl,3L
-
-#define SN_id_regCtrl_pkiArchiveOptions         "id-regCtrl-pkiArchiveOptions"
-#define NID_id_regCtrl_pkiArchiveOptions                318
-#define OBJ_id_regCtrl_pkiArchiveOptions                OBJ_id_regCtrl,4L
-
-#define SN_id_regCtrl_oldCertID         "id-regCtrl-oldCertID"
-#define NID_id_regCtrl_oldCertID                319
-#define OBJ_id_regCtrl_oldCertID                OBJ_id_regCtrl,5L
-
-#define SN_id_regCtrl_protocolEncrKey           "id-regCtrl-protocolEncrKey"
-#define NID_id_regCtrl_protocolEncrKey          320
-#define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
-
-#define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
-#define NID_id_regInfo_utf8Pairs                321
-#define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
-
-#define SN_id_regInfo_certReq           "id-regInfo-certReq"
-#define NID_id_regInfo_certReq          322
-#define OBJ_id_regInfo_certReq          OBJ_id_regInfo,2L
-
-#define SN_id_alg_des40         "id-alg-des40"
-#define NID_id_alg_des40                323
-#define OBJ_id_alg_des40                OBJ_id_alg,1L
-
-#define SN_id_alg_noSignature           "id-alg-noSignature"
-#define NID_id_alg_noSignature          324
-#define OBJ_id_alg_noSignature          OBJ_id_alg,2L
-
-#define SN_id_alg_dh_sig_hmac_sha1              "id-alg-dh-sig-hmac-sha1"
-#define NID_id_alg_dh_sig_hmac_sha1             325
-#define OBJ_id_alg_dh_sig_hmac_sha1             OBJ_id_alg,3L
-
-#define SN_id_alg_dh_pop                "id-alg-dh-pop"
-#define NID_id_alg_dh_pop               326
-#define OBJ_id_alg_dh_pop               OBJ_id_alg,4L
-
-#define SN_id_cmc_statusInfo            "id-cmc-statusInfo"
-#define NID_id_cmc_statusInfo           327
-#define OBJ_id_cmc_statusInfo           OBJ_id_cmc,1L
-
-#define SN_id_cmc_identification                "id-cmc-identification"
-#define NID_id_cmc_identification               328
-#define OBJ_id_cmc_identification               OBJ_id_cmc,2L
-
-#define SN_id_cmc_identityProof         "id-cmc-identityProof"
-#define NID_id_cmc_identityProof                329
-#define OBJ_id_cmc_identityProof                OBJ_id_cmc,3L
-
-#define SN_id_cmc_dataReturn            "id-cmc-dataReturn"
-#define NID_id_cmc_dataReturn           330
-#define OBJ_id_cmc_dataReturn           OBJ_id_cmc,4L
-
-#define SN_id_cmc_transactionId         "id-cmc-transactionId"
-#define NID_id_cmc_transactionId                331
-#define OBJ_id_cmc_transactionId                OBJ_id_cmc,5L
-
-#define SN_id_cmc_senderNonce           "id-cmc-senderNonce"
-#define NID_id_cmc_senderNonce          332
-#define OBJ_id_cmc_senderNonce          OBJ_id_cmc,6L
-
-#define SN_id_cmc_recipientNonce                "id-cmc-recipientNonce"
-#define NID_id_cmc_recipientNonce               333
-#define OBJ_id_cmc_recipientNonce               OBJ_id_cmc,7L
-
-#define SN_id_cmc_addExtensions         "id-cmc-addExtensions"
-#define NID_id_cmc_addExtensions                334
-#define OBJ_id_cmc_addExtensions                OBJ_id_cmc,8L
-
-#define SN_id_cmc_encryptedPOP          "id-cmc-encryptedPOP"
-#define NID_id_cmc_encryptedPOP         335
-#define OBJ_id_cmc_encryptedPOP         OBJ_id_cmc,9L
-
-#define SN_id_cmc_decryptedPOP          "id-cmc-decryptedPOP"
-#define NID_id_cmc_decryptedPOP         336
-#define OBJ_id_cmc_decryptedPOP         OBJ_id_cmc,10L
-
-#define SN_id_cmc_lraPOPWitness         "id-cmc-lraPOPWitness"
-#define NID_id_cmc_lraPOPWitness                337
-#define OBJ_id_cmc_lraPOPWitness                OBJ_id_cmc,11L
-
-#define SN_id_cmc_getCert               "id-cmc-getCert"
-#define NID_id_cmc_getCert              338
-#define OBJ_id_cmc_getCert              OBJ_id_cmc,15L
-
-#define SN_id_cmc_getCRL                "id-cmc-getCRL"
-#define NID_id_cmc_getCRL               339
-#define OBJ_id_cmc_getCRL               OBJ_id_cmc,16L
-
-#define SN_id_cmc_revokeRequest         "id-cmc-revokeRequest"
-#define NID_id_cmc_revokeRequest                340
-#define OBJ_id_cmc_revokeRequest                OBJ_id_cmc,17L
-
-#define SN_id_cmc_regInfo               "id-cmc-regInfo"
-#define NID_id_cmc_regInfo              341
-#define OBJ_id_cmc_regInfo              OBJ_id_cmc,18L
-
-#define SN_id_cmc_responseInfo          "id-cmc-responseInfo"
-#define NID_id_cmc_responseInfo         342
-#define OBJ_id_cmc_responseInfo         OBJ_id_cmc,19L
-
-#define SN_id_cmc_queryPending          "id-cmc-queryPending"
-#define NID_id_cmc_queryPending         343
-#define OBJ_id_cmc_queryPending         OBJ_id_cmc,21L
-
-#define SN_id_cmc_popLinkRandom         "id-cmc-popLinkRandom"
-#define NID_id_cmc_popLinkRandom                344
-#define OBJ_id_cmc_popLinkRandom                OBJ_id_cmc,22L
-
-#define SN_id_cmc_popLinkWitness                "id-cmc-popLinkWitness"
-#define NID_id_cmc_popLinkWitness               345
-#define OBJ_id_cmc_popLinkWitness               OBJ_id_cmc,23L
-
-#define SN_id_cmc_confirmCertAcceptance         "id-cmc-confirmCertAcceptance"
-#define NID_id_cmc_confirmCertAcceptance                346
-#define OBJ_id_cmc_confirmCertAcceptance                OBJ_id_cmc,24L
-
-#define SN_id_on_personalData           "id-on-personalData"
-#define NID_id_on_personalData          347
-#define OBJ_id_on_personalData          OBJ_id_on,1L
-
-#define SN_id_pda_dateOfBirth           "id-pda-dateOfBirth"
-#define NID_id_pda_dateOfBirth          348
-#define OBJ_id_pda_dateOfBirth          OBJ_id_pda,1L
-
-#define SN_id_pda_placeOfBirth          "id-pda-placeOfBirth"
-#define NID_id_pda_placeOfBirth         349
-#define OBJ_id_pda_placeOfBirth         OBJ_id_pda,2L
-
-#define SN_id_pda_gender                "id-pda-gender"
-#define NID_id_pda_gender               351
-#define OBJ_id_pda_gender               OBJ_id_pda,3L
-
-#define SN_id_pda_countryOfCitizenship          "id-pda-countryOfCitizenship"
-#define NID_id_pda_countryOfCitizenship         352
-#define OBJ_id_pda_countryOfCitizenship         OBJ_id_pda,4L
-
-#define SN_id_pda_countryOfResidence            "id-pda-countryOfResidence"
-#define NID_id_pda_countryOfResidence           353
-#define OBJ_id_pda_countryOfResidence           OBJ_id_pda,5L
-
-#define SN_id_aca_authenticationInfo            "id-aca-authenticationInfo"
-#define NID_id_aca_authenticationInfo           354
-#define OBJ_id_aca_authenticationInfo           OBJ_id_aca,1L
-
-#define SN_id_aca_accessIdentity                "id-aca-accessIdentity"
-#define NID_id_aca_accessIdentity               355
-#define OBJ_id_aca_accessIdentity               OBJ_id_aca,2L
-
-#define SN_id_aca_chargingIdentity              "id-aca-chargingIdentity"
-#define NID_id_aca_chargingIdentity             356
-#define OBJ_id_aca_chargingIdentity             OBJ_id_aca,3L
-
-#define SN_id_aca_group         "id-aca-group"
-#define NID_id_aca_group                357
-#define OBJ_id_aca_group                OBJ_id_aca,4L
-
-#define SN_id_aca_role          "id-aca-role"
-#define NID_id_aca_role         358
-#define OBJ_id_aca_role         OBJ_id_aca,5L
-
-#define SN_id_aca_encAttrs              "id-aca-encAttrs"
-#define NID_id_aca_encAttrs             399
-#define OBJ_id_aca_encAttrs             OBJ_id_aca,6L
-
-#define SN_id_qcs_pkixQCSyntax_v1               "id-qcs-pkixQCSyntax-v1"
-#define NID_id_qcs_pkixQCSyntax_v1              359
-#define OBJ_id_qcs_pkixQCSyntax_v1              OBJ_id_qcs,1L
-
-#define SN_id_cct_crs           "id-cct-crs"
-#define NID_id_cct_crs          360
-#define OBJ_id_cct_crs          OBJ_id_cct,1L
-
-#define SN_id_cct_PKIData               "id-cct-PKIData"
-#define NID_id_cct_PKIData              361
-#define OBJ_id_cct_PKIData              OBJ_id_cct,2L
-
-#define SN_id_cct_PKIResponse           "id-cct-PKIResponse"
-#define NID_id_cct_PKIResponse          362
-#define OBJ_id_cct_PKIResponse          OBJ_id_cct,3L
-
-#define SN_id_ppl_anyLanguage           "id-ppl-anyLanguage"
-#define LN_id_ppl_anyLanguage           "Any language"
-#define NID_id_ppl_anyLanguage          664
-#define OBJ_id_ppl_anyLanguage          OBJ_id_ppl,0L
-
-#define SN_id_ppl_inheritAll            "id-ppl-inheritAll"
-#define LN_id_ppl_inheritAll            "Inherit all"
-#define NID_id_ppl_inheritAll           665
-#define OBJ_id_ppl_inheritAll           OBJ_id_ppl,1L
-
-#define SN_Independent          "id-ppl-independent"
-#define LN_Independent          "Independent"
-#define NID_Independent         667
-#define OBJ_Independent         OBJ_id_ppl,2L
-
-#define SN_ad_OCSP              "OCSP"
-#define LN_ad_OCSP              "OCSP"
-#define NID_ad_OCSP             178
-#define OBJ_ad_OCSP             OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers                "caIssuers"
-#define LN_ad_ca_issuers                "CA Issuers"
-#define NID_ad_ca_issuers               179
-#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
-
-#define SN_ad_timeStamping              "ad_timestamping"
-#define LN_ad_timeStamping              "AD Time Stamping"
-#define NID_ad_timeStamping             363
-#define OBJ_ad_timeStamping             OBJ_id_ad,3L
-
-#define SN_ad_dvcs              "AD_DVCS"
-#define LN_ad_dvcs              "ad dvcs"
-#define NID_ad_dvcs             364
-#define OBJ_ad_dvcs             OBJ_id_ad,4L
-
-#define OBJ_id_pkix_OCSP                OBJ_ad_OCSP
-
-#define SN_id_pkix_OCSP_basic           "basicOCSPResponse"
-#define LN_id_pkix_OCSP_basic           "Basic OCSP Response"
-#define NID_id_pkix_OCSP_basic          365
-#define OBJ_id_pkix_OCSP_basic          OBJ_id_pkix_OCSP,1L
-
-#define SN_id_pkix_OCSP_Nonce           "Nonce"
-#define LN_id_pkix_OCSP_Nonce           "OCSP Nonce"
-#define NID_id_pkix_OCSP_Nonce          366
-#define OBJ_id_pkix_OCSP_Nonce          OBJ_id_pkix_OCSP,2L
-
-#define SN_id_pkix_OCSP_CrlID           "CrlID"
-#define LN_id_pkix_OCSP_CrlID           "OCSP CRL ID"
-#define NID_id_pkix_OCSP_CrlID          367
-#define OBJ_id_pkix_OCSP_CrlID          OBJ_id_pkix_OCSP,3L
-
-#define SN_id_pkix_OCSP_acceptableResponses             "acceptableResponses"
-#define LN_id_pkix_OCSP_acceptableResponses             "Acceptable OCSP Responses"
-#define NID_id_pkix_OCSP_acceptableResponses            368
-#define OBJ_id_pkix_OCSP_acceptableResponses            OBJ_id_pkix_OCSP,4L
-
-#define SN_id_pkix_OCSP_noCheck         "noCheck"
-#define LN_id_pkix_OCSP_noCheck         "OCSP No Check"
-#define NID_id_pkix_OCSP_noCheck                369
-#define OBJ_id_pkix_OCSP_noCheck                OBJ_id_pkix_OCSP,5L
-
-#define SN_id_pkix_OCSP_archiveCutoff           "archiveCutoff"
-#define LN_id_pkix_OCSP_archiveCutoff           "OCSP Archive Cutoff"
-#define NID_id_pkix_OCSP_archiveCutoff          370
-#define OBJ_id_pkix_OCSP_archiveCutoff          OBJ_id_pkix_OCSP,6L
-
-#define SN_id_pkix_OCSP_serviceLocator          "serviceLocator"
-#define LN_id_pkix_OCSP_serviceLocator          "OCSP Service Locator"
-#define NID_id_pkix_OCSP_serviceLocator         371
-#define OBJ_id_pkix_OCSP_serviceLocator         OBJ_id_pkix_OCSP,7L
-
-#define SN_id_pkix_OCSP_extendedStatus          "extendedStatus"
-#define LN_id_pkix_OCSP_extendedStatus          "Extended OCSP Status"
-#define NID_id_pkix_OCSP_extendedStatus         372
-#define OBJ_id_pkix_OCSP_extendedStatus         OBJ_id_pkix_OCSP,8L
-
-#define SN_id_pkix_OCSP_valid           "valid"
-#define NID_id_pkix_OCSP_valid          373
-#define OBJ_id_pkix_OCSP_valid          OBJ_id_pkix_OCSP,9L
-
-#define SN_id_pkix_OCSP_path            "path"
-#define NID_id_pkix_OCSP_path           374
-#define OBJ_id_pkix_OCSP_path           OBJ_id_pkix_OCSP,10L
-
-#define SN_id_pkix_OCSP_trustRoot               "trustRoot"
-#define LN_id_pkix_OCSP_trustRoot               "Trust Root"
-#define NID_id_pkix_OCSP_trustRoot              375
-#define OBJ_id_pkix_OCSP_trustRoot              OBJ_id_pkix_OCSP,11L
-
-#define SN_algorithm            "algorithm"
-#define LN_algorithm            "algorithm"
-#define NID_algorithm           376
-#define OBJ_algorithm           1L,3L,14L,3L,2L
-
-#define SN_md5WithRSA           "RSA-NP-MD5"
-#define LN_md5WithRSA           "md5WithRSA"
-#define NID_md5WithRSA          104
-#define OBJ_md5WithRSA          OBJ_algorithm,3L
-
-#define SN_des_ecb              "DES-ECB"
-#define LN_des_ecb              "des-ecb"
-#define NID_des_ecb             29
-#define OBJ_des_ecb             OBJ_algorithm,6L
-
-#define SN_des_cbc              "DES-CBC"
-#define LN_des_cbc              "des-cbc"
-#define NID_des_cbc             31
-#define OBJ_des_cbc             OBJ_algorithm,7L
-
-#define SN_des_ofb64            "DES-OFB"
-#define LN_des_ofb64            "des-ofb"
-#define NID_des_ofb64           45
-#define OBJ_des_ofb64           OBJ_algorithm,8L
-
-#define SN_des_cfb64            "DES-CFB"
-#define LN_des_cfb64            "des-cfb"
-#define NID_des_cfb64           30
-#define OBJ_des_cfb64           OBJ_algorithm,9L
-
-#define SN_rsaSignature         "rsaSignature"
-#define NID_rsaSignature                377
-#define OBJ_rsaSignature                OBJ_algorithm,11L
-
-#define SN_dsa_2                "DSA-old"
-#define LN_dsa_2                "dsaEncryption-old"
-#define NID_dsa_2               67
-#define OBJ_dsa_2               OBJ_algorithm,12L
-
-#define SN_dsaWithSHA           "DSA-SHA"
-#define LN_dsaWithSHA           "dsaWithSHA"
-#define NID_dsaWithSHA          66
-#define OBJ_dsaWithSHA          OBJ_algorithm,13L
-
-#define SN_shaWithRSAEncryption         "RSA-SHA"
-#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption                42
-#define OBJ_shaWithRSAEncryption                OBJ_algorithm,15L
-
-#define SN_des_ede_ecb          "DES-EDE"
-#define LN_des_ede_ecb          "des-ede"
-#define NID_des_ede_ecb         32
-#define OBJ_des_ede_ecb         OBJ_algorithm,17L
-
-#define SN_des_ede3_ecb         "DES-EDE3"
-#define LN_des_ede3_ecb         "des-ede3"
-#define NID_des_ede3_ecb                33
-
-#define SN_des_ede_cbc          "DES-EDE-CBC"
-#define LN_des_ede_cbc          "des-ede-cbc"
-#define NID_des_ede_cbc         43
-
-#define SN_des_ede_cfb64                "DES-EDE-CFB"
-#define LN_des_ede_cfb64                "des-ede-cfb"
-#define NID_des_ede_cfb64               60
-
-#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
-#define LN_des_ede3_cfb64               "des-ede3-cfb"
-#define NID_des_ede3_cfb64              61
-
-#define SN_des_ede_ofb64                "DES-EDE-OFB"
-#define LN_des_ede_ofb64                "des-ede-ofb"
-#define NID_des_ede_ofb64               62
-
-#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
-#define LN_des_ede3_ofb64               "des-ede3-ofb"
-#define NID_des_ede3_ofb64              63
-
-#define SN_desx_cbc             "DESX-CBC"
-#define LN_desx_cbc             "desx-cbc"
-#define NID_desx_cbc            80
-
-#define SN_sha          "SHA"
-#define LN_sha          "sha"
-#define NID_sha         41
-#define OBJ_sha         OBJ_algorithm,18L
-
-#define SN_sha1         "SHA1"
-#define LN_sha1         "sha1"
-#define NID_sha1                64
-#define OBJ_sha1                OBJ_algorithm,26L
-
-#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
-#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2               70
-#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
-
-#define SN_sha1WithRSA          "RSA-SHA1-2"
-#define LN_sha1WithRSA          "sha1WithRSA"
-#define NID_sha1WithRSA         115
-#define OBJ_sha1WithRSA         OBJ_algorithm,29L
-
-#define SN_ripemd160            "RIPEMD160"
-#define LN_ripemd160            "ripemd160"
-#define NID_ripemd160           117
-#define OBJ_ripemd160           1L,3L,36L,3L,2L,1L
-
-#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
-#define LN_ripemd160WithRSA             "ripemd160WithRSA"
-#define NID_ripemd160WithRSA            119
-#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
-
-#define SN_sxnet                "SXNetID"
-#define LN_sxnet                "Strong Extranet ID"
-#define NID_sxnet               143
-#define OBJ_sxnet               1L,3L,101L,1L,4L,1L
-
-#define SN_X500         "X500"
-#define LN_X500         "directory services (X.500)"
-#define NID_X500                11
-#define OBJ_X500                2L,5L
-
-#define SN_X509         "X509"
-#define NID_X509                12
-#define OBJ_X509                OBJ_X500,4L
-
-#define SN_commonName           "CN"
-#define LN_commonName           "commonName"
-#define NID_commonName          13
-#define OBJ_commonName          OBJ_X509,3L
-
-#define SN_surname              "SN"
-#define LN_surname              "surname"
-#define NID_surname             100
-#define OBJ_surname             OBJ_X509,4L
-
-#define LN_serialNumber         "serialNumber"
-#define NID_serialNumber                105
-#define OBJ_serialNumber                OBJ_X509,5L
-
-#define SN_countryName          "C"
-#define LN_countryName          "countryName"
-#define NID_countryName         14
-#define OBJ_countryName         OBJ_X509,6L
-
-#define SN_localityName         "L"
-#define LN_localityName         "localityName"
-#define NID_localityName                15
-#define OBJ_localityName                OBJ_X509,7L
-
-#define SN_stateOrProvinceName          "ST"
-#define LN_stateOrProvinceName          "stateOrProvinceName"
-#define NID_stateOrProvinceName         16
-#define OBJ_stateOrProvinceName         OBJ_X509,8L
-
-#define LN_streetAddress                "streetAddress"
-#define NID_streetAddress               660
-#define OBJ_streetAddress               OBJ_X509,9L
-
-#define SN_organizationName             "O"
-#define LN_organizationName             "organizationName"
-#define NID_organizationName            17
-#define OBJ_organizationName            OBJ_X509,10L
-
-#define SN_organizationalUnitName               "OU"
-#define LN_organizationalUnitName               "organizationalUnitName"
-#define NID_organizationalUnitName              18
-#define OBJ_organizationalUnitName              OBJ_X509,11L
-
-#define LN_title                "title"
-#define NID_title               106
-#define OBJ_title               OBJ_X509,12L
-
-#define LN_description          "description"
-#define NID_description         107
-#define OBJ_description         OBJ_X509,13L
-
-#define LN_postalCode           "postalCode"
-#define NID_postalCode          661
-#define OBJ_postalCode          OBJ_X509,17L
-
-#define SN_name         "name"
-#define LN_name         "name"
-#define NID_name                173
-#define OBJ_name                OBJ_X509,41L
-
-#define SN_givenName            "GN"
-#define LN_givenName            "givenName"
-#define NID_givenName           99
-#define OBJ_givenName           OBJ_X509,42L
-
-#define LN_initials             "initials"
-#define NID_initials            101
-#define OBJ_initials            OBJ_X509,43L
-
-#define LN_generationQualifier          "generationQualifier"
-#define NID_generationQualifier         509
-#define OBJ_generationQualifier         OBJ_X509,44L
-
-#define LN_x500UniqueIdentifier         "x500UniqueIdentifier"
-#define NID_x500UniqueIdentifier                503
-#define OBJ_x500UniqueIdentifier                OBJ_X509,45L
-
-#define SN_dnQualifier          "dnQualifier"
-#define LN_dnQualifier          "dnQualifier"
-#define NID_dnQualifier         174
-#define OBJ_dnQualifier         OBJ_X509,46L
-
-#define LN_pseudonym            "pseudonym"
-#define NID_pseudonym           510
-#define OBJ_pseudonym           OBJ_X509,65L
-
-#define SN_role         "role"
-#define LN_role         "role"
-#define NID_role                400
-#define OBJ_role                OBJ_X509,72L
-
-#define SN_X500algorithms               "X500algorithms"
-#define LN_X500algorithms               "directory services - algorithms"
-#define NID_X500algorithms              378
-#define OBJ_X500algorithms              OBJ_X500,8L
-
-#define SN_rsa          "RSA"
-#define LN_rsa          "rsa"
-#define NID_rsa         19
-#define OBJ_rsa         OBJ_X500algorithms,1L,1L
-
-#define SN_mdc2WithRSA          "RSA-MDC2"
-#define LN_mdc2WithRSA          "mdc2WithRSA"
-#define NID_mdc2WithRSA         96
-#define OBJ_mdc2WithRSA         OBJ_X500algorithms,3L,100L
-
-#define SN_mdc2         "MDC2"
-#define LN_mdc2         "mdc2"
-#define NID_mdc2                95
-#define OBJ_mdc2                OBJ_X500algorithms,3L,101L
-
-#define SN_id_ce                "id-ce"
-#define NID_id_ce               81
-#define OBJ_id_ce               OBJ_X500,29L
-
-#define SN_subject_key_identifier               "subjectKeyIdentifier"
-#define LN_subject_key_identifier               "X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier              82
-#define OBJ_subject_key_identifier              OBJ_id_ce,14L
-
-#define SN_key_usage            "keyUsage"
-#define LN_key_usage            "X509v3 Key Usage"
-#define NID_key_usage           83
-#define OBJ_key_usage           OBJ_id_ce,15L
-
-#define SN_private_key_usage_period             "privateKeyUsagePeriod"
-#define LN_private_key_usage_period             "X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period            84
-#define OBJ_private_key_usage_period            OBJ_id_ce,16L
-
-#define SN_subject_alt_name             "subjectAltName"
-#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
-#define NID_subject_alt_name            85
-#define OBJ_subject_alt_name            OBJ_id_ce,17L
-
-#define SN_issuer_alt_name              "issuerAltName"
-#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name             86
-#define OBJ_issuer_alt_name             OBJ_id_ce,18L
-
-#define SN_basic_constraints            "basicConstraints"
-#define LN_basic_constraints            "X509v3 Basic Constraints"
-#define NID_basic_constraints           87
-#define OBJ_basic_constraints           OBJ_id_ce,19L
-
-#define SN_crl_number           "crlNumber"
-#define LN_crl_number           "X509v3 CRL Number"
-#define NID_crl_number          88
-#define OBJ_crl_number          OBJ_id_ce,20L
-
-#define SN_crl_reason           "CRLReason"
-#define LN_crl_reason           "X509v3 CRL Reason Code"
-#define NID_crl_reason          141
-#define OBJ_crl_reason          OBJ_id_ce,21L
-
-#define SN_invalidity_date              "invalidityDate"
-#define LN_invalidity_date              "Invalidity Date"
-#define NID_invalidity_date             142
-#define OBJ_invalidity_date             OBJ_id_ce,24L
-
-#define SN_delta_crl            "deltaCRL"
-#define LN_delta_crl            "X509v3 Delta CRL Indicator"
-#define NID_delta_crl           140
-#define OBJ_delta_crl           OBJ_id_ce,27L
-
-#define SN_name_constraints             "nameConstraints"
-#define LN_name_constraints             "X509v3 Name Constraints"
-#define NID_name_constraints            666
-#define OBJ_name_constraints            OBJ_id_ce,30L
-
-#define SN_crl_distribution_points              "crlDistributionPoints"
-#define LN_crl_distribution_points              "X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points             103
-#define OBJ_crl_distribution_points             OBJ_id_ce,31L
-
-#define SN_certificate_policies         "certificatePolicies"
-#define LN_certificate_policies         "X509v3 Certificate Policies"
-#define NID_certificate_policies                89
-#define OBJ_certificate_policies                OBJ_id_ce,32L
-
-#define SN_authority_key_identifier             "authorityKeyIdentifier"
-#define LN_authority_key_identifier             "X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier            90
-#define OBJ_authority_key_identifier            OBJ_id_ce,35L
-
-#define SN_policy_constraints           "policyConstraints"
-#define LN_policy_constraints           "X509v3 Policy Constraints"
-#define NID_policy_constraints          401
-#define OBJ_policy_constraints          OBJ_id_ce,36L
-
-#define SN_ext_key_usage                "extendedKeyUsage"
-#define LN_ext_key_usage                "X509v3 Extended Key Usage"
-#define NID_ext_key_usage               126
-#define OBJ_ext_key_usage               OBJ_id_ce,37L
-
-#define SN_target_information           "targetInformation"
-#define LN_target_information           "X509v3 AC Targeting"
-#define NID_target_information          402
-#define OBJ_target_information          OBJ_id_ce,55L
-
-#define SN_no_rev_avail         "noRevAvail"
-#define LN_no_rev_avail         "X509v3 No Revocation Available"
-#define NID_no_rev_avail                403
-#define OBJ_no_rev_avail                OBJ_id_ce,56L
-
-#define SN_netscape             "Netscape"
-#define LN_netscape             "Netscape Communications Corp."
-#define NID_netscape            57
-#define OBJ_netscape            2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension              "nsCertExt"
-#define LN_netscape_cert_extension              "Netscape Certificate Extension"
-#define NID_netscape_cert_extension             58
-#define OBJ_netscape_cert_extension             OBJ_netscape,1L
-
-#define SN_netscape_data_type           "nsDataType"
-#define LN_netscape_data_type           "Netscape Data Type"
-#define NID_netscape_data_type          59
-#define OBJ_netscape_data_type          OBJ_netscape,2L
-
-#define SN_netscape_cert_type           "nsCertType"
-#define LN_netscape_cert_type           "Netscape Cert Type"
-#define NID_netscape_cert_type          71
-#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url            "nsBaseUrl"
-#define LN_netscape_base_url            "Netscape Base Url"
-#define NID_netscape_base_url           72
-#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url              "nsRevocationUrl"
-#define LN_netscape_revocation_url              "Netscape Revocation Url"
-#define NID_netscape_revocation_url             73
-#define OBJ_netscape_revocation_url             OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url           "nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url           "Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url          74
-#define OBJ_netscape_ca_revocation_url          OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url         "nsRenewalUrl"
-#define LN_netscape_renewal_url         "Netscape Renewal Url"
-#define NID_netscape_renewal_url                75
-#define OBJ_netscape_renewal_url                OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url               "nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url               "Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url              76
-#define OBJ_netscape_ca_policy_url              OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name             "nsSslServerName"
-#define LN_netscape_ssl_server_name             "Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name            77
-#define OBJ_netscape_ssl_server_name            OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment             "nsComment"
-#define LN_netscape_comment             "Netscape Comment"
-#define NID_netscape_comment            78
-#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence               "nsCertSequence"
-#define LN_netscape_cert_sequence               "Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence              79
-#define OBJ_netscape_cert_sequence              OBJ_netscape_data_type,5L
-
-#define SN_ns_sgc               "nsSGC"
-#define LN_ns_sgc               "Netscape Server Gated Crypto"
-#define NID_ns_sgc              139
-#define OBJ_ns_sgc              OBJ_netscape,4L,1L
-
-#define SN_org          "ORG"
-#define LN_org          "org"
-#define NID_org         379
-#define OBJ_org         OBJ_iso,3L
-
-#define SN_dod          "DOD"
-#define LN_dod          "dod"
-#define NID_dod         380
-#define OBJ_dod         OBJ_org,6L
-
-#define SN_iana         "IANA"
-#define LN_iana         "iana"
-#define NID_iana                381
-#define OBJ_iana                OBJ_dod,1L
-
-#define OBJ_internet            OBJ_iana
-
-#define SN_Directory            "directory"
-#define LN_Directory            "Directory"
-#define NID_Directory           382
-#define OBJ_Directory           OBJ_internet,1L
-
-#define SN_Management           "mgmt"
-#define LN_Management           "Management"
-#define NID_Management          383
-#define OBJ_Management          OBJ_internet,2L
-
-#define SN_Experimental         "experimental"
-#define LN_Experimental         "Experimental"
-#define NID_Experimental                384
-#define OBJ_Experimental                OBJ_internet,3L
-
-#define SN_Private              "private"
-#define LN_Private              "Private"
-#define NID_Private             385
-#define OBJ_Private             OBJ_internet,4L
-
-#define SN_Security             "security"
-#define LN_Security             "Security"
-#define NID_Security            386
-#define OBJ_Security            OBJ_internet,5L
-
-#define SN_SNMPv2               "snmpv2"
-#define LN_SNMPv2               "SNMPv2"
-#define NID_SNMPv2              387
-#define OBJ_SNMPv2              OBJ_internet,6L
-
-#define LN_Mail         "Mail"
-#define NID_Mail                388
-#define OBJ_Mail                OBJ_internet,7L
-
-#define SN_Enterprises          "enterprises"
-#define LN_Enterprises          "Enterprises"
-#define NID_Enterprises         389
-#define OBJ_Enterprises         OBJ_Private,1L
-
-#define SN_dcObject             "dcobject"
-#define LN_dcObject             "dcObject"
-#define NID_dcObject            390
-#define OBJ_dcObject            OBJ_Enterprises,1466L,344L
-
-#define SN_mime_mhs             "mime-mhs"
-#define LN_mime_mhs             "MIME MHS"
-#define NID_mime_mhs            504
-#define OBJ_mime_mhs            OBJ_Mail,1L
-
-#define SN_mime_mhs_headings            "mime-mhs-headings"
-#define LN_mime_mhs_headings            "mime-mhs-headings"
-#define NID_mime_mhs_headings           505
-#define OBJ_mime_mhs_headings           OBJ_mime_mhs,1L
-
-#define SN_mime_mhs_bodies              "mime-mhs-bodies"
-#define LN_mime_mhs_bodies              "mime-mhs-bodies"
-#define NID_mime_mhs_bodies             506
-#define OBJ_mime_mhs_bodies             OBJ_mime_mhs,2L
-
-#define SN_id_hex_partial_message               "id-hex-partial-message"
-#define LN_id_hex_partial_message               "id-hex-partial-message"
-#define NID_id_hex_partial_message              507
-#define OBJ_id_hex_partial_message              OBJ_mime_mhs_headings,1L
-
-#define SN_id_hex_multipart_message             "id-hex-multipart-message"
-#define LN_id_hex_multipart_message             "id-hex-multipart-message"
-#define NID_id_hex_multipart_message            508
-#define OBJ_id_hex_multipart_message            OBJ_mime_mhs_headings,2L
-
-#define SN_rle_compression              "RLE"
-#define LN_rle_compression              "run length compression"
-#define NID_rle_compression             124
-#define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression             "ZLIB"
-#define LN_zlib_compression             "zlib compression"
-#define NID_zlib_compression            125
-#define OBJ_zlib_compression            1L,1L,1L,1L,666L,2L
-
-#define OBJ_csor                2L,16L,840L,1L,101L,3L
-
-#define OBJ_nistAlgorithms              OBJ_csor,4L
-
-#define OBJ_aes         OBJ_nistAlgorithms,1L
-
-#define SN_aes_128_ecb          "AES-128-ECB"
-#define LN_aes_128_ecb          "aes-128-ecb"
-#define NID_aes_128_ecb         418
-#define OBJ_aes_128_ecb         OBJ_aes,1L
-
-#define SN_aes_128_cbc          "AES-128-CBC"
-#define LN_aes_128_cbc          "aes-128-cbc"
-#define NID_aes_128_cbc         419
-#define OBJ_aes_128_cbc         OBJ_aes,2L
-
-#define SN_aes_128_ofb128               "AES-128-OFB"
-#define LN_aes_128_ofb128               "aes-128-ofb"
-#define NID_aes_128_ofb128              420
-#define OBJ_aes_128_ofb128              OBJ_aes,3L
-
-#define SN_aes_128_cfb128               "AES-128-CFB"
-#define LN_aes_128_cfb128               "aes-128-cfb"
-#define NID_aes_128_cfb128              421
-#define OBJ_aes_128_cfb128              OBJ_aes,4L
-
-#define SN_aes_192_ecb          "AES-192-ECB"
-#define LN_aes_192_ecb          "aes-192-ecb"
-#define NID_aes_192_ecb         422
-#define OBJ_aes_192_ecb         OBJ_aes,21L
-
-#define SN_aes_192_cbc          "AES-192-CBC"
-#define LN_aes_192_cbc          "aes-192-cbc"
-#define NID_aes_192_cbc         423
-#define OBJ_aes_192_cbc         OBJ_aes,22L
-
-#define SN_aes_192_ofb128               "AES-192-OFB"
-#define LN_aes_192_ofb128               "aes-192-ofb"
-#define NID_aes_192_ofb128              424
-#define OBJ_aes_192_ofb128              OBJ_aes,23L
-
-#define SN_aes_192_cfb128               "AES-192-CFB"
-#define LN_aes_192_cfb128               "aes-192-cfb"
-#define NID_aes_192_cfb128              425
-#define OBJ_aes_192_cfb128              OBJ_aes,24L
-
-#define SN_aes_256_ecb          "AES-256-ECB"
-#define LN_aes_256_ecb          "aes-256-ecb"
-#define NID_aes_256_ecb         426
-#define OBJ_aes_256_ecb         OBJ_aes,41L
-
-#define SN_aes_256_cbc          "AES-256-CBC"
-#define LN_aes_256_cbc          "aes-256-cbc"
-#define NID_aes_256_cbc         427
-#define OBJ_aes_256_cbc         OBJ_aes,42L
-
-#define SN_aes_256_ofb128               "AES-256-OFB"
-#define LN_aes_256_ofb128               "aes-256-ofb"
-#define NID_aes_256_ofb128              428
-#define OBJ_aes_256_ofb128              OBJ_aes,43L
-
-#define SN_aes_256_cfb128               "AES-256-CFB"
-#define LN_aes_256_cfb128               "aes-256-cfb"
-#define NID_aes_256_cfb128              429
-#define OBJ_aes_256_cfb128              OBJ_aes,44L
-
-#define SN_aes_128_cfb1         "AES-128-CFB1"
-#define LN_aes_128_cfb1         "aes-128-cfb1"
-#define NID_aes_128_cfb1                650
-
-#define SN_aes_192_cfb1         "AES-192-CFB1"
-#define LN_aes_192_cfb1         "aes-192-cfb1"
-#define NID_aes_192_cfb1                651
-
-#define SN_aes_256_cfb1         "AES-256-CFB1"
-#define LN_aes_256_cfb1         "aes-256-cfb1"
-#define NID_aes_256_cfb1                652
-
-#define SN_aes_128_cfb8         "AES-128-CFB8"
-#define LN_aes_128_cfb8         "aes-128-cfb8"
-#define NID_aes_128_cfb8                653
-
-#define SN_aes_192_cfb8         "AES-192-CFB8"
-#define LN_aes_192_cfb8         "aes-192-cfb8"
-#define NID_aes_192_cfb8                654
-
-#define SN_aes_256_cfb8         "AES-256-CFB8"
-#define LN_aes_256_cfb8         "aes-256-cfb8"
-#define NID_aes_256_cfb8                655
-
-#define SN_des_cfb1             "DES-CFB1"
-#define LN_des_cfb1             "des-cfb1"
-#define NID_des_cfb1            656
-
-#define SN_des_cfb8             "DES-CFB8"
-#define LN_des_cfb8             "des-cfb8"
-#define NID_des_cfb8            657
-
-#define SN_des_ede3_cfb1                "DES-EDE3-CFB1"
-#define LN_des_ede3_cfb1                "des-ede3-cfb1"
-#define NID_des_ede3_cfb1               658
-
-#define SN_des_ede3_cfb8                "DES-EDE3-CFB8"
-#define LN_des_ede3_cfb8                "des-ede3-cfb8"
-#define NID_des_ede3_cfb8               659
-
-#define OBJ_nist_hashalgs               OBJ_nistAlgorithms,2L
-
-#define SN_sha256               "SHA256"
-#define LN_sha256               "sha256"
-#define NID_sha256              672
-#define OBJ_sha256              OBJ_nist_hashalgs,1L
-
-#define SN_sha384               "SHA384"
-#define LN_sha384               "sha384"
-#define NID_sha384              673
-#define OBJ_sha384              OBJ_nist_hashalgs,2L
-
-#define SN_sha512               "SHA512"
-#define LN_sha512               "sha512"
-#define NID_sha512              674
-#define OBJ_sha512              OBJ_nist_hashalgs,3L
-
-#define SN_sha224               "SHA224"
-#define LN_sha224               "sha224"
-#define NID_sha224              675
-#define OBJ_sha224              OBJ_nist_hashalgs,4L
-
-#define SN_hold_instruction_code                "holdInstructionCode"
-#define LN_hold_instruction_code                "Hold Instruction Code"
-#define NID_hold_instruction_code               430
-#define OBJ_hold_instruction_code               OBJ_id_ce,23L
-
-#define OBJ_holdInstruction             OBJ_X9_57,2L
-
-#define SN_hold_instruction_none                "holdInstructionNone"
-#define LN_hold_instruction_none                "Hold Instruction None"
-#define NID_hold_instruction_none               431
-#define OBJ_hold_instruction_none               OBJ_holdInstruction,1L
-
-#define SN_hold_instruction_call_issuer         "holdInstructionCallIssuer"
-#define LN_hold_instruction_call_issuer         "Hold Instruction Call Issuer"
-#define NID_hold_instruction_call_issuer                432
-#define OBJ_hold_instruction_call_issuer                OBJ_holdInstruction,2L
-
-#define SN_hold_instruction_reject              "holdInstructionReject"
-#define LN_hold_instruction_reject              "Hold Instruction Reject"
-#define NID_hold_instruction_reject             433
-#define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
-
-#define SN_data         "data"
-#define NID_data                434
-#define OBJ_data                OBJ_ccitt,9L
-
-#define SN_pss          "pss"
-#define NID_pss         435
-#define OBJ_pss         OBJ_data,2342L
-
-#define SN_ucl          "ucl"
-#define NID_ucl         436
-#define OBJ_ucl         OBJ_pss,19200300L
-
-#define SN_pilot                "pilot"
-#define NID_pilot               437
-#define OBJ_pilot               OBJ_ucl,100L
-
-#define LN_pilotAttributeType           "pilotAttributeType"
-#define NID_pilotAttributeType          438
-#define OBJ_pilotAttributeType          OBJ_pilot,1L
-
-#define LN_pilotAttributeSyntax         "pilotAttributeSyntax"
-#define NID_pilotAttributeSyntax                439
-#define OBJ_pilotAttributeSyntax                OBJ_pilot,3L
-
-#define LN_pilotObjectClass             "pilotObjectClass"
-#define NID_pilotObjectClass            440
-#define OBJ_pilotObjectClass            OBJ_pilot,4L
-
-#define LN_pilotGroups          "pilotGroups"
-#define NID_pilotGroups         441
-#define OBJ_pilotGroups         OBJ_pilot,10L
-
-#define LN_iA5StringSyntax              "iA5StringSyntax"
-#define NID_iA5StringSyntax             442
-#define OBJ_iA5StringSyntax             OBJ_pilotAttributeSyntax,4L
-
-#define LN_caseIgnoreIA5StringSyntax            "caseIgnoreIA5StringSyntax"
-#define NID_caseIgnoreIA5StringSyntax           443
-#define OBJ_caseIgnoreIA5StringSyntax           OBJ_pilotAttributeSyntax,5L
-
-#define LN_pilotObject          "pilotObject"
-#define NID_pilotObject         444
-#define OBJ_pilotObject         OBJ_pilotObjectClass,3L
-
-#define LN_pilotPerson          "pilotPerson"
-#define NID_pilotPerson         445
-#define OBJ_pilotPerson         OBJ_pilotObjectClass,4L
-
-#define SN_account              "account"
-#define NID_account             446
-#define OBJ_account             OBJ_pilotObjectClass,5L
-
-#define SN_document             "document"
-#define NID_document            447
-#define OBJ_document            OBJ_pilotObjectClass,6L
-
-#define SN_room         "room"
-#define NID_room                448
-#define OBJ_room                OBJ_pilotObjectClass,7L
-
-#define LN_documentSeries               "documentSeries"
-#define NID_documentSeries              449
-#define OBJ_documentSeries              OBJ_pilotObjectClass,9L
-
-#define SN_Domain               "domain"
-#define LN_Domain               "Domain"
-#define NID_Domain              392
-#define OBJ_Domain              OBJ_pilotObjectClass,13L
-
-#define LN_rFC822localPart              "rFC822localPart"
-#define NID_rFC822localPart             450
-#define OBJ_rFC822localPart             OBJ_pilotObjectClass,14L
-
-#define LN_dNSDomain            "dNSDomain"
-#define NID_dNSDomain           451
-#define OBJ_dNSDomain           OBJ_pilotObjectClass,15L
-
-#define LN_domainRelatedObject          "domainRelatedObject"
-#define NID_domainRelatedObject         452
-#define OBJ_domainRelatedObject         OBJ_pilotObjectClass,17L
-
-#define LN_friendlyCountry              "friendlyCountry"
-#define NID_friendlyCountry             453
-#define OBJ_friendlyCountry             OBJ_pilotObjectClass,18L
-
-#define LN_simpleSecurityObject         "simpleSecurityObject"
-#define NID_simpleSecurityObject                454
-#define OBJ_simpleSecurityObject                OBJ_pilotObjectClass,19L
-
-#define LN_pilotOrganization            "pilotOrganization"
-#define NID_pilotOrganization           455
-#define OBJ_pilotOrganization           OBJ_pilotObjectClass,20L
-
-#define LN_pilotDSA             "pilotDSA"
-#define NID_pilotDSA            456
-#define OBJ_pilotDSA            OBJ_pilotObjectClass,21L
-
-#define LN_qualityLabelledData          "qualityLabelledData"
-#define NID_qualityLabelledData         457
-#define OBJ_qualityLabelledData         OBJ_pilotObjectClass,22L
-
-#define SN_userId               "UID"
-#define LN_userId               "userId"
-#define NID_userId              458
-#define OBJ_userId              OBJ_pilotAttributeType,1L
-
-#define LN_textEncodedORAddress         "textEncodedORAddress"
-#define NID_textEncodedORAddress                459
-#define OBJ_textEncodedORAddress                OBJ_pilotAttributeType,2L
-
-#define SN_rfc822Mailbox                "mail"
-#define LN_rfc822Mailbox                "rfc822Mailbox"
-#define NID_rfc822Mailbox               460
-#define OBJ_rfc822Mailbox               OBJ_pilotAttributeType,3L
-
-#define SN_info         "info"
-#define NID_info                461
-#define OBJ_info                OBJ_pilotAttributeType,4L
-
-#define LN_favouriteDrink               "favouriteDrink"
-#define NID_favouriteDrink              462
-#define OBJ_favouriteDrink              OBJ_pilotAttributeType,5L
-
-#define LN_roomNumber           "roomNumber"
-#define NID_roomNumber          463
-#define OBJ_roomNumber          OBJ_pilotAttributeType,6L
-
-#define SN_photo                "photo"
-#define NID_photo               464
-#define OBJ_photo               OBJ_pilotAttributeType,7L
-
-#define LN_userClass            "userClass"
-#define NID_userClass           465
-#define OBJ_userClass           OBJ_pilotAttributeType,8L
-
-#define SN_host         "host"
-#define NID_host                466
-#define OBJ_host                OBJ_pilotAttributeType,9L
-
-#define SN_manager              "manager"
-#define NID_manager             467
-#define OBJ_manager             OBJ_pilotAttributeType,10L
-
-#define LN_documentIdentifier           "documentIdentifier"
-#define NID_documentIdentifier          468
-#define OBJ_documentIdentifier          OBJ_pilotAttributeType,11L
-
-#define LN_documentTitle                "documentTitle"
-#define NID_documentTitle               469
-#define OBJ_documentTitle               OBJ_pilotAttributeType,12L
-
-#define LN_documentVersion              "documentVersion"
-#define NID_documentVersion             470
-#define OBJ_documentVersion             OBJ_pilotAttributeType,13L
-
-#define LN_documentAuthor               "documentAuthor"
-#define NID_documentAuthor              471
-#define OBJ_documentAuthor              OBJ_pilotAttributeType,14L
-
-#define LN_documentLocation             "documentLocation"
-#define NID_documentLocation            472
-#define OBJ_documentLocation            OBJ_pilotAttributeType,15L
-
-#define LN_homeTelephoneNumber          "homeTelephoneNumber"
-#define NID_homeTelephoneNumber         473
-#define OBJ_homeTelephoneNumber         OBJ_pilotAttributeType,20L
-
-#define SN_secretary            "secretary"
-#define NID_secretary           474
-#define OBJ_secretary           OBJ_pilotAttributeType,21L
-
-#define LN_otherMailbox         "otherMailbox"
-#define NID_otherMailbox                475
-#define OBJ_otherMailbox                OBJ_pilotAttributeType,22L
-
-#define LN_lastModifiedTime             "lastModifiedTime"
-#define NID_lastModifiedTime            476
-#define OBJ_lastModifiedTime            OBJ_pilotAttributeType,23L
-
-#define LN_lastModifiedBy               "lastModifiedBy"
-#define NID_lastModifiedBy              477
-#define OBJ_lastModifiedBy              OBJ_pilotAttributeType,24L
-
-#define SN_domainComponent              "DC"
-#define LN_domainComponent              "domainComponent"
-#define NID_domainComponent             391
-#define OBJ_domainComponent             OBJ_pilotAttributeType,25L
-
-#define LN_aRecord              "aRecord"
-#define NID_aRecord             478
-#define OBJ_aRecord             OBJ_pilotAttributeType,26L
-
-#define LN_pilotAttributeType27         "pilotAttributeType27"
-#define NID_pilotAttributeType27                479
-#define OBJ_pilotAttributeType27                OBJ_pilotAttributeType,27L
-
-#define LN_mXRecord             "mXRecord"
-#define NID_mXRecord            480
-#define OBJ_mXRecord            OBJ_pilotAttributeType,28L
-
-#define LN_nSRecord             "nSRecord"
-#define NID_nSRecord            481
-#define OBJ_nSRecord            OBJ_pilotAttributeType,29L
-
-#define LN_sOARecord            "sOARecord"
-#define NID_sOARecord           482
-#define OBJ_sOARecord           OBJ_pilotAttributeType,30L
-
-#define LN_cNAMERecord          "cNAMERecord"
-#define NID_cNAMERecord         483
-#define OBJ_cNAMERecord         OBJ_pilotAttributeType,31L
-
-#define LN_associatedDomain             "associatedDomain"
-#define NID_associatedDomain            484
-#define OBJ_associatedDomain            OBJ_pilotAttributeType,37L
-
-#define LN_associatedName               "associatedName"
-#define NID_associatedName              485
-#define OBJ_associatedName              OBJ_pilotAttributeType,38L
-
-#define LN_homePostalAddress            "homePostalAddress"
-#define NID_homePostalAddress           486
-#define OBJ_homePostalAddress           OBJ_pilotAttributeType,39L
-
-#define LN_personalTitle                "personalTitle"
-#define NID_personalTitle               487
-#define OBJ_personalTitle               OBJ_pilotAttributeType,40L
-
-#define LN_mobileTelephoneNumber                "mobileTelephoneNumber"
-#define NID_mobileTelephoneNumber               488
-#define OBJ_mobileTelephoneNumber               OBJ_pilotAttributeType,41L
-
-#define LN_pagerTelephoneNumber         "pagerTelephoneNumber"
-#define NID_pagerTelephoneNumber                489
-#define OBJ_pagerTelephoneNumber                OBJ_pilotAttributeType,42L
-
-#define LN_friendlyCountryName          "friendlyCountryName"
-#define NID_friendlyCountryName         490
-#define OBJ_friendlyCountryName         OBJ_pilotAttributeType,43L
-
-#define LN_organizationalStatus         "organizationalStatus"
-#define NID_organizationalStatus                491
-#define OBJ_organizationalStatus                OBJ_pilotAttributeType,45L
-
-#define LN_janetMailbox         "janetMailbox"
-#define NID_janetMailbox                492
-#define OBJ_janetMailbox                OBJ_pilotAttributeType,46L
-
-#define LN_mailPreferenceOption         "mailPreferenceOption"
-#define NID_mailPreferenceOption                493
-#define OBJ_mailPreferenceOption                OBJ_pilotAttributeType,47L
-
-#define LN_buildingName         "buildingName"
-#define NID_buildingName                494
-#define OBJ_buildingName                OBJ_pilotAttributeType,48L
-
-#define LN_dSAQuality           "dSAQuality"
-#define NID_dSAQuality          495
-#define OBJ_dSAQuality          OBJ_pilotAttributeType,49L
-
-#define LN_singleLevelQuality           "singleLevelQuality"
-#define NID_singleLevelQuality          496
-#define OBJ_singleLevelQuality          OBJ_pilotAttributeType,50L
-
-#define LN_subtreeMinimumQuality                "subtreeMinimumQuality"
-#define NID_subtreeMinimumQuality               497
-#define OBJ_subtreeMinimumQuality               OBJ_pilotAttributeType,51L
-
-#define LN_subtreeMaximumQuality                "subtreeMaximumQuality"
-#define NID_subtreeMaximumQuality               498
-#define OBJ_subtreeMaximumQuality               OBJ_pilotAttributeType,52L
-
-#define LN_personalSignature            "personalSignature"
-#define NID_personalSignature           499
-#define OBJ_personalSignature           OBJ_pilotAttributeType,53L
-
-#define LN_dITRedirect          "dITRedirect"
-#define NID_dITRedirect         500
-#define OBJ_dITRedirect         OBJ_pilotAttributeType,54L
-
-#define SN_audio                "audio"
-#define NID_audio               501
-#define OBJ_audio               OBJ_pilotAttributeType,55L
-
-#define LN_documentPublisher            "documentPublisher"
-#define NID_documentPublisher           502
-#define OBJ_documentPublisher           OBJ_pilotAttributeType,56L
-
-#define SN_id_set               "id-set"
-#define LN_id_set               "Secure Electronic Transactions"
-#define NID_id_set              512
-#define OBJ_id_set              2L,23L,42L
-
-#define SN_set_ctype            "set-ctype"
-#define LN_set_ctype            "content types"
-#define NID_set_ctype           513
-#define OBJ_set_ctype           OBJ_id_set,0L
-
-#define SN_set_msgExt           "set-msgExt"
-#define LN_set_msgExt           "message extensions"
-#define NID_set_msgExt          514
-#define OBJ_set_msgExt          OBJ_id_set,1L
-
-#define SN_set_attr             "set-attr"
-#define NID_set_attr            515
-#define OBJ_set_attr            OBJ_id_set,3L
-
-#define SN_set_policy           "set-policy"
-#define NID_set_policy          516
-#define OBJ_set_policy          OBJ_id_set,5L
-
-#define SN_set_certExt          "set-certExt"
-#define LN_set_certExt          "certificate extensions"
-#define NID_set_certExt         517
-#define OBJ_set_certExt         OBJ_id_set,7L
-
-#define SN_set_brand            "set-brand"
-#define NID_set_brand           518
-#define OBJ_set_brand           OBJ_id_set,8L
-
-#define SN_setct_PANData                "setct-PANData"
-#define NID_setct_PANData               519
-#define OBJ_setct_PANData               OBJ_set_ctype,0L
-
-#define SN_setct_PANToken               "setct-PANToken"
-#define NID_setct_PANToken              520
-#define OBJ_setct_PANToken              OBJ_set_ctype,1L
-
-#define SN_setct_PANOnly                "setct-PANOnly"
-#define NID_setct_PANOnly               521
-#define OBJ_setct_PANOnly               OBJ_set_ctype,2L
-
-#define SN_setct_OIData         "setct-OIData"
-#define NID_setct_OIData                522
-#define OBJ_setct_OIData                OBJ_set_ctype,3L
-
-#define SN_setct_PI             "setct-PI"
-#define NID_setct_PI            523
-#define OBJ_setct_PI            OBJ_set_ctype,4L
-
-#define SN_setct_PIData         "setct-PIData"
-#define NID_setct_PIData                524
-#define OBJ_setct_PIData                OBJ_set_ctype,5L
-
-#define SN_setct_PIDataUnsigned         "setct-PIDataUnsigned"
-#define NID_setct_PIDataUnsigned                525
-#define OBJ_setct_PIDataUnsigned                OBJ_set_ctype,6L
-
-#define SN_setct_HODInput               "setct-HODInput"
-#define NID_setct_HODInput              526
-#define OBJ_setct_HODInput              OBJ_set_ctype,7L
-
-#define SN_setct_AuthResBaggage         "setct-AuthResBaggage"
-#define NID_setct_AuthResBaggage                527
-#define OBJ_setct_AuthResBaggage                OBJ_set_ctype,8L
-
-#define SN_setct_AuthRevReqBaggage              "setct-AuthRevReqBaggage"
-#define NID_setct_AuthRevReqBaggage             528
-#define OBJ_setct_AuthRevReqBaggage             OBJ_set_ctype,9L
-
-#define SN_setct_AuthRevResBaggage              "setct-AuthRevResBaggage"
-#define NID_setct_AuthRevResBaggage             529
-#define OBJ_setct_AuthRevResBaggage             OBJ_set_ctype,10L
-
-#define SN_setct_CapTokenSeq            "setct-CapTokenSeq"
-#define NID_setct_CapTokenSeq           530
-#define OBJ_setct_CapTokenSeq           OBJ_set_ctype,11L
-
-#define SN_setct_PInitResData           "setct-PInitResData"
-#define NID_setct_PInitResData          531
-#define OBJ_setct_PInitResData          OBJ_set_ctype,12L
-
-#define SN_setct_PI_TBS         "setct-PI-TBS"
-#define NID_setct_PI_TBS                532
-#define OBJ_setct_PI_TBS                OBJ_set_ctype,13L
-
-#define SN_setct_PResData               "setct-PResData"
-#define NID_setct_PResData              533
-#define OBJ_setct_PResData              OBJ_set_ctype,14L
-
-#define SN_setct_AuthReqTBS             "setct-AuthReqTBS"
-#define NID_setct_AuthReqTBS            534
-#define OBJ_setct_AuthReqTBS            OBJ_set_ctype,16L
-
-#define SN_setct_AuthResTBS             "setct-AuthResTBS"
-#define NID_setct_AuthResTBS            535
-#define OBJ_setct_AuthResTBS            OBJ_set_ctype,17L
-
-#define SN_setct_AuthResTBSX            "setct-AuthResTBSX"
-#define NID_setct_AuthResTBSX           536
-#define OBJ_setct_AuthResTBSX           OBJ_set_ctype,18L
-
-#define SN_setct_AuthTokenTBS           "setct-AuthTokenTBS"
-#define NID_setct_AuthTokenTBS          537
-#define OBJ_setct_AuthTokenTBS          OBJ_set_ctype,19L
-
-#define SN_setct_CapTokenData           "setct-CapTokenData"
-#define NID_setct_CapTokenData          538
-#define OBJ_setct_CapTokenData          OBJ_set_ctype,20L
-
-#define SN_setct_CapTokenTBS            "setct-CapTokenTBS"
-#define NID_setct_CapTokenTBS           539
-#define OBJ_setct_CapTokenTBS           OBJ_set_ctype,21L
-
-#define SN_setct_AcqCardCodeMsg         "setct-AcqCardCodeMsg"
-#define NID_setct_AcqCardCodeMsg                540
-#define OBJ_setct_AcqCardCodeMsg                OBJ_set_ctype,22L
-
-#define SN_setct_AuthRevReqTBS          "setct-AuthRevReqTBS"
-#define NID_setct_AuthRevReqTBS         541
-#define OBJ_setct_AuthRevReqTBS         OBJ_set_ctype,23L
-
-#define SN_setct_AuthRevResData         "setct-AuthRevResData"
-#define NID_setct_AuthRevResData                542
-#define OBJ_setct_AuthRevResData                OBJ_set_ctype,24L
-
-#define SN_setct_AuthRevResTBS          "setct-AuthRevResTBS"
-#define NID_setct_AuthRevResTBS         543
-#define OBJ_setct_AuthRevResTBS         OBJ_set_ctype,25L
-
-#define SN_setct_CapReqTBS              "setct-CapReqTBS"
-#define NID_setct_CapReqTBS             544
-#define OBJ_setct_CapReqTBS             OBJ_set_ctype,26L
-
-#define SN_setct_CapReqTBSX             "setct-CapReqTBSX"
-#define NID_setct_CapReqTBSX            545
-#define OBJ_setct_CapReqTBSX            OBJ_set_ctype,27L
-
-#define SN_setct_CapResData             "setct-CapResData"
-#define NID_setct_CapResData            546
-#define OBJ_setct_CapResData            OBJ_set_ctype,28L
-
-#define SN_setct_CapRevReqTBS           "setct-CapRevReqTBS"
-#define NID_setct_CapRevReqTBS          547
-#define OBJ_setct_CapRevReqTBS          OBJ_set_ctype,29L
-
-#define SN_setct_CapRevReqTBSX          "setct-CapRevReqTBSX"
-#define NID_setct_CapRevReqTBSX         548
-#define OBJ_setct_CapRevReqTBSX         OBJ_set_ctype,30L
-
-#define SN_setct_CapRevResData          "setct-CapRevResData"
-#define NID_setct_CapRevResData         549
-#define OBJ_setct_CapRevResData         OBJ_set_ctype,31L
-
-#define SN_setct_CredReqTBS             "setct-CredReqTBS"
-#define NID_setct_CredReqTBS            550
-#define OBJ_setct_CredReqTBS            OBJ_set_ctype,32L
-
-#define SN_setct_CredReqTBSX            "setct-CredReqTBSX"
-#define NID_setct_CredReqTBSX           551
-#define OBJ_setct_CredReqTBSX           OBJ_set_ctype,33L
-
-#define SN_setct_CredResData            "setct-CredResData"
-#define NID_setct_CredResData           552
-#define OBJ_setct_CredResData           OBJ_set_ctype,34L
-
-#define SN_setct_CredRevReqTBS          "setct-CredRevReqTBS"
-#define NID_setct_CredRevReqTBS         553
-#define OBJ_setct_CredRevReqTBS         OBJ_set_ctype,35L
-
-#define SN_setct_CredRevReqTBSX         "setct-CredRevReqTBSX"
-#define NID_setct_CredRevReqTBSX                554
-#define OBJ_setct_CredRevReqTBSX                OBJ_set_ctype,36L
-
-#define SN_setct_CredRevResData         "setct-CredRevResData"
-#define NID_setct_CredRevResData                555
-#define OBJ_setct_CredRevResData                OBJ_set_ctype,37L
-
-#define SN_setct_PCertReqData           "setct-PCertReqData"
-#define NID_setct_PCertReqData          556
-#define OBJ_setct_PCertReqData          OBJ_set_ctype,38L
-
-#define SN_setct_PCertResTBS            "setct-PCertResTBS"
-#define NID_setct_PCertResTBS           557
-#define OBJ_setct_PCertResTBS           OBJ_set_ctype,39L
-
-#define SN_setct_BatchAdminReqData              "setct-BatchAdminReqData"
-#define NID_setct_BatchAdminReqData             558
-#define OBJ_setct_BatchAdminReqData             OBJ_set_ctype,40L
-
-#define SN_setct_BatchAdminResData              "setct-BatchAdminResData"
-#define NID_setct_BatchAdminResData             559
-#define OBJ_setct_BatchAdminResData             OBJ_set_ctype,41L
-
-#define SN_setct_CardCInitResTBS                "setct-CardCInitResTBS"
-#define NID_setct_CardCInitResTBS               560
-#define OBJ_setct_CardCInitResTBS               OBJ_set_ctype,42L
-
-#define SN_setct_MeAqCInitResTBS                "setct-MeAqCInitResTBS"
-#define NID_setct_MeAqCInitResTBS               561
-#define OBJ_setct_MeAqCInitResTBS               OBJ_set_ctype,43L
-
-#define SN_setct_RegFormResTBS          "setct-RegFormResTBS"
-#define NID_setct_RegFormResTBS         562
-#define OBJ_setct_RegFormResTBS         OBJ_set_ctype,44L
-
-#define SN_setct_CertReqData            "setct-CertReqData"
-#define NID_setct_CertReqData           563
-#define OBJ_setct_CertReqData           OBJ_set_ctype,45L
-
-#define SN_setct_CertReqTBS             "setct-CertReqTBS"
-#define NID_setct_CertReqTBS            564
-#define OBJ_setct_CertReqTBS            OBJ_set_ctype,46L
-
-#define SN_setct_CertResData            "setct-CertResData"
-#define NID_setct_CertResData           565
-#define OBJ_setct_CertResData           OBJ_set_ctype,47L
-
-#define SN_setct_CertInqReqTBS          "setct-CertInqReqTBS"
-#define NID_setct_CertInqReqTBS         566
-#define OBJ_setct_CertInqReqTBS         OBJ_set_ctype,48L
-
-#define SN_setct_ErrorTBS               "setct-ErrorTBS"
-#define NID_setct_ErrorTBS              567
-#define OBJ_setct_ErrorTBS              OBJ_set_ctype,49L
-
-#define SN_setct_PIDualSignedTBE                "setct-PIDualSignedTBE"
-#define NID_setct_PIDualSignedTBE               568
-#define OBJ_setct_PIDualSignedTBE               OBJ_set_ctype,50L
-
-#define SN_setct_PIUnsignedTBE          "setct-PIUnsignedTBE"
-#define NID_setct_PIUnsignedTBE         569
-#define OBJ_setct_PIUnsignedTBE         OBJ_set_ctype,51L
-
-#define SN_setct_AuthReqTBE             "setct-AuthReqTBE"
-#define NID_setct_AuthReqTBE            570
-#define OBJ_setct_AuthReqTBE            OBJ_set_ctype,52L
-
-#define SN_setct_AuthResTBE             "setct-AuthResTBE"
-#define NID_setct_AuthResTBE            571
-#define OBJ_setct_AuthResTBE            OBJ_set_ctype,53L
-
-#define SN_setct_AuthResTBEX            "setct-AuthResTBEX"
-#define NID_setct_AuthResTBEX           572
-#define OBJ_setct_AuthResTBEX           OBJ_set_ctype,54L
-
-#define SN_setct_AuthTokenTBE           "setct-AuthTokenTBE"
-#define NID_setct_AuthTokenTBE          573
-#define OBJ_setct_AuthTokenTBE          OBJ_set_ctype,55L
-
-#define SN_setct_CapTokenTBE            "setct-CapTokenTBE"
-#define NID_setct_CapTokenTBE           574
-#define OBJ_setct_CapTokenTBE           OBJ_set_ctype,56L
-
-#define SN_setct_CapTokenTBEX           "setct-CapTokenTBEX"
-#define NID_setct_CapTokenTBEX          575
-#define OBJ_setct_CapTokenTBEX          OBJ_set_ctype,57L
-
-#define SN_setct_AcqCardCodeMsgTBE              "setct-AcqCardCodeMsgTBE"
-#define NID_setct_AcqCardCodeMsgTBE             576
-#define OBJ_setct_AcqCardCodeMsgTBE             OBJ_set_ctype,58L
-
-#define SN_setct_AuthRevReqTBE          "setct-AuthRevReqTBE"
-#define NID_setct_AuthRevReqTBE         577
-#define OBJ_setct_AuthRevReqTBE         OBJ_set_ctype,59L
-
-#define SN_setct_AuthRevResTBE          "setct-AuthRevResTBE"
-#define NID_setct_AuthRevResTBE         578
-#define OBJ_setct_AuthRevResTBE         OBJ_set_ctype,60L
-
-#define SN_setct_AuthRevResTBEB         "setct-AuthRevResTBEB"
-#define NID_setct_AuthRevResTBEB                579
-#define OBJ_setct_AuthRevResTBEB                OBJ_set_ctype,61L
-
-#define SN_setct_CapReqTBE              "setct-CapReqTBE"
-#define NID_setct_CapReqTBE             580
-#define OBJ_setct_CapReqTBE             OBJ_set_ctype,62L
-
-#define SN_setct_CapReqTBEX             "setct-CapReqTBEX"
-#define NID_setct_CapReqTBEX            581
-#define OBJ_setct_CapReqTBEX            OBJ_set_ctype,63L
-
-#define SN_setct_CapResTBE              "setct-CapResTBE"
-#define NID_setct_CapResTBE             582
-#define OBJ_setct_CapResTBE             OBJ_set_ctype,64L
-
-#define SN_setct_CapRevReqTBE           "setct-CapRevReqTBE"
-#define NID_setct_CapRevReqTBE          583
-#define OBJ_setct_CapRevReqTBE          OBJ_set_ctype,65L
-
-#define SN_setct_CapRevReqTBEX          "setct-CapRevReqTBEX"
-#define NID_setct_CapRevReqTBEX         584
-#define OBJ_setct_CapRevReqTBEX         OBJ_set_ctype,66L
-
-#define SN_setct_CapRevResTBE           "setct-CapRevResTBE"
-#define NID_setct_CapRevResTBE          585
-#define OBJ_setct_CapRevResTBE          OBJ_set_ctype,67L
-
-#define SN_setct_CredReqTBE             "setct-CredReqTBE"
-#define NID_setct_CredReqTBE            586
-#define OBJ_setct_CredReqTBE            OBJ_set_ctype,68L
-
-#define SN_setct_CredReqTBEX            "setct-CredReqTBEX"
-#define NID_setct_CredReqTBEX           587
-#define OBJ_setct_CredReqTBEX           OBJ_set_ctype,69L
-
-#define SN_setct_CredResTBE             "setct-CredResTBE"
-#define NID_setct_CredResTBE            588
-#define OBJ_setct_CredResTBE            OBJ_set_ctype,70L
-
-#define SN_setct_CredRevReqTBE          "setct-CredRevReqTBE"
-#define NID_setct_CredRevReqTBE         589
-#define OBJ_setct_CredRevReqTBE         OBJ_set_ctype,71L
-
-#define SN_setct_CredRevReqTBEX         "setct-CredRevReqTBEX"
-#define NID_setct_CredRevReqTBEX                590
-#define OBJ_setct_CredRevReqTBEX                OBJ_set_ctype,72L
-
-#define SN_setct_CredRevResTBE          "setct-CredRevResTBE"
-#define NID_setct_CredRevResTBE         591
-#define OBJ_setct_CredRevResTBE         OBJ_set_ctype,73L
-
-#define SN_setct_BatchAdminReqTBE               "setct-BatchAdminReqTBE"
-#define NID_setct_BatchAdminReqTBE              592
-#define OBJ_setct_BatchAdminReqTBE              OBJ_set_ctype,74L
-
-#define SN_setct_BatchAdminResTBE               "setct-BatchAdminResTBE"
-#define NID_setct_BatchAdminResTBE              593
-#define OBJ_setct_BatchAdminResTBE              OBJ_set_ctype,75L
-
-#define SN_setct_RegFormReqTBE          "setct-RegFormReqTBE"
-#define NID_setct_RegFormReqTBE         594
-#define OBJ_setct_RegFormReqTBE         OBJ_set_ctype,76L
-
-#define SN_setct_CertReqTBE             "setct-CertReqTBE"
-#define NID_setct_CertReqTBE            595
-#define OBJ_setct_CertReqTBE            OBJ_set_ctype,77L
-
-#define SN_setct_CertReqTBEX            "setct-CertReqTBEX"
-#define NID_setct_CertReqTBEX           596
-#define OBJ_setct_CertReqTBEX           OBJ_set_ctype,78L
-
-#define SN_setct_CertResTBE             "setct-CertResTBE"
-#define NID_setct_CertResTBE            597
-#define OBJ_setct_CertResTBE            OBJ_set_ctype,79L
-
-#define SN_setct_CRLNotificationTBS             "setct-CRLNotificationTBS"
-#define NID_setct_CRLNotificationTBS            598
-#define OBJ_setct_CRLNotificationTBS            OBJ_set_ctype,80L
-
-#define SN_setct_CRLNotificationResTBS          "setct-CRLNotificationResTBS"
-#define NID_setct_CRLNotificationResTBS         599
-#define OBJ_setct_CRLNotificationResTBS         OBJ_set_ctype,81L
-
-#define SN_setct_BCIDistributionTBS             "setct-BCIDistributionTBS"
-#define NID_setct_BCIDistributionTBS            600
-#define OBJ_setct_BCIDistributionTBS            OBJ_set_ctype,82L
-
-#define SN_setext_genCrypt              "setext-genCrypt"
-#define LN_setext_genCrypt              "generic cryptogram"
-#define NID_setext_genCrypt             601
-#define OBJ_setext_genCrypt             OBJ_set_msgExt,1L
-
-#define SN_setext_miAuth                "setext-miAuth"
-#define LN_setext_miAuth                "merchant initiated auth"
-#define NID_setext_miAuth               602
-#define OBJ_setext_miAuth               OBJ_set_msgExt,3L
-
-#define SN_setext_pinSecure             "setext-pinSecure"
-#define NID_setext_pinSecure            603
-#define OBJ_setext_pinSecure            OBJ_set_msgExt,4L
-
-#define SN_setext_pinAny                "setext-pinAny"
-#define NID_setext_pinAny               604
-#define OBJ_setext_pinAny               OBJ_set_msgExt,5L
-
-#define SN_setext_track2                "setext-track2"
-#define NID_setext_track2               605
-#define OBJ_setext_track2               OBJ_set_msgExt,7L
-
-#define SN_setext_cv            "setext-cv"
-#define LN_setext_cv            "additional verification"
-#define NID_setext_cv           606
-#define OBJ_setext_cv           OBJ_set_msgExt,8L
-
-#define SN_set_policy_root              "set-policy-root"
-#define NID_set_policy_root             607
-#define OBJ_set_policy_root             OBJ_set_policy,0L
-
-#define SN_setCext_hashedRoot           "setCext-hashedRoot"
-#define NID_setCext_hashedRoot          608
-#define OBJ_setCext_hashedRoot          OBJ_set_certExt,0L
-
-#define SN_setCext_certType             "setCext-certType"
-#define NID_setCext_certType            609
-#define OBJ_setCext_certType            OBJ_set_certExt,1L
-
-#define SN_setCext_merchData            "setCext-merchData"
-#define NID_setCext_merchData           610
-#define OBJ_setCext_merchData           OBJ_set_certExt,2L
-
-#define SN_setCext_cCertRequired                "setCext-cCertRequired"
-#define NID_setCext_cCertRequired               611
-#define OBJ_setCext_cCertRequired               OBJ_set_certExt,3L
-
-#define SN_setCext_tunneling            "setCext-tunneling"
-#define NID_setCext_tunneling           612
-#define OBJ_setCext_tunneling           OBJ_set_certExt,4L
-
-#define SN_setCext_setExt               "setCext-setExt"
-#define NID_setCext_setExt              613
-#define OBJ_setCext_setExt              OBJ_set_certExt,5L
-
-#define SN_setCext_setQualf             "setCext-setQualf"
-#define NID_setCext_setQualf            614
-#define OBJ_setCext_setQualf            OBJ_set_certExt,6L
-
-#define SN_setCext_PGWYcapabilities             "setCext-PGWYcapabilities"
-#define NID_setCext_PGWYcapabilities            615
-#define OBJ_setCext_PGWYcapabilities            OBJ_set_certExt,7L
-
-#define SN_setCext_TokenIdentifier              "setCext-TokenIdentifier"
-#define NID_setCext_TokenIdentifier             616
-#define OBJ_setCext_TokenIdentifier             OBJ_set_certExt,8L
-
-#define SN_setCext_Track2Data           "setCext-Track2Data"
-#define NID_setCext_Track2Data          617
-#define OBJ_setCext_Track2Data          OBJ_set_certExt,9L
-
-#define SN_setCext_TokenType            "setCext-TokenType"
-#define NID_setCext_TokenType           618
-#define OBJ_setCext_TokenType           OBJ_set_certExt,10L
-
-#define SN_setCext_IssuerCapabilities           "setCext-IssuerCapabilities"
-#define NID_setCext_IssuerCapabilities          619
-#define OBJ_setCext_IssuerCapabilities          OBJ_set_certExt,11L
-
-#define SN_setAttr_Cert         "setAttr-Cert"
-#define NID_setAttr_Cert                620
-#define OBJ_setAttr_Cert                OBJ_set_attr,0L
-
-#define SN_setAttr_PGWYcap              "setAttr-PGWYcap"
-#define LN_setAttr_PGWYcap              "payment gateway capabilities"
-#define NID_setAttr_PGWYcap             621
-#define OBJ_setAttr_PGWYcap             OBJ_set_attr,1L
-
-#define SN_setAttr_TokenType            "setAttr-TokenType"
-#define NID_setAttr_TokenType           622
-#define OBJ_setAttr_TokenType           OBJ_set_attr,2L
-
-#define SN_setAttr_IssCap               "setAttr-IssCap"
-#define LN_setAttr_IssCap               "issuer capabilities"
-#define NID_setAttr_IssCap              623
-#define OBJ_setAttr_IssCap              OBJ_set_attr,3L
-
-#define SN_set_rootKeyThumb             "set-rootKeyThumb"
-#define NID_set_rootKeyThumb            624
-#define OBJ_set_rootKeyThumb            OBJ_setAttr_Cert,0L
-
-#define SN_set_addPolicy                "set-addPolicy"
-#define NID_set_addPolicy               625
-#define OBJ_set_addPolicy               OBJ_setAttr_Cert,1L
-
-#define SN_setAttr_Token_EMV            "setAttr-Token-EMV"
-#define NID_setAttr_Token_EMV           626
-#define OBJ_setAttr_Token_EMV           OBJ_setAttr_TokenType,1L
-
-#define SN_setAttr_Token_B0Prime                "setAttr-Token-B0Prime"
-#define NID_setAttr_Token_B0Prime               627
-#define OBJ_setAttr_Token_B0Prime               OBJ_setAttr_TokenType,2L
-
-#define SN_setAttr_IssCap_CVM           "setAttr-IssCap-CVM"
-#define NID_setAttr_IssCap_CVM          628
-#define OBJ_setAttr_IssCap_CVM          OBJ_setAttr_IssCap,3L
-
-#define SN_setAttr_IssCap_T2            "setAttr-IssCap-T2"
-#define NID_setAttr_IssCap_T2           629
-#define OBJ_setAttr_IssCap_T2           OBJ_setAttr_IssCap,4L
-
-#define SN_setAttr_IssCap_Sig           "setAttr-IssCap-Sig"
-#define NID_setAttr_IssCap_Sig          630
-#define OBJ_setAttr_IssCap_Sig          OBJ_setAttr_IssCap,5L
-
-#define SN_setAttr_GenCryptgrm          "setAttr-GenCryptgrm"
-#define LN_setAttr_GenCryptgrm          "generate cryptogram"
-#define NID_setAttr_GenCryptgrm         631
-#define OBJ_setAttr_GenCryptgrm         OBJ_setAttr_IssCap_CVM,1L
-
-#define SN_setAttr_T2Enc                "setAttr-T2Enc"
-#define LN_setAttr_T2Enc                "encrypted track 2"
-#define NID_setAttr_T2Enc               632
-#define OBJ_setAttr_T2Enc               OBJ_setAttr_IssCap_T2,1L
-
-#define SN_setAttr_T2cleartxt           "setAttr-T2cleartxt"
-#define LN_setAttr_T2cleartxt           "cleartext track 2"
-#define NID_setAttr_T2cleartxt          633
-#define OBJ_setAttr_T2cleartxt          OBJ_setAttr_IssCap_T2,2L
-
-#define SN_setAttr_TokICCsig            "setAttr-TokICCsig"
-#define LN_setAttr_TokICCsig            "ICC or token signature"
-#define NID_setAttr_TokICCsig           634
-#define OBJ_setAttr_TokICCsig           OBJ_setAttr_IssCap_Sig,1L
-
-#define SN_setAttr_SecDevSig            "setAttr-SecDevSig"
-#define LN_setAttr_SecDevSig            "secure device signature"
-#define NID_setAttr_SecDevSig           635
-#define OBJ_setAttr_SecDevSig           OBJ_setAttr_IssCap_Sig,2L
-
-#define SN_set_brand_IATA_ATA           "set-brand-IATA-ATA"
-#define NID_set_brand_IATA_ATA          636
-#define OBJ_set_brand_IATA_ATA          OBJ_set_brand,1L
-
-#define SN_set_brand_Diners             "set-brand-Diners"
-#define NID_set_brand_Diners            637
-#define OBJ_set_brand_Diners            OBJ_set_brand,30L
-
-#define SN_set_brand_AmericanExpress            "set-brand-AmericanExpress"
-#define NID_set_brand_AmericanExpress           638
-#define OBJ_set_brand_AmericanExpress           OBJ_set_brand,34L
-
-#define SN_set_brand_JCB                "set-brand-JCB"
-#define NID_set_brand_JCB               639
-#define OBJ_set_brand_JCB               OBJ_set_brand,35L
-
-#define SN_set_brand_Visa               "set-brand-Visa"
-#define NID_set_brand_Visa              640
-#define OBJ_set_brand_Visa              OBJ_set_brand,4L
-
-#define SN_set_brand_MasterCard         "set-brand-MasterCard"
-#define NID_set_brand_MasterCard                641
-#define OBJ_set_brand_MasterCard                OBJ_set_brand,5L
-
-#define SN_set_brand_Novus              "set-brand-Novus"
-#define NID_set_brand_Novus             642
-#define OBJ_set_brand_Novus             OBJ_set_brand,6011L
-
-#define SN_des_cdmf             "DES-CDMF"
-#define LN_des_cdmf             "des-cdmf"
-#define NID_des_cdmf            643
-#define OBJ_des_cdmf            OBJ_rsadsi,3L,10L
-
-#define SN_rsaOAEPEncryptionSET         "rsaOAEPEncryptionSET"
-#define NID_rsaOAEPEncryptionSET                644
-#define OBJ_rsaOAEPEncryptionSET                OBJ_rsadsi,1L,1L,6L
-
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
new file mode 100644
index 0000000000..0e64a929ba
--- /dev/null
+++ b/src/lib/libcrypto/objects/obj_mac.num
@@ -0,0 +1,667 @@
+undef           0
+rsadsi          1
+pkcs            2
+md2             3
+md5             4
+rc4             5
+rsaEncryption           6
+md2WithRSAEncryption            7
+md5WithRSAEncryption            8
+pbeWithMD2AndDES_CBC            9
+pbeWithMD5AndDES_CBC            10
+X500            11
+X509            12
+commonName              13
+countryName             14
+localityName            15
+stateOrProvinceName             16
+organizationName                17
+organizationalUnitName          18
+rsa             19
+pkcs7           20
+pkcs7_data              21
+pkcs7_signed            22
+pkcs7_enveloped         23
+pkcs7_signedAndEnveloped                24
+pkcs7_digest            25
+pkcs7_encrypted         26
+pkcs3           27
+dhKeyAgreement          28
+des_ecb         29
+des_cfb64               30
+des_cbc         31
+des_ede_ecb             32
+des_ede3_ecb            33
+idea_cbc                34
+idea_cfb64              35
+idea_ecb                36
+rc2_cbc         37
+rc2_ecb         38
+rc2_cfb64               39
+rc2_ofb64               40
+sha             41
+shaWithRSAEncryption            42
+des_ede_cbc             43
+des_ede3_cbc            44
+des_ofb64               45
+idea_ofb64              46
+pkcs9           47
+pkcs9_emailAddress              48
+pkcs9_unstructuredName          49
+pkcs9_contentType               50
+pkcs9_messageDigest             51
+pkcs9_signingTime               52
+pkcs9_countersignature          53
+pkcs9_challengePassword         54
+pkcs9_unstructuredAddress               55
+pkcs9_extCertAttributes         56
+netscape                57
+netscape_cert_extension         58
+netscape_data_type              59
+des_ede_cfb64           60
+des_ede3_cfb64          61
+des_ede_ofb64           62
+des_ede3_ofb64          63
+sha1            64
+sha1WithRSAEncryption           65
+dsaWithSHA              66
+dsa_2           67
+pbeWithSHA1AndRC2_CBC           68
+id_pbkdf2               69
+dsaWithSHA1_2           70
+netscape_cert_type              71
+netscape_base_url               72
+netscape_revocation_url         73
+netscape_ca_revocation_url              74
+netscape_renewal_url            75
+netscape_ca_policy_url          76
+netscape_ssl_server_name                77
+netscape_comment                78
+netscape_cert_sequence          79
+desx_cbc                80
+id_ce           81
+subject_key_identifier          82
+key_usage               83
+private_key_usage_period                84
+subject_alt_name                85
+issuer_alt_name         86
+basic_constraints               87
+crl_number              88
+certificate_policies            89
+authority_key_identifier                90
+bf_cbc          91
+bf_ecb          92
+bf_cfb64                93
+bf_ofb64                94
+mdc2            95
+mdc2WithRSA             96
+rc4_40          97
+rc2_40_cbc              98
+givenName               99
+surname         100
+initials                101
+uniqueIdentifier                102
+crl_distribution_points         103
+md5WithRSA              104
+serialNumber            105
+title           106
+description             107
+cast5_cbc               108
+cast5_ecb               109
+cast5_cfb64             110
+cast5_ofb64             111
+pbeWithMD5AndCast5_CBC          112
+dsaWithSHA1             113
+md5_sha1                114
+sha1WithRSA             115
+dsa             116
+ripemd160               117
+ripemd160WithRSA                119
+rc5_cbc         120
+rc5_ecb         121
+rc5_cfb64               122
+rc5_ofb64               123
+rle_compression         124
+zlib_compression                125
+ext_key_usage           126
+id_pkix         127
+id_kp           128
+server_auth             129
+client_auth             130
+code_sign               131
+email_protect           132
+time_stamp              133
+ms_code_ind             134
+ms_code_com             135
+ms_ctl_sign             136
+ms_sgc          137
+ms_efs          138
+ns_sgc          139
+delta_crl               140
+crl_reason              141
+invalidity_date         142
+sxnet           143
+pbe_WithSHA1And128BitRC4                144
+pbe_WithSHA1And40BitRC4         145
+pbe_WithSHA1And3_Key_TripleDES_CBC              146
+pbe_WithSHA1And2_Key_TripleDES_CBC              147
+pbe_WithSHA1And128BitRC2_CBC            148
+pbe_WithSHA1And40BitRC2_CBC             149
+keyBag          150
+pkcs8ShroudedKeyBag             151
+certBag         152
+crlBag          153
+secretBag               154
+safeContentsBag         155
+friendlyName            156
+localKeyID              157
+x509Certificate         158
+sdsiCertificate         159
+x509Crl         160
+pbes2           161
+pbmac1          162
+hmacWithSHA1            163
+id_qt_cps               164
+id_qt_unotice           165
+rc2_64_cbc              166
+SMIMECapabilities               167
+pbeWithMD2AndRC2_CBC            168
+pbeWithMD5AndRC2_CBC            169
+pbeWithSHA1AndDES_CBC           170
+ms_ext_req              171
+ext_req         172
+name            173
+dnQualifier             174
+id_pe           175
+id_ad           176
+info_access             177
+ad_OCSP         178
+ad_ca_issuers           179
+OCSP_sign               180
+iso             181
+member_body             182
+ISO_US          183
+X9_57           184
+X9cm            185
+pkcs1           186
+pkcs5           187
+SMIME           188
+id_smime_mod            189
+id_smime_ct             190
+id_smime_aa             191
+id_smime_alg            192
+id_smime_cd             193
+id_smime_spq            194
+id_smime_cti            195
+id_smime_mod_cms                196
+id_smime_mod_ess                197
+id_smime_mod_oid                198
+id_smime_mod_msg_v3             199
+id_smime_mod_ets_eSignature_88          200
+id_smime_mod_ets_eSignature_97          201
+id_smime_mod_ets_eSigPolicy_88          202
+id_smime_mod_ets_eSigPolicy_97          203
+id_smime_ct_receipt             204
+id_smime_ct_authData            205
+id_smime_ct_publishCert         206
+id_smime_ct_TSTInfo             207
+id_smime_ct_TDTInfo             208
+id_smime_ct_contentInfo         209
+id_smime_ct_DVCSRequestData             210
+id_smime_ct_DVCSResponseData            211
+id_smime_aa_receiptRequest              212
+id_smime_aa_securityLabel               213
+id_smime_aa_mlExpandHistory             214
+id_smime_aa_contentHint         215
+id_smime_aa_msgSigDigest                216
+id_smime_aa_encapContentType            217
+id_smime_aa_contentIdentifier           218
+id_smime_aa_macValue            219
+id_smime_aa_equivalentLabels            220
+id_smime_aa_contentReference            221
+id_smime_aa_encrypKeyPref               222
+id_smime_aa_signingCertificate          223
+id_smime_aa_smimeEncryptCerts           224
+id_smime_aa_timeStampToken              225
+id_smime_aa_ets_sigPolicyId             226
+id_smime_aa_ets_commitmentType          227
+id_smime_aa_ets_signerLocation          228
+id_smime_aa_ets_signerAttr              229
+id_smime_aa_ets_otherSigCert            230
+id_smime_aa_ets_contentTimestamp                231
+id_smime_aa_ets_CertificateRefs         232
+id_smime_aa_ets_RevocationRefs          233
+id_smime_aa_ets_certValues              234
+id_smime_aa_ets_revocationValues                235
+id_smime_aa_ets_escTimeStamp            236
+id_smime_aa_ets_certCRLTimestamp                237
+id_smime_aa_ets_archiveTimeStamp                238
+id_smime_aa_signatureType               239
+id_smime_aa_dvcs_dvc            240
+id_smime_alg_ESDHwith3DES               241
+id_smime_alg_ESDHwithRC2                242
+id_smime_alg_3DESwrap           243
+id_smime_alg_RC2wrap            244
+id_smime_alg_ESDH               245
+id_smime_alg_CMS3DESwrap                246
+id_smime_alg_CMSRC2wrap         247
+id_smime_cd_ldap                248
+id_smime_spq_ets_sqt_uri                249
+id_smime_spq_ets_sqt_unotice            250
+id_smime_cti_ets_proofOfOrigin          251
+id_smime_cti_ets_proofOfReceipt         252
+id_smime_cti_ets_proofOfDelivery                253
+id_smime_cti_ets_proofOfSender          254
+id_smime_cti_ets_proofOfApproval                255
+id_smime_cti_ets_proofOfCreation                256
+md4             257
+id_pkix_mod             258
+id_qt           259
+id_it           260
+id_pkip         261
+id_alg          262
+id_cmc          263
+id_on           264
+id_pda          265
+id_aca          266
+id_qcs          267
+id_cct          268
+id_pkix1_explicit_88            269
+id_pkix1_implicit_88            270
+id_pkix1_explicit_93            271
+id_pkix1_implicit_93            272
+id_mod_crmf             273
+id_mod_cmc              274
+id_mod_kea_profile_88           275
+id_mod_kea_profile_93           276
+id_mod_cmp              277
+id_mod_qualified_cert_88                278
+id_mod_qualified_cert_93                279
+id_mod_attribute_cert           280
+id_mod_timestamp_protocol               281
+id_mod_ocsp             282
+id_mod_dvcs             283
+id_mod_cmp2000          284
+biometricInfo           285
+qcStatements            286
+ac_auditEntity          287
+ac_targeting            288
+aaControls              289
+sbqp_ipAddrBlock                290
+sbqp_autonomousSysNum           291
+sbqp_routerIdentifier           292
+textNotice              293
+ipsecEndSystem          294
+ipsecTunnel             295
+ipsecUser               296
+dvcs            297
+id_it_caProtEncCert             298
+id_it_signKeyPairTypes          299
+id_it_encKeyPairTypes           300
+id_it_preferredSymmAlg          301
+id_it_caKeyUpdateInfo           302
+id_it_currentCRL                303
+id_it_unsupportedOIDs           304
+id_it_subscriptionRequest               305
+id_it_subscriptionResponse              306
+id_it_keyPairParamReq           307
+id_it_keyPairParamRep           308
+id_it_revPassphrase             309
+id_it_implicitConfirm           310
+id_it_confirmWaitTime           311
+id_it_origPKIMessage            312
+id_regCtrl              313
+id_regInfo              314
+id_regCtrl_regToken             315
+id_regCtrl_authenticator                316
+id_regCtrl_pkiPublicationInfo           317
+id_regCtrl_pkiArchiveOptions            318
+id_regCtrl_oldCertID            319
+id_regCtrl_protocolEncrKey              320
+id_regInfo_utf8Pairs            321
+id_regInfo_certReq              322
+id_alg_des40            323
+id_alg_noSignature              324
+id_alg_dh_sig_hmac_sha1         325
+id_alg_dh_pop           326
+id_cmc_statusInfo               327
+id_cmc_identification           328
+id_cmc_identityProof            329
+id_cmc_dataReturn               330
+id_cmc_transactionId            331
+id_cmc_senderNonce              332
+id_cmc_recipientNonce           333
+id_cmc_addExtensions            334
+id_cmc_encryptedPOP             335
+id_cmc_decryptedPOP             336
+id_cmc_lraPOPWitness            337
+id_cmc_getCert          338
+id_cmc_getCRL           339
+id_cmc_revokeRequest            340
+id_cmc_regInfo          341
+id_cmc_responseInfo             342
+id_cmc_queryPending             343
+id_cmc_popLinkRandom            344
+id_cmc_popLinkWitness           345
+id_cmc_confirmCertAcceptance            346
+id_on_personalData              347
+id_pda_dateOfBirth              348
+id_pda_placeOfBirth             349
+id_pda_pseudonym                350
+id_pda_gender           351
+id_pda_countryOfCitizenship             352
+id_pda_countryOfResidence               353
+id_aca_authenticationInfo               354
+id_aca_accessIdentity           355
+id_aca_chargingIdentity         356
+id_aca_group            357
+id_aca_role             358
+id_qcs_pkixQCSyntax_v1          359
+id_cct_crs              360
+id_cct_PKIData          361
+id_cct_PKIResponse              362
+ad_timeStamping         363
+ad_dvcs         364
+id_pkix_OCSP_basic              365
+id_pkix_OCSP_Nonce              366
+id_pkix_OCSP_CrlID              367
+id_pkix_OCSP_acceptableResponses                368
+id_pkix_OCSP_noCheck            369
+id_pkix_OCSP_archiveCutoff              370
+id_pkix_OCSP_serviceLocator             371
+id_pkix_OCSP_extendedStatus             372
+id_pkix_OCSP_valid              373
+id_pkix_OCSP_path               374
+id_pkix_OCSP_trustRoot          375
+algorithm               376
+rsaSignature            377
+X500algorithms          378
+org             379
+dod             380
+iana            381
+Directory               382
+Management              383
+Experimental            384
+Private         385
+Security                386
+SNMPv2          387
+Mail            388
+Enterprises             389
+dcObject                390
+domainComponent         391
+Domain          392
+joint_iso_ccitt         393
+selected_attribute_types                394
+clearance               395
+md4WithRSAEncryption            396
+ac_proxying             397
+sinfo_access            398
+id_aca_encAttrs         399
+role            400
+policy_constraints              401
+target_information              402
+no_rev_avail            403
+ccitt           404
+ansi_X9_62              405
+X9_62_prime_field               406
+X9_62_characteristic_two_field          407
+X9_62_id_ecPublicKey            408
+X9_62_prime192v1                409
+X9_62_prime192v2                410
+X9_62_prime192v3                411
+X9_62_prime239v1                412
+X9_62_prime239v2                413
+X9_62_prime239v3                414
+X9_62_prime256v1                415
+ecdsa_with_SHA1         416
+ms_csp_name             417
+aes_128_ecb             418
+aes_128_cbc             419
+aes_128_ofb128          420
+aes_128_cfb128          421
+aes_192_ecb             422
+aes_192_cbc             423
+aes_192_ofb128          424
+aes_192_cfb128          425
+aes_256_ecb             426
+aes_256_cbc             427
+aes_256_ofb128          428
+aes_256_cfb128          429
+hold_instruction_code           430
+hold_instruction_none           431
+hold_instruction_call_issuer            432
+hold_instruction_reject         433
+data            434
+pss             435
+ucl             436
+pilot           437
+pilotAttributeType              438
+pilotAttributeSyntax            439
+pilotObjectClass                440
+pilotGroups             441
+iA5StringSyntax         442
+caseIgnoreIA5StringSyntax               443
+pilotObject             444
+pilotPerson             445
+account         446
+document                447
+room            448
+documentSeries          449
+rFC822localPart         450
+dNSDomain               451
+domainRelatedObject             452
+friendlyCountry         453
+simpleSecurityObject            454
+pilotOrganization               455
+pilotDSA                456
+qualityLabelledData             457
+userId          458
+textEncodedORAddress            459
+rfc822Mailbox           460
+info            461
+favouriteDrink          462
+roomNumber              463
+photo           464
+userClass               465
+host            466
+manager         467
+documentIdentifier              468
+documentTitle           469
+documentVersion         470
+documentAuthor          471
+documentLocation                472
+homeTelephoneNumber             473
+secretary               474
+otherMailbox            475
+lastModifiedTime                476
+lastModifiedBy          477
+aRecord         478
+pilotAttributeType27            479
+mXRecord                480
+nSRecord                481
+sOARecord               482
+cNAMERecord             483
+associatedDomain                484
+associatedName          485
+homePostalAddress               486
+personalTitle           487
+mobileTelephoneNumber           488
+pagerTelephoneNumber            489
+friendlyCountryName             490
+organizationalStatus            491
+janetMailbox            492
+mailPreferenceOption            493
+buildingName            494
+dSAQuality              495
+singleLevelQuality              496
+subtreeMinimumQuality           497
+subtreeMaximumQuality           498
+personalSignature               499
+dITRedirect             500
+audio           501
+documentPublisher               502
+x500UniqueIdentifier            503
+mime_mhs                504
+mime_mhs_headings               505
+mime_mhs_bodies         506
+id_hex_partial_message          507
+id_hex_multipart_message                508
+generationQualifier             509
+pseudonym               510
+InternationalRA         511
+id_set          512
+set_ctype               513
+set_msgExt              514
+set_attr                515
+set_policy              516
+set_certExt             517
+set_brand               518
+setct_PANData           519
+setct_PANToken          520
+setct_PANOnly           521
+setct_OIData            522
+setct_PI                523
+setct_PIData            524
+setct_PIDataUnsigned            525
+setct_HODInput          526
+setct_AuthResBaggage            527
+setct_AuthRevReqBaggage         528
+setct_AuthRevResBaggage         529
+setct_CapTokenSeq               530
+setct_PInitResData              531
+setct_PI_TBS            532
+setct_PResData          533
+setct_AuthReqTBS                534
+setct_AuthResTBS                535
+setct_AuthResTBSX               536
+setct_AuthTokenTBS              537
+setct_CapTokenData              538
+setct_CapTokenTBS               539
+setct_AcqCardCodeMsg            540
+setct_AuthRevReqTBS             541
+setct_AuthRevResData            542
+setct_AuthRevResTBS             543
+setct_CapReqTBS         544
+setct_CapReqTBSX                545
+setct_CapResData                546
+setct_CapRevReqTBS              547
+setct_CapRevReqTBSX             548
+setct_CapRevResData             549
+setct_CredReqTBS                550
+setct_CredReqTBSX               551
+setct_CredResData               552
+setct_CredRevReqTBS             553
+setct_CredRevReqTBSX            554
+setct_CredRevResData            555
+setct_PCertReqData              556
+setct_PCertResTBS               557
+setct_BatchAdminReqData         558
+setct_BatchAdminResData         559
+setct_CardCInitResTBS           560
+setct_MeAqCInitResTBS           561
+setct_RegFormResTBS             562
+setct_CertReqData               563
+setct_CertReqTBS                564
+setct_CertResData               565
+setct_CertInqReqTBS             566
+setct_ErrorTBS          567
+setct_PIDualSignedTBE           568
+setct_PIUnsignedTBE             569
+setct_AuthReqTBE                570
+setct_AuthResTBE                571
+setct_AuthResTBEX               572
+setct_AuthTokenTBE              573
+setct_CapTokenTBE               574
+setct_CapTokenTBEX              575
+setct_AcqCardCodeMsgTBE         576
+setct_AuthRevReqTBE             577
+setct_AuthRevResTBE             578
+setct_AuthRevResTBEB            579
+setct_CapReqTBE         580
+setct_CapReqTBEX                581
+setct_CapResTBE         582
+setct_CapRevReqTBE              583
+setct_CapRevReqTBEX             584
+setct_CapRevResTBE              585
+setct_CredReqTBE                586
+setct_CredReqTBEX               587
+setct_CredResTBE                588
+setct_CredRevReqTBE             589
+setct_CredRevReqTBEX            590
+setct_CredRevResTBE             591
+setct_BatchAdminReqTBE          592
+setct_BatchAdminResTBE          593
+setct_RegFormReqTBE             594
+setct_CertReqTBE                595
+setct_CertReqTBEX               596
+setct_CertResTBE                597
+setct_CRLNotificationTBS                598
+setct_CRLNotificationResTBS             599
+setct_BCIDistributionTBS                600
+setext_genCrypt         601
+setext_miAuth           602
+setext_pinSecure                603
+setext_pinAny           604
+setext_track2           605
+setext_cv               606
+set_policy_root         607
+setCext_hashedRoot              608
+setCext_certType                609
+setCext_merchData               610
+setCext_cCertRequired           611
+setCext_tunneling               612
+setCext_setExt          613
+setCext_setQualf                614
+setCext_PGWYcapabilities                615
+setCext_TokenIdentifier         616
+setCext_Track2Data              617
+setCext_TokenType               618
+setCext_IssuerCapabilities              619
+setAttr_Cert            620
+setAttr_PGWYcap         621
+setAttr_TokenType               622
+setAttr_IssCap          623
+set_rootKeyThumb                624
+set_addPolicy           625
+setAttr_Token_EMV               626
+setAttr_Token_B0Prime           627
+setAttr_IssCap_CVM              628
+setAttr_IssCap_T2               629
+setAttr_IssCap_Sig              630
+setAttr_GenCryptgrm             631
+setAttr_T2Enc           632
+setAttr_T2cleartxt              633
+setAttr_TokICCsig               634
+setAttr_SecDevSig               635
+set_brand_IATA_ATA              636
+set_brand_Diners                637
+set_brand_AmericanExpress               638
+set_brand_JCB           639
+set_brand_Visa          640
+set_brand_MasterCard            641
+set_brand_Novus         642
+des_cdmf                643
+rsaOAEPEncryptionSET            644
+itu_t           645
+joint_iso_itu_t         646
+international_organizations             647
+ms_smartcard_login              648
+ms_upn          649
+aes_128_cfb1            650
+aes_192_cfb1            651
+aes_256_cfb1            652
+aes_128_cfb8            653
+aes_192_cfb8            654
+aes_256_cfb8            655
+des_cfb1                656
+des_cfb8                657
+des_ede3_cfb1           658
+des_ede3_cfb8           659
+streetAddress           660
+postalCode              661
+id_ppl          662
+proxyCertInfo           663
+id_ppl_anyLanguage              664
+id_ppl_inheritAll               665
+id_ppl_independent              666
+Independent             667
diff --git a/src/lib/libcrypto/objects/objects.README b/src/lib/libcrypto/objects/objects.README
new file mode 100644
index 0000000000..4d745508d8
--- /dev/null
+++ b/src/lib/libcrypto/objects/objects.README
@@ -0,0 +1,44 @@
+objects.txt syntax
+------------------
+
+To cover all the naming hacks that were previously in objects.h needed some
+kind of hacks in objects.txt.
+
+The basic syntax for adding an object is as follows:
+
+        1 2 3 4         : shortName     : Long Name
+
+                If the long name doesn't contain spaces, or no short name
+                exists, the long name is used as basis for the base name
+                in C.  Otherwise, the short name is used.
+
+                The base name (let's call it 'base') will then be used to
+                create the C macros SN_base, LN_base, NID_base and OBJ_base.
+
+                Note that if the base name contains spaces, dashes or periods,
+                those will be converte to underscore.
+
+Then there are some extra commands:
+
+        !Alias foo 1 2 3 4
+
+                This juts makes a name foo for an OID.  The C macro
+                OBJ_foo will be created as a result.
+
+        !Cname foo
+
+                This makes sure that the name foo will be used as base name
+                in C.
+
+        !module foo
+        1 2 3 4         : shortName     : Long Name
+        !global
+
+                The !module command was meant to define a kind of modularity.
+                What it does is to make sure the module name is prepended
+                to the base name.  !global turns this off.  This construction
+                is not recursive.
+
+Lines starting with # are treated as comments, as well as any line starting
+with ! and not matching the commands above.
+
diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h
new file mode 100644
index 0000000000..f859d859b8
--- /dev/null
+++ b/src/lib/libcrypto/objects/objects.h
@@ -0,0 +1,1044 @@
+/* crypto/objects/objects.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_OBJECTS_H
+#define HEADER_OBJECTS_H
+
+#define USE_OBJ_MAC
+
+#ifdef USE_OBJ_MAC
+#include <openssl/obj_mac.h>
+#else
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+
+#define SN_Algorithm                    "Algorithm"
+#define LN_algorithm                    "algorithm"
+#define NID_algorithm                   38
+#define OBJ_algorithm                   1L,3L,14L,3L,2L
+
+#define LN_rsadsi                       "rsadsi"
+#define NID_rsadsi                      1
+#define OBJ_rsadsi                      1L,2L,840L,113549L
+
+#define LN_pkcs                         "pkcs"
+#define NID_pkcs                        2
+#define OBJ_pkcs                        OBJ_rsadsi,1L
+
+#define SN_md2                          "MD2"
+#define LN_md2                          "md2"
+#define NID_md2                         3
+#define OBJ_md2                         OBJ_rsadsi,2L,2L
+
+#define SN_md5                          "MD5"
+#define LN_md5                          "md5"
+#define NID_md5                         4
+#define OBJ_md5                         OBJ_rsadsi,2L,5L
+
+#define SN_rc4                          "RC4"
+#define LN_rc4                          "rc4"
+#define NID_rc4                         5
+#define OBJ_rc4                         OBJ_rsadsi,3L,4L
+
+#define LN_rsaEncryption                "rsaEncryption"
+#define NID_rsaEncryption               6
+#define OBJ_rsaEncryption               OBJ_pkcs,1L,1L
+
+#define SN_md2WithRSAEncryption         "RSA-MD2"
+#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption        7
+#define OBJ_md2WithRSAEncryption        OBJ_pkcs,1L,2L
+
+#define SN_md5WithRSAEncryption         "RSA-MD5"
+#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption        8
+#define OBJ_md5WithRSAEncryption        OBJ_pkcs,1L,4L
+
+#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
+#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC        9
+#define OBJ_pbeWithMD2AndDES_CBC        OBJ_pkcs,5L,1L
+
+#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
+#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC        10
+#define OBJ_pbeWithMD5AndDES_CBC        OBJ_pkcs,5L,3L
+
+#define LN_X500                         "X500"
+#define NID_X500                        11
+#define OBJ_X500                        2L,5L
+
+#define LN_X509                         "X509"
+#define NID_X509                        12
+#define OBJ_X509                        OBJ_X500,4L
+
+#define SN_commonName                   "CN"
+#define LN_commonName                   "commonName"
+#define NID_commonName                  13
+#define OBJ_commonName                  OBJ_X509,3L
+
+#define SN_countryName                  "C"
+#define LN_countryName                  "countryName"
+#define NID_countryName                 14
+#define OBJ_countryName                 OBJ_X509,6L
+
+#define SN_localityName                 "L"
+#define LN_localityName                 "localityName"
+#define NID_localityName                15
+#define OBJ_localityName                OBJ_X509,7L
+
+/* Postal Address? PA */
+
+/* should be "ST" (rfc1327) but MS uses 'S' */
+#define SN_stateOrProvinceName          "ST"
+#define LN_stateOrProvinceName          "stateOrProvinceName"
+#define NID_stateOrProvinceName         16
+#define OBJ_stateOrProvinceName         OBJ_X509,8L
+
+#define SN_organizationName             "O"
+#define LN_organizationName             "organizationName"
+#define NID_organizationName            17
+#define OBJ_organizationName            OBJ_X509,10L
+
+#define SN_organizationalUnitName       "OU"
+#define LN_organizationalUnitName       "organizationalUnitName"
+#define NID_organizationalUnitName      18
+#define OBJ_organizationalUnitName      OBJ_X509,11L
+
+#define SN_rsa                          "RSA"
+#define LN_rsa                          "rsa"
+#define NID_rsa                         19
+#define OBJ_rsa                         OBJ_X500,8L,1L,1L
+
+#define LN_pkcs7                        "pkcs7"
+#define NID_pkcs7                       20
+#define OBJ_pkcs7                       OBJ_pkcs,7L
+
+#define LN_pkcs7_data                   "pkcs7-data"
+#define NID_pkcs7_data                  21
+#define OBJ_pkcs7_data                  OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed                 "pkcs7-signedData"
+#define NID_pkcs7_signed                22
+#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
+#define NID_pkcs7_enveloped             23
+#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped     "pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped    24
+#define OBJ_pkcs7_signedAndEnveloped    OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest                 "pkcs7-digestData"
+#define NID_pkcs7_digest                25
+#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
+#define NID_pkcs7_encrypted             26
+#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
+
+#define LN_pkcs3                        "pkcs3"
+#define NID_pkcs3                       27
+#define OBJ_pkcs3                       OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement               "dhKeyAgreement"
+#define NID_dhKeyAgreement              28
+#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
+
+#define SN_des_ecb                      "DES-ECB"
+#define LN_des_ecb                      "des-ecb"
+#define NID_des_ecb                     29
+#define OBJ_des_ecb                     OBJ_algorithm,6L
+
+#define SN_des_cfb64                    "DES-CFB"
+#define LN_des_cfb64                    "des-cfb"
+#define NID_des_cfb64                   30
+/* IV + num */
+#define OBJ_des_cfb64                   OBJ_algorithm,9L
+
+#define SN_des_cbc                      "DES-CBC"
+#define LN_des_cbc                      "des-cbc"
+#define NID_des_cbc                     31
+/* IV */
+#define OBJ_des_cbc                     OBJ_algorithm,7L
+
+#define SN_des_ede                      "DES-EDE"
+#define LN_des_ede                      "des-ede"
+#define NID_des_ede                     32
+/* ?? */
+#define OBJ_des_ede                     OBJ_algorithm,17L
+
+#define SN_des_ede3                     "DES-EDE3"
+#define LN_des_ede3                     "des-ede3"
+#define NID_des_ede3                    33
+
+#define SN_idea_cbc                     "IDEA-CBC"
+#define LN_idea_cbc                     "idea-cbc"
+#define NID_idea_cbc                    34
+#define OBJ_idea_cbc                    1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#define SN_idea_cfb64                   "IDEA-CFB"
+#define LN_idea_cfb64                   "idea-cfb"
+#define NID_idea_cfb64                  35
+
+#define SN_idea_ecb                     "IDEA-ECB"
+#define LN_idea_ecb                     "idea-ecb"
+#define NID_idea_ecb                    36
+
+#define SN_rc2_cbc                      "RC2-CBC"
+#define LN_rc2_cbc                      "rc2-cbc"
+#define NID_rc2_cbc                     37
+#define OBJ_rc2_cbc                     OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb                      "RC2-ECB"
+#define LN_rc2_ecb                      "rc2-ecb"
+#define NID_rc2_ecb                     38
+
+#define SN_rc2_cfb64                    "RC2-CFB"
+#define LN_rc2_cfb64                    "rc2-cfb"
+#define NID_rc2_cfb64                   39
+
+#define SN_rc2_ofb64                    "RC2-OFB"
+#define LN_rc2_ofb64                    "rc2-ofb"
+#define NID_rc2_ofb64                   40
+
+#define SN_sha                          "SHA"
+#define LN_sha                          "sha"
+#define NID_sha                         41
+#define OBJ_sha                         OBJ_algorithm,18L
+
+#define SN_shaWithRSAEncryption         "RSA-SHA"
+#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption        42
+#define OBJ_shaWithRSAEncryption        OBJ_algorithm,15L
+
+#define SN_des_ede_cbc                  "DES-EDE-CBC"
+#define LN_des_ede_cbc                  "des-ede-cbc"
+#define NID_des_ede_cbc                 43
+
+#define SN_des_ede3_cbc                 "DES-EDE3-CBC"
+#define LN_des_ede3_cbc                 "des-ede3-cbc"
+#define NID_des_ede3_cbc                44
+#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
+
+#define SN_des_ofb64                    "DES-OFB"
+#define LN_des_ofb64                    "des-ofb"
+#define NID_des_ofb64                   45
+#define OBJ_des_ofb64                   OBJ_algorithm,8L
+
+#define SN_idea_ofb64                   "IDEA-OFB"
+#define LN_idea_ofb64                   "idea-ofb"
+#define NID_idea_ofb64                  46
+
+#define LN_pkcs9                        "pkcs9"
+#define NID_pkcs9                       47
+#define OBJ_pkcs9                       OBJ_pkcs,9L
+
+#define SN_pkcs9_emailAddress           "Email"
+#define LN_pkcs9_emailAddress           "emailAddress"
+#define NID_pkcs9_emailAddress          48
+#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName       "unstructuredName"
+#define NID_pkcs9_unstructuredName      49
+#define OBJ_pkcs9_unstructuredName      OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType            "contentType"
+#define NID_pkcs9_contentType           50
+#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest          "messageDigest"
+#define NID_pkcs9_messageDigest         51
+#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime            "signingTime"
+#define NID_pkcs9_signingTime           52
+#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature       "countersignature"
+#define NID_pkcs9_countersignature      53
+#define OBJ_pkcs9_countersignature      OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword      "challengePassword"
+#define NID_pkcs9_challengePassword     54
+#define OBJ_pkcs9_challengePassword     OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress    "unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress   55
+#define OBJ_pkcs9_unstructuredAddress   OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes      "extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes     56
+#define OBJ_pkcs9_extCertAttributes     OBJ_pkcs9,9L
+
+#define SN_netscape                     "Netscape"
+#define LN_netscape                     "Netscape Communications Corp."
+#define NID_netscape                    57
+#define OBJ_netscape                    2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension      "nsCertExt"
+#define LN_netscape_cert_extension      "Netscape Certificate Extension"
+#define NID_netscape_cert_extension     58
+#define OBJ_netscape_cert_extension     OBJ_netscape,1L
+
+#define SN_netscape_data_type           "nsDataType"
+#define LN_netscape_data_type           "Netscape Data Type"
+#define NID_netscape_data_type          59
+#define OBJ_netscape_data_type          OBJ_netscape,2L
+
+#define SN_des_ede_cfb64                "DES-EDE-CFB"
+#define LN_des_ede_cfb64                "des-ede-cfb"
+#define NID_des_ede_cfb64               60
+
+#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
+#define LN_des_ede3_cfb64               "des-ede3-cfb"
+#define NID_des_ede3_cfb64              61
+
+#define SN_des_ede_ofb64                "DES-EDE-OFB"
+#define LN_des_ede_ofb64                "des-ede-ofb"
+#define NID_des_ede_ofb64               62
+
+#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
+#define LN_des_ede3_ofb64               "des-ede3-ofb"
+#define NID_des_ede3_ofb64              63
+
+/* I'm not sure about the object ID */
+#define SN_sha1                         "SHA1"
+#define LN_sha1                         "sha1"
+#define NID_sha1                        64
+#define OBJ_sha1                        OBJ_algorithm,26L
+/* 28 Jun 1996 - eay */
+/* #define OBJ_sha1                     1L,3L,14L,2L,26L,05L <- wrong */
+
+#define SN_sha1WithRSAEncryption        "RSA-SHA1"
+#define LN_sha1WithRSAEncryption        "sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption       65
+#define OBJ_sha1WithRSAEncryption       OBJ_pkcs,1L,5L
+
+#define SN_dsaWithSHA                   "DSA-SHA"
+#define LN_dsaWithSHA                   "dsaWithSHA"
+#define NID_dsaWithSHA                  66
+#define OBJ_dsaWithSHA                  OBJ_algorithm,13L
+
+#define SN_dsa_2                        "DSA-old"
+#define LN_dsa_2                        "dsaEncryption-old"
+#define NID_dsa_2                       67
+#define OBJ_dsa_2                       OBJ_algorithm,12L
+
+/* proposed by microsoft to RSA */
+#define SN_pbeWithSHA1AndRC2_CBC        "PBE-SHA1-RC2-64"
+#define LN_pbeWithSHA1AndRC2_CBC        "pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC       68
+#define OBJ_pbeWithSHA1AndRC2_CBC       OBJ_pkcs,5L,11L 
+
+/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
+ * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
+ * completely different.
+ */
+#define LN_id_pbkdf2                    "PBKDF2"
+#define NID_id_pbkdf2                   69
+#define OBJ_id_pbkdf2                   OBJ_pkcs,5L,12L 
+
+#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
+#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2               70
+/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
+#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
+
+#define SN_netscape_cert_type           "nsCertType"
+#define LN_netscape_cert_type           "Netscape Cert Type"
+#define NID_netscape_cert_type          71
+#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url            "nsBaseUrl"
+#define LN_netscape_base_url            "Netscape Base Url"
+#define NID_netscape_base_url           72
+#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url      "nsRevocationUrl"
+#define LN_netscape_revocation_url      "Netscape Revocation Url"
+#define NID_netscape_revocation_url     73
+#define OBJ_netscape_revocation_url     OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url   "nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url   "Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url  74
+#define OBJ_netscape_ca_revocation_url  OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url         "nsRenewalUrl"
+#define LN_netscape_renewal_url         "Netscape Renewal Url"
+#define NID_netscape_renewal_url        75
+#define OBJ_netscape_renewal_url        OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url       "nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url       "Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url      76
+#define OBJ_netscape_ca_policy_url      OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name     "nsSslServerName"
+#define LN_netscape_ssl_server_name     "Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name    77
+#define OBJ_netscape_ssl_server_name    OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment             "nsComment"
+#define LN_netscape_comment             "Netscape Comment"
+#define NID_netscape_comment            78
+#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence       "nsCertSequence"
+#define LN_netscape_cert_sequence       "Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence      79
+#define OBJ_netscape_cert_sequence      OBJ_netscape_data_type,5L
+
+#define SN_desx_cbc                     "DESX-CBC"
+#define LN_desx_cbc                     "desx-cbc"
+#define NID_desx_cbc                    80
+
+#define SN_id_ce                        "id-ce"
+#define NID_id_ce                       81
+#define OBJ_id_ce                       2L,5L,29L
+
+#define SN_subject_key_identifier       "subjectKeyIdentifier"
+#define LN_subject_key_identifier       "X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier      82
+#define OBJ_subject_key_identifier      OBJ_id_ce,14L
+
+#define SN_key_usage                    "keyUsage"
+#define LN_key_usage                    "X509v3 Key Usage"
+#define NID_key_usage                   83
+#define OBJ_key_usage                   OBJ_id_ce,15L
+
+#define SN_private_key_usage_period     "privateKeyUsagePeriod"
+#define LN_private_key_usage_period     "X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period    84
+#define OBJ_private_key_usage_period    OBJ_id_ce,16L
+
+#define SN_subject_alt_name             "subjectAltName"
+#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
+#define NID_subject_alt_name            85
+#define OBJ_subject_alt_name            OBJ_id_ce,17L
+
+#define SN_issuer_alt_name              "issuerAltName"
+#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name             86
+#define OBJ_issuer_alt_name             OBJ_id_ce,18L
+
+#define SN_basic_constraints            "basicConstraints"
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define NID_basic_constraints           87
+#define OBJ_basic_constraints           OBJ_id_ce,19L
+
+#define SN_crl_number                   "crlNumber"
+#define LN_crl_number                   "X509v3 CRL Number"
+#define NID_crl_number                  88
+#define OBJ_crl_number                  OBJ_id_ce,20L
+
+#define SN_certificate_policies         "certificatePolicies"
+#define LN_certificate_policies         "X509v3 Certificate Policies"
+#define NID_certificate_policies        89
+#define OBJ_certificate_policies        OBJ_id_ce,32L
+
+#define SN_authority_key_identifier     "authorityKeyIdentifier"
+#define LN_authority_key_identifier     "X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier    90
+#define OBJ_authority_key_identifier    OBJ_id_ce,35L
+
+#define SN_bf_cbc                       "BF-CBC"
+#define LN_bf_cbc                       "bf-cbc"
+#define NID_bf_cbc                      91
+#define OBJ_bf_cbc                      1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#define SN_bf_ecb                       "BF-ECB"
+#define LN_bf_ecb                       "bf-ecb"
+#define NID_bf_ecb                      92
+
+#define SN_bf_cfb64                     "BF-CFB"
+#define LN_bf_cfb64                     "bf-cfb"
+#define NID_bf_cfb64                    93
+
+#define SN_bf_ofb64                     "BF-OFB"
+#define LN_bf_ofb64                     "bf-ofb"
+#define NID_bf_ofb64                    94
+
+#define SN_mdc2                         "MDC2"
+#define LN_mdc2                         "mdc2"
+#define NID_mdc2                        95
+#define OBJ_mdc2                        2L,5L,8L,3L,101L
+/* An alternative?                      1L,3L,14L,3L,2L,19L */
+
+#define SN_mdc2WithRSA                  "RSA-MDC2"
+#define LN_mdc2WithRSA                  "mdc2withRSA"
+#define NID_mdc2WithRSA                 96
+#define OBJ_mdc2WithRSA                 2L,5L,8L,3L,100L
+
+#define SN_rc4_40                       "RC4-40"
+#define LN_rc4_40                       "rc4-40"
+#define NID_rc4_40                      97
+
+#define SN_rc2_40_cbc                   "RC2-40-CBC"
+#define LN_rc2_40_cbc                   "rc2-40-cbc"
+#define NID_rc2_40_cbc                  98
+
+#define SN_givenName                    "G"
+#define LN_givenName                    "givenName"
+#define NID_givenName                   99
+#define OBJ_givenName                   OBJ_X509,42L
+
+#define SN_surname                      "S"
+#define LN_surname                      "surname"
+#define NID_surname                     100
+#define OBJ_surname                     OBJ_X509,4L
+
+#define SN_initials                     "I"
+#define LN_initials                     "initials"
+#define NID_initials                    101
+#define OBJ_initials                    OBJ_X509,43L
+
+#define SN_uniqueIdentifier             "UID"
+#define LN_uniqueIdentifier             "uniqueIdentifier"
+#define NID_uniqueIdentifier            102
+#define OBJ_uniqueIdentifier            OBJ_X509,45L
+
+#define SN_crl_distribution_points      "crlDistributionPoints"
+#define LN_crl_distribution_points      "X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points     103
+#define OBJ_crl_distribution_points     OBJ_id_ce,31L
+
+#define SN_md5WithRSA                   "RSA-NP-MD5"
+#define LN_md5WithRSA                   "md5WithRSA"
+#define NID_md5WithRSA                  104
+#define OBJ_md5WithRSA                  OBJ_algorithm,3L
+
+#define SN_serialNumber                 "SN"
+#define LN_serialNumber                 "serialNumber"
+#define NID_serialNumber                105
+#define OBJ_serialNumber                OBJ_X509,5L
+
+#define SN_title                        "T"
+#define LN_title                        "title"
+#define NID_title                       106
+#define OBJ_title                       OBJ_X509,12L
+
+#define SN_description                  "D"
+#define LN_description                  "description"
+#define NID_description                 107
+#define OBJ_description                 OBJ_X509,13L
+
+/* CAST5 is CAST-128, I'm just sticking with the documentation */
+#define SN_cast5_cbc                    "CAST5-CBC"
+#define LN_cast5_cbc                    "cast5-cbc"
+#define NID_cast5_cbc                   108
+#define OBJ_cast5_cbc                   1L,2L,840L,113533L,7L,66L,10L
+
+#define SN_cast5_ecb                    "CAST5-ECB"
+#define LN_cast5_ecb                    "cast5-ecb"
+#define NID_cast5_ecb                   109
+
+#define SN_cast5_cfb64                  "CAST5-CFB"
+#define LN_cast5_cfb64                  "cast5-cfb"
+#define NID_cast5_cfb64                 110
+
+#define SN_cast5_ofb64                  "CAST5-OFB"
+#define LN_cast5_ofb64                  "cast5-ofb"
+#define NID_cast5_ofb64                 111
+
+#define LN_pbeWithMD5AndCast5_CBC       "pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC      112
+#define OBJ_pbeWithMD5AndCast5_CBC      1L,2L,840L,113533L,7L,66L,12L
+
+/* This is one sun will soon be using :-(
+ * id-dsa-with-sha1 ID  ::= {
+ *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
+ */
+#define SN_dsaWithSHA1                  "DSA-SHA1"
+#define LN_dsaWithSHA1                  "dsaWithSHA1"
+#define NID_dsaWithSHA1                 113
+#define OBJ_dsaWithSHA1                 1L,2L,840L,10040L,4L,3L
+
+#define NID_md5_sha1                    114
+#define SN_md5_sha1                     "MD5-SHA1"
+#define LN_md5_sha1                     "md5-sha1"
+
+#define SN_sha1WithRSA                  "RSA-SHA1-2"
+#define LN_sha1WithRSA                  "sha1WithRSA"
+#define NID_sha1WithRSA                 115
+#define OBJ_sha1WithRSA                 OBJ_algorithm,29L
+
+#define SN_dsa                          "DSA"
+#define LN_dsa                          "dsaEncryption"
+#define NID_dsa                         116
+#define OBJ_dsa                         1L,2L,840L,10040L,4L,1L
+
+#define SN_ripemd160                    "RIPEMD160"
+#define LN_ripemd160                    "ripemd160"
+#define NID_ripemd160                   117
+#define OBJ_ripemd160                   1L,3L,36L,3L,2L,1L
+
+/* The name should actually be rsaSignatureWithripemd160, but I'm going
+ * to continue using the convention I'm using with the other ciphers */
+#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
+#define LN_ripemd160WithRSA             "ripemd160WithRSA"
+#define NID_ripemd160WithRSA            119
+#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
+
+/* Taken from rfc2040
+ *  RC5_CBC_Parameters ::= SEQUENCE {
+ *      version           INTEGER (v1_0(16)),
+ *      rounds            INTEGER (8..127),
+ *      blockSizeInBits   INTEGER (64, 128),
+ *      iv                OCTET STRING OPTIONAL
+ *      }
+ */
+#define SN_rc5_cbc                      "RC5-CBC"
+#define LN_rc5_cbc                      "rc5-cbc"
+#define NID_rc5_cbc                     120
+#define OBJ_rc5_cbc                     OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb                      "RC5-ECB"
+#define LN_rc5_ecb                      "rc5-ecb"
+#define NID_rc5_ecb                     121
+
+#define SN_rc5_cfb64                    "RC5-CFB"
+#define LN_rc5_cfb64                    "rc5-cfb"
+#define NID_rc5_cfb64                   122
+
+#define SN_rc5_ofb64                    "RC5-OFB"
+#define LN_rc5_ofb64                    "rc5-ofb"
+#define NID_rc5_ofb64                   123
+
+#define SN_rle_compression              "RLE"
+#define LN_rle_compression              "run length compression"
+#define NID_rle_compression             124
+#define OBJ_rle_compression             1L,1L,1L,1L,666L,1L
+
+#define SN_zlib_compression             "ZLIB"
+#define LN_zlib_compression             "zlib compression"
+#define NID_zlib_compression            125
+#define OBJ_zlib_compression            1L,1L,1L,1L,666L,2L
+
+#define SN_ext_key_usage                "extendedKeyUsage"
+#define LN_ext_key_usage                "X509v3 Extended Key Usage"
+#define NID_ext_key_usage               126
+#define OBJ_ext_key_usage               OBJ_id_ce,37
+
+#define SN_id_pkix                      "PKIX"
+#define NID_id_pkix                     127
+#define OBJ_id_pkix                     1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_kp                        "id-kp"
+#define NID_id_kp                       128
+#define OBJ_id_kp                       OBJ_id_pkix,3L
+
+/* PKIX extended key usage OIDs */
+
+#define SN_server_auth                  "serverAuth"
+#define LN_server_auth                  "TLS Web Server Authentication"
+#define NID_server_auth                 129
+#define OBJ_server_auth                 OBJ_id_kp,1L
+
+#define SN_client_auth                  "clientAuth"
+#define LN_client_auth                  "TLS Web Client Authentication"
+#define NID_client_auth                 130
+#define OBJ_client_auth                 OBJ_id_kp,2L
+
+#define SN_code_sign                    "codeSigning"
+#define LN_code_sign                    "Code Signing"
+#define NID_code_sign                   131
+#define OBJ_code_sign                   OBJ_id_kp,3L
+
+#define SN_email_protect                "emailProtection"
+#define LN_email_protect                "E-mail Protection"
+#define NID_email_protect               132
+#define OBJ_email_protect               OBJ_id_kp,4L
+
+#define SN_time_stamp                   "timeStamping"
+#define LN_time_stamp                   "Time Stamping"
+#define NID_time_stamp                  133
+#define OBJ_time_stamp                  OBJ_id_kp,8L
+
+/* Additional extended key usage OIDs: Microsoft */
+
+#define SN_ms_code_ind                  "msCodeInd"
+#define LN_ms_code_ind                  "Microsoft Individual Code Signing"
+#define NID_ms_code_ind                 134
+#define OBJ_ms_code_ind                 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com                  "msCodeCom"
+#define LN_ms_code_com                  "Microsoft Commercial Code Signing"
+#define NID_ms_code_com                 135
+#define OBJ_ms_code_com                 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign                  "msCTLSign"
+#define LN_ms_ctl_sign                  "Microsoft Trust List Signing"
+#define NID_ms_ctl_sign                 136
+#define OBJ_ms_ctl_sign                 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc                       "msSGC"
+#define LN_ms_sgc                       "Microsoft Server Gated Crypto"
+#define NID_ms_sgc                      137
+#define OBJ_ms_sgc                      1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs                       "msEFS"
+#define LN_ms_efs                       "Microsoft Encrypted File System"
+#define NID_ms_efs                      138
+#define OBJ_ms_efs                      1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+/* Additional usage: Netscape */
+
+#define SN_ns_sgc                       "nsSGC"
+#define LN_ns_sgc                       "Netscape Server Gated Crypto"
+#define NID_ns_sgc                      139
+#define OBJ_ns_sgc                      OBJ_netscape,4L,1L
+
+#define SN_delta_crl                    "deltaCRL"
+#define LN_delta_crl                    "X509v3 Delta CRL Indicator"
+#define NID_delta_crl                   140
+#define OBJ_delta_crl                   OBJ_id_ce,27L
+
+#define SN_crl_reason                   "CRLReason"
+#define LN_crl_reason                   "CRL Reason Code"
+#define NID_crl_reason                  141
+#define OBJ_crl_reason                  OBJ_id_ce,21L
+
+#define SN_invalidity_date              "invalidityDate"
+#define LN_invalidity_date              "Invalidity Date"
+#define NID_invalidity_date             142
+#define OBJ_invalidity_date             OBJ_id_ce,24L
+
+#define SN_sxnet                        "SXNetID"
+#define LN_sxnet                        "Strong Extranet ID"
+#define NID_sxnet                       143
+#define OBJ_sxnet                       1L,3L,101L,1L,4L,1L
+
+/* PKCS12 and related OBJECT IDENTIFIERS */
+
+#define OBJ_pkcs12                      OBJ_pkcs,12L
+#define OBJ_pkcs12_pbeids               OBJ_pkcs12, 1
+
+#define SN_pbe_WithSHA1And128BitRC4     "PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4     "pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4    144
+#define OBJ_pbe_WithSHA1And128BitRC4    OBJ_pkcs12_pbeids, 1L
+
+#define SN_pbe_WithSHA1And40BitRC4      "PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4      "pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4     145
+#define OBJ_pbe_WithSHA1And40BitRC4     OBJ_pkcs12_pbeids, 2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC   "PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC   "pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC  146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC   "PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC   "pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC  147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC  OBJ_pkcs12_pbeids, 4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC        148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC        OBJ_pkcs12_pbeids, 5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC  "PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC  "pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC 149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L
+
+#define OBJ_pkcs12_Version1     OBJ_pkcs12, 10L
+
+#define OBJ_pkcs12_BagIds       OBJ_pkcs12_Version1, 1L
+
+#define LN_keyBag               "keyBag"
+#define NID_keyBag              150
+#define OBJ_keyBag              OBJ_pkcs12_BagIds, 1L
+
+#define LN_pkcs8ShroudedKeyBag  "pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag 151
+#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L
+
+#define LN_certBag              "certBag"
+#define NID_certBag             152
+#define OBJ_certBag             OBJ_pkcs12_BagIds, 3L
+
+#define LN_crlBag               "crlBag"
+#define NID_crlBag              153
+#define OBJ_crlBag              OBJ_pkcs12_BagIds, 4L
+
+#define LN_secretBag            "secretBag"
+#define NID_secretBag           154
+#define OBJ_secretBag           OBJ_pkcs12_BagIds, 5L
+
+#define LN_safeContentsBag      "safeContentsBag"
+#define NID_safeContentsBag     155
+#define OBJ_safeContentsBag     OBJ_pkcs12_BagIds, 6L
+
+#define LN_friendlyName         "friendlyName"
+#define NID_friendlyName        156
+#define OBJ_friendlyName        OBJ_pkcs9, 20L
+
+#define LN_localKeyID           "localKeyID"
+#define NID_localKeyID          157
+#define OBJ_localKeyID          OBJ_pkcs9, 21L
+
+#define OBJ_certTypes           OBJ_pkcs9, 22L
+
+#define LN_x509Certificate      "x509Certificate"
+#define NID_x509Certificate     158
+#define OBJ_x509Certificate     OBJ_certTypes, 1L
+
+#define LN_sdsiCertificate      "sdsiCertificate"
+#define NID_sdsiCertificate     159
+#define OBJ_sdsiCertificate     OBJ_certTypes, 2L
+
+#define OBJ_crlTypes            OBJ_pkcs9, 23L
+
+#define LN_x509Crl              "x509Crl"
+#define NID_x509Crl             160
+#define OBJ_x509Crl             OBJ_crlTypes, 1L
+
+/* PKCS#5 v2 OIDs */
+
+#define LN_pbes2                "PBES2"
+#define NID_pbes2               161
+#define OBJ_pbes2               OBJ_pkcs,5L,13L
+
+#define LN_pbmac1               "PBMAC1"
+#define NID_pbmac1              162
+#define OBJ_pbmac1              OBJ_pkcs,5L,14L
+
+#define LN_hmacWithSHA1         "hmacWithSHA1"
+#define NID_hmacWithSHA1        163
+#define OBJ_hmacWithSHA1        OBJ_rsadsi,2L,7L
+
+/* Policy Qualifier Ids */
+
+#define LN_id_qt_cps            "Policy Qualifier CPS"
+#define SN_id_qt_cps            "id-qt-cps"
+#define NID_id_qt_cps           164
+#define OBJ_id_qt_cps           OBJ_id_pkix,2L,1L
+
+#define LN_id_qt_unotice        "Policy Qualifier User Notice"
+#define SN_id_qt_unotice        "id-qt-unotice"
+#define NID_id_qt_unotice       165
+#define OBJ_id_qt_unotice       OBJ_id_pkix,2L,2L
+
+#define SN_rc2_64_cbc                   "RC2-64-CBC"
+#define LN_rc2_64_cbc                   "rc2-64-cbc"
+#define NID_rc2_64_cbc                  166
+
+#define SN_SMIMECapabilities            "SMIME-CAPS"
+#define LN_SMIMECapabilities            "S/MIME Capabilities"
+#define NID_SMIMECapabilities           167
+#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
+
+#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC        168
+#define OBJ_pbeWithMD2AndRC2_CBC        OBJ_pkcs,5L,4L
+
+#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC        169
+#define OBJ_pbeWithMD5AndRC2_CBC        OBJ_pkcs,5L,6L
+
+#define SN_pbeWithSHA1AndDES_CBC        "PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC        "pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC       170
+#define OBJ_pbeWithSHA1AndDES_CBC       OBJ_pkcs,5L,10L
+
+/* Extension request OIDs */
+
+#define LN_ms_ext_req                   "Microsoft Extension Request"
+#define SN_ms_ext_req                   "msExtReq"
+#define NID_ms_ext_req                  171
+#define OBJ_ms_ext_req                  1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define LN_ext_req                      "Extension Request"
+#define SN_ext_req                      "extReq"
+#define NID_ext_req                     172
+#define OBJ_ext_req                     OBJ_pkcs9,14L
+
+#define SN_name                         "name"
+#define LN_name                         "name"
+#define NID_name                        173
+#define OBJ_name                        OBJ_X509,41L
+
+#define SN_dnQualifier                  "dnQualifier"
+#define LN_dnQualifier                  "dnQualifier"
+#define NID_dnQualifier                 174
+#define OBJ_dnQualifier                 OBJ_X509,46L
+
+#define SN_id_pe                        "id-pe"
+#define NID_id_pe                       175
+#define OBJ_id_pe                       OBJ_id_pkix,1L
+
+#define SN_id_ad                        "id-ad"
+#define NID_id_ad                       176
+#define OBJ_id_ad                       OBJ_id_pkix,48L
+
+#define SN_info_access                  "authorityInfoAccess"
+#define LN_info_access                  "Authority Information Access"
+#define NID_info_access                 177
+#define OBJ_info_access                 OBJ_id_pe,1L
+
+#define SN_ad_OCSP                      "OCSP"
+#define LN_ad_OCSP                      "OCSP"
+#define NID_ad_OCSP                     178
+#define OBJ_ad_OCSP                     OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers                "caIssuers"
+#define LN_ad_ca_issuers                "CA Issuers"
+#define NID_ad_ca_issuers               179
+#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
+
+#define SN_OCSP_sign                    "OCSPSigning"
+#define LN_OCSP_sign                    "OCSP Signing"
+#define NID_OCSP_sign                   180
+#define OBJ_OCSP_sign                   OBJ_id_kp,9L
+#endif /* USE_OBJ_MAC */
+
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+
+#define OBJ_NAME_TYPE_UNDEF             0x00
+#define OBJ_NAME_TYPE_MD_METH           0x01
+#define OBJ_NAME_TYPE_CIPHER_METH       0x02
+#define OBJ_NAME_TYPE_PKEY_METH         0x03
+#define OBJ_NAME_TYPE_COMP_METH         0x04
+#define OBJ_NAME_TYPE_NUM               0x05
+
+#define OBJ_NAME_ALIAS          0x8000
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct obj_name_st
+        {
+        int type;
+        int alias;
+        const char *name;
+        const char *data;
+        } OBJ_NAME;
+
+#define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
+                       int (*cmp_func)(const char *, const char *),
+                       void (*free_func)(const char *, int, const char *));
+const char *OBJ_NAME_get(const char *name,int type);
+int OBJ_NAME_add(const char *name,int type,const char *data);
+int OBJ_NAME_remove(const char *name,int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),
+                     void *arg);
+void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
+                            void *arg);
+
+ASN1_OBJECT *   OBJ_dup(const ASN1_OBJECT *o);
+ASN1_OBJECT *   OBJ_nid2obj(int n);
+const char *    OBJ_nid2ln(int n);
+const char *    OBJ_nid2sn(int n);
+int             OBJ_obj2nid(const ASN1_OBJECT *o);
+ASN1_OBJECT *   OBJ_txt2obj(const char *s, int no_name);
+int     OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int             OBJ_txt2nid(const char *s);
+int             OBJ_ln2nid(const char *s);
+int             OBJ_sn2nid(const char *s);
+int             OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+const char *    OBJ_bsearch(const char *key,const char *base,int num,int size,
+        int (*cmp)(const void *, const void *));
+
+int             OBJ_new_nid(int num);
+int             OBJ_add_object(const ASN1_OBJECT *obj);
+int             OBJ_create(const char *oid,const char *sn,const char *ln);
+void            OBJ_cleanup(void );
+int             OBJ_create_objects(BIO *in);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_OBJ_strings(void);
+
+/* Error codes for the OBJ functions. */
+
+/* Function codes. */
+#define OBJ_F_OBJ_ADD_OBJECT                             105
+#define OBJ_F_OBJ_CREATE                                 100
+#define OBJ_F_OBJ_DUP                                    101
+#define OBJ_F_OBJ_NAME_NEW_INDEX                         106
+#define OBJ_F_OBJ_NID2LN                                 102
+#define OBJ_F_OBJ_NID2OBJ                                103
+#define OBJ_F_OBJ_NID2SN                                 104
+
+/* Reason codes. */
+#define OBJ_R_MALLOC_FAILURE                             100
+#define OBJ_R_UNKNOWN_NID                                101
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/objects/objects.pl b/src/lib/libcrypto/objects/objects.pl
new file mode 100644
index 0000000000..76bb8da677
--- /dev/null
+++ b/src/lib/libcrypto/objects/objects.pl
@@ -0,0 +1,230 @@
+#!/usr/local/bin/perl
+
+open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
+$max_nid=0;
+$o=0;
+while(<NUMIN>)
+        {
+        chop;
+        $o++;
+        s/#.*$//;
+        next if /^\s*$/;
+        $_ = 'X'.$_;
+        ($Cname,$mynum) = split;
+        $Cname =~ s/^X//;
+        if (defined($nidn{$mynum}))
+                { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+        $nid{$Cname} = $mynum;
+        $nidn{$mynum} = $Cname;
+        $order{$mynum} = $o;
+        $max_nid = $mynum if $mynum > $max_nid;
+        }
+close NUMIN;
+
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+$Cname="";
+$o=0;
+while (<IN>)
+        {
+        chop;
+        $o++;
+        if (/^!module\s+(.*)$/)
+                {
+                $module = $1."-";
+                $module =~ s/\./_/g;
+                $module =~ s/-/_/g;
+                }
+        if (/^!global$/)
+                { $module = ""; }
+        if (/^!Cname\s+(.*)$/)
+                { $Cname = $1; }
+        if (/^!Alias\s+(.+?)\s+(.*)$/)
+                {
+                $Cname = $module.$1;
+                $myoid = $2;
+                $myoid = &process_oid($myoid);
+                $Cname =~ s/-/_/g;
+                $ordern{$o} = $Cname;
+                $order{$Cname} = $o;
+                $obj{$Cname} = $myoid;
+                $_ = "";
+                $Cname = "";
+                }
+        s/!.*$//;
+        s/#.*$//;
+        next if /^\s*$/;
+        ($myoid,$mysn,$myln) = split ':';
+        $mysn =~ s/^\s*//;
+        $mysn =~ s/\s*$//;
+        $myln =~ s/^\s*//;
+        $myln =~ s/\s*$//;
+        $myoid =~ s/^\s*//;
+        $myoid =~ s/\s*$//;
+        if ($myoid ne "")
+                {
+                $myoid = &process_oid($myoid);
+                }
+
+        if ($Cname eq "" && !($myln =~ / /))
+                {
+                $Cname = $myln;
+                $Cname =~ s/\./_/g;
+                $Cname =~ s/-/_/g;
+                if ($Cname ne "" && defined($ln{$module.$Cname}))
+                        { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+                }
+        if ($Cname eq "")
+                {
+                $Cname = $mysn;
+                $Cname =~ s/-/_/g;
+                if ($Cname ne "" && defined($sn{$module.$Cname}))
+                        { die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+                }
+        if ($Cname eq "")
+                {
+                $Cname = $myln;
+                $Cname =~ s/-/_/g;
+                $Cname =~ s/\./_/g;
+                $Cname =~ s/ /_/g;
+                if ($Cname ne "" && defined($ln{$module.$Cname}))
+                        { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+                }
+        $Cname =~ s/\./_/g;
+        $Cname =~ s/-/_/g;
+        $Cname = $module.$Cname;
+        $ordern{$o} = $Cname;
+        $order{$Cname} = $o;
+        $sn{$Cname} = $mysn;
+        $ln{$Cname} = $myln;
+        $obj{$Cname} = $myoid;
+        if (!defined($nid{$Cname}))
+                {
+                $max_nid++;
+                $nid{$Cname} = $max_nid;
+                $nidn{$max_nid} = $Cname;
+                }
+        $Cname="";
+        }
+close IN;
+
+#XXX don't modify input files
+#open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+#foreach (sort { $a <=> $b } keys %nidn)
+#       {
+#       print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+#       }
+#close NUMOUT;
+
+open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+print OUT <<'EOF';
+/* crypto/objects/obj_mac.h */
+
+/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+ * following command:
+ * perl objects.pl objects.txt obj_mac.num obj_mac.h
+ */
+
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+
+EOF
+
+foreach (sort { $a <=> $b } keys %ordern)
+        {
+        $Cname=$ordern{$_};
+        print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
+        print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
+        print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
+        print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
+        print OUT "\n";
+        }
+
+close OUT;
+
+sub process_oid
+        {
+        local($oid)=@_;
+        local(@a,$oid_pref);
+
+        @a = split(/\s+/,$myoid);
+        $pref_oid = "";
+        $pref_sep = "";
+        if (!($a[0] =~ /^[0-9]+$/))
+                {
+                $a[0] =~ s/-/_/g;
+                if (!defined($obj{$a[0]}))
+                        { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
+                $pref_oid = "OBJ_" . $a[0];
+                $pref_sep = ",";
+                shift @a;
+                }
+        $oids = join('L,',@a) . "L";
+        if ($oids ne "L")
+                {
+                $oids = $pref_oid . $pref_sep . $oids;
+                }
+        else
+                {
+                $oids = $pref_oid;
+                }
+        return($oids);
+        }
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
new file mode 100644
index 0000000000..50e9031e61
--- /dev/null
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -0,0 +1,938 @@
+0                       : CCITT                 : ccitt
+
+1                       : ISO                   : iso
+
+2                       : JOINT-ISO-CCITT       : joint-iso-ccitt
+
+iso 2                   : member-body           : ISO Member Body
+
+joint-iso-ccitt 5 1 5   : selected-attribute-types      : Selected Attribute Types
+
+selected-attribute-types 55     : clearance
+
+member-body 840         : ISO-US                : ISO US Member Body
+ISO-US 10040            : X9-57                 : X9.57
+X9-57 4                 : X9cm                  : X9.57 CM ?
+
+!Cname dsa
+X9cm 1                  : DSA                   : dsaEncryption
+X9cm 3                  : DSA-SHA1              : dsaWithSHA1
+
+
+ISO-US 10045            : ansi-X9-62            : ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1            : prime-field
+X9-62_id-fieldType 2            : characteristic-two-field
+# ... characteristic-two-field OID subtree
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1        : id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+# ... characteristic 2 curve OIDs
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1              : prime192v1
+X9-62_primeCurve 2              : prime192v2
+X9-62_primeCurve 3              : prime192v3
+X9-62_primeCurve 4              : prime239v1
+X9-62_primeCurve 5              : prime239v2
+X9-62_primeCurve 6              : prime239v3
+X9-62_primeCurve 7              : prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1            : ecdsa-with-SHA1
+
+
+
+ISO-US 113533 7 66 10   : CAST5-CBC             : cast5-cbc
+                        : CAST5-ECB             : cast5-ecb
+!Cname cast5-cfb64
+                        : CAST5-CFB             : cast5-cfb
+!Cname cast5-ofb64
+                        : CAST5-OFB             : cast5-ofb
+!Cname pbeWithMD5AndCast5-CBC
+ISO-US 113533 7 66 12   :                       : pbeWithMD5AndCast5CBC
+
+ISO-US 113549           : rsadsi                : RSA Data Security, Inc.
+
+rsadsi 1                : pkcs                  : RSA Data Security, Inc. PKCS
+
+pkcs 1                  : pkcs1
+pkcs1 1                 :                       : rsaEncryption
+pkcs1 2                 : RSA-MD2               : md2WithRSAEncryption
+pkcs1 3                 : RSA-MD4               : md4WithRSAEncryption
+pkcs1 4                 : RSA-MD5               : md5WithRSAEncryption
+pkcs1 5                 : RSA-SHA1              : sha1WithRSAEncryption
+
+pkcs 3                  : pkcs3
+pkcs3 1                 :                       : dhKeyAgreement
+
+pkcs 5                  : pkcs5
+pkcs5 1                 : PBE-MD2-DES           : pbeWithMD2AndDES-CBC
+pkcs5 3                 : PBE-MD5-DES           : pbeWithMD5AndDES-CBC
+pkcs5 4                 : PBE-MD2-RC2-64        : pbeWithMD2AndRC2-CBC
+pkcs5 6                 : PBE-MD5-RC2-64        : pbeWithMD5AndRC2-CBC
+pkcs5 10                : PBE-SHA1-DES          : pbeWithSHA1AndDES-CBC
+pkcs5 11                : PBE-SHA1-RC2-64       : pbeWithSHA1AndRC2-CBC
+!Cname id_pbkdf2
+pkcs5 12                :                       : PBKDF2
+!Cname pbes2
+pkcs5 13                :                       : PBES2
+!Cname pbmac1
+pkcs5 14                :                       : PBMAC1
+
+pkcs 7                  : pkcs7
+pkcs7 1                 :                       : pkcs7-data
+!Cname pkcs7-signed
+pkcs7 2                 :                       : pkcs7-signedData
+!Cname pkcs7-enveloped
+pkcs7 3                 :                       : pkcs7-envelopedData
+!Cname pkcs7-signedAndEnveloped
+pkcs7 4                 :                       : pkcs7-signedAndEnvelopedData
+!Cname pkcs7-digest
+pkcs7 5                 :                       : pkcs7-digestData
+!Cname pkcs7-encrypted
+pkcs7 6                 :                       : pkcs7-encryptedData
+
+pkcs 9                  : pkcs9
+!module pkcs9
+pkcs9 1                 :                       : emailAddress
+pkcs9 2                 :                       : unstructuredName
+pkcs9 3                 :                       : contentType
+pkcs9 4                 :                       : messageDigest
+pkcs9 5                 :                       : signingTime
+pkcs9 6                 :                       : countersignature
+pkcs9 7                 :                       : challengePassword
+pkcs9 8                 :                       : unstructuredAddress
+!Cname extCertAttributes
+pkcs9 9                 :                       : extendedCertificateAttributes
+!global
+
+!Cname ext-req
+pkcs9 14                : extReq                : Extension Request
+
+!Cname SMIMECapabilities
+pkcs9 15                : SMIME-CAPS            : S/MIME Capabilities
+
+# S/MIME
+!Cname SMIME
+pkcs9 16                : SMIME                 : S/MIME
+SMIME 0                 : id-smime-mod
+SMIME 1                 : id-smime-ct
+SMIME 2                 : id-smime-aa
+SMIME 3                 : id-smime-alg
+SMIME 4                 : id-smime-cd
+SMIME 5                 : id-smime-spq
+SMIME 6                 : id-smime-cti
+
+# S/MIME Modules
+id-smime-mod 1          : id-smime-mod-cms
+id-smime-mod 2          : id-smime-mod-ess
+id-smime-mod 3          : id-smime-mod-oid
+id-smime-mod 4          : id-smime-mod-msg-v3
+id-smime-mod 5          : id-smime-mod-ets-eSignature-88
+id-smime-mod 6          : id-smime-mod-ets-eSignature-97
+id-smime-mod 7          : id-smime-mod-ets-eSigPolicy-88
+id-smime-mod 8          : id-smime-mod-ets-eSigPolicy-97
+
+# S/MIME Content Types
+id-smime-ct 1           : id-smime-ct-receipt
+id-smime-ct 2           : id-smime-ct-authData
+id-smime-ct 3           : id-smime-ct-publishCert
+id-smime-ct 4           : id-smime-ct-TSTInfo
+id-smime-ct 5           : id-smime-ct-TDTInfo
+id-smime-ct 6           : id-smime-ct-contentInfo
+id-smime-ct 7           : id-smime-ct-DVCSRequestData
+id-smime-ct 8           : id-smime-ct-DVCSResponseData
+
+# S/MIME Attributes
+id-smime-aa 1           : id-smime-aa-receiptRequest
+id-smime-aa 2           : id-smime-aa-securityLabel
+id-smime-aa 3           : id-smime-aa-mlExpandHistory
+id-smime-aa 4           : id-smime-aa-contentHint
+id-smime-aa 5           : id-smime-aa-msgSigDigest
+# obsolete
+id-smime-aa 6           : id-smime-aa-encapContentType
+id-smime-aa 7           : id-smime-aa-contentIdentifier
+# obsolete
+id-smime-aa 8           : id-smime-aa-macValue
+id-smime-aa 9           : id-smime-aa-equivalentLabels
+id-smime-aa 10          : id-smime-aa-contentReference
+id-smime-aa 11          : id-smime-aa-encrypKeyPref
+id-smime-aa 12          : id-smime-aa-signingCertificate
+id-smime-aa 13          : id-smime-aa-smimeEncryptCerts
+id-smime-aa 14          : id-smime-aa-timeStampToken
+id-smime-aa 15          : id-smime-aa-ets-sigPolicyId
+id-smime-aa 16          : id-smime-aa-ets-commitmentType
+id-smime-aa 17          : id-smime-aa-ets-signerLocation
+id-smime-aa 18          : id-smime-aa-ets-signerAttr
+id-smime-aa 19          : id-smime-aa-ets-otherSigCert
+id-smime-aa 20          : id-smime-aa-ets-contentTimestamp
+id-smime-aa 21          : id-smime-aa-ets-CertificateRefs
+id-smime-aa 22          : id-smime-aa-ets-RevocationRefs
+id-smime-aa 23          : id-smime-aa-ets-certValues
+id-smime-aa 24          : id-smime-aa-ets-revocationValues
+id-smime-aa 25          : id-smime-aa-ets-escTimeStamp
+id-smime-aa 26          : id-smime-aa-ets-certCRLTimestamp
+id-smime-aa 27          : id-smime-aa-ets-archiveTimeStamp
+id-smime-aa 28          : id-smime-aa-signatureType
+id-smime-aa 29          : id-smime-aa-dvcs-dvc
+
+# S/MIME Algorithm Identifiers
+# obsolete
+id-smime-alg 1          : id-smime-alg-ESDHwith3DES
+# obsolete
+id-smime-alg 2          : id-smime-alg-ESDHwithRC2
+# obsolete
+id-smime-alg 3          : id-smime-alg-3DESwrap
+# obsolete
+id-smime-alg 4          : id-smime-alg-RC2wrap
+id-smime-alg 5          : id-smime-alg-ESDH
+id-smime-alg 6          : id-smime-alg-CMS3DESwrap
+id-smime-alg 7          : id-smime-alg-CMSRC2wrap
+
+# S/MIME Certificate Distribution
+id-smime-cd 1           : id-smime-cd-ldap
+
+# S/MIME Signature Policy Qualifier
+id-smime-spq 1          : id-smime-spq-ets-sqt-uri
+id-smime-spq 2          : id-smime-spq-ets-sqt-unotice
+
+# S/MIME Commitment Type Identifier
+id-smime-cti 1          : id-smime-cti-ets-proofOfOrigin
+id-smime-cti 2          : id-smime-cti-ets-proofOfReceipt
+id-smime-cti 3          : id-smime-cti-ets-proofOfDelivery
+id-smime-cti 4          : id-smime-cti-ets-proofOfSender
+id-smime-cti 5          : id-smime-cti-ets-proofOfApproval
+id-smime-cti 6          : id-smime-cti-ets-proofOfCreation
+
+pkcs9 20                :                       : friendlyName
+pkcs9 21                :                       : localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1    : CSPName               : Microsoft CSP Name
+!Alias certTypes pkcs9 22
+certTypes 1             :                       : x509Certificate
+certTypes 2             :                       : sdsiCertificate
+!Alias crlTypes pkcs9 23
+crlTypes 1              :                       : x509Crl
+
+!Alias pkcs12 pkcs 12
+!Alias pkcs12-pbeids pkcs12 1
+
+!Cname pbe-WithSHA1And128BitRC4
+pkcs12-pbeids 1         : PBE-SHA1-RC4-128      : pbeWithSHA1And128BitRC4
+!Cname pbe-WithSHA1And40BitRC4
+pkcs12-pbeids 2         : PBE-SHA1-RC4-40       : pbeWithSHA1And40BitRC4
+!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
+pkcs12-pbeids 3         : PBE-SHA1-3DES         : pbeWithSHA1And3-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
+pkcs12-pbeids 4         : PBE-SHA1-2DES         : pbeWithSHA1And2-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And128BitRC2-CBC
+pkcs12-pbeids 5         : PBE-SHA1-RC2-128      : pbeWithSHA1And128BitRC2-CBC
+!Cname pbe-WithSHA1And40BitRC2-CBC
+pkcs12-pbeids 6         : PBE-SHA1-RC2-40       : pbeWithSHA1And40BitRC2-CBC
+
+!Alias pkcs12-Version1 pkcs12 10
+!Alias pkcs12-BagIds pkcs12-Version1 1
+pkcs12-BagIds 1         :                       : keyBag
+pkcs12-BagIds 2         :                       : pkcs8ShroudedKeyBag
+pkcs12-BagIds 3         :                       : certBag
+pkcs12-BagIds 4         :                       : crlBag
+pkcs12-BagIds 5         :                       : secretBag
+pkcs12-BagIds 6         :                       : safeContentsBag
+
+rsadsi 2 2              : MD2                   : md2
+rsadsi 2 4              : MD4                   : md4
+rsadsi 2 5              : MD5                   : md5
+                        : MD5-SHA1              : md5-sha1
+rsadsi 2 7              :                       : hmacWithSHA1
+rsadsi 3 2              : RC2-CBC               : rc2-cbc
+                        : RC2-ECB               : rc2-ecb
+!Cname rc2-cfb64
+                        : RC2-CFB               : rc2-cfb
+!Cname rc2-ofb64
+                        : RC2-OFB               : rc2-ofb
+                        : RC2-40-CBC            : rc2-40-cbc
+                        : RC2-64-CBC            : rc2-64-cbc
+rsadsi 3 4              : RC4                   : rc4
+                        : RC4-40                : rc4-40
+rsadsi 3 7              : DES-EDE3-CBC          : des-ede3-cbc
+rsadsi 3 8              : RC5-CBC               : rc5-cbc
+                        : RC5-ECB               : rc5-ecb
+!Cname rc5-cfb64
+                        : RC5-CFB               : rc5-cfb
+!Cname rc5-ofb64
+                        : RC5-OFB               : rc5-ofb
+
+!Cname ms-ext-req
+1 3 6 1 4 1 311 2 1 14  : msExtReq              : Microsoft Extension Request
+!Cname ms-code-ind
+1 3 6 1 4 1 311 2 1 21  : msCodeInd             : Microsoft Individual Code Signing
+!Cname ms-code-com
+1 3 6 1 4 1 311 2 1 22  : msCodeCom             : Microsoft Commercial Code Signing
+!Cname ms-ctl-sign
+1 3 6 1 4 1 311 10 3 1  : msCTLSign             : Microsoft Trust List Signing
+!Cname ms-sgc
+1 3 6 1 4 1 311 10 3 3  : msSGC                 : Microsoft Server Gated Crypto
+!Cname ms-efs
+1 3 6 1 4 1 311 10 3 4  : msEFS                 : Microsoft Encrypted File System
+!Cname ms-smartcard-login
+1 3 6 1 4 1 311 20 2 2  : msSmartcardLogin      : Microsoft Smartcardlogin
+!Cname ms-upn
+1 3 6 1 4 1 311 20 2 3  : msUPN                 : Microsoft Universal Principal Name
+
+1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC              : idea-cbc
+                        : IDEA-ECB              : idea-ecb
+!Cname idea-cfb64
+                        : IDEA-CFB              : idea-cfb
+!Cname idea-ofb64
+                        : IDEA-OFB              : idea-ofb
+
+1 3 6 1 4 1 3029 1 2    : BF-CBC                : bf-cbc
+                        : BF-ECB                : bf-ecb
+!Cname bf-cfb64
+                        : BF-CFB                : bf-cfb
+!Cname bf-ofb64
+                        : BF-OFB                : bf-ofb
+
+!Cname id-pkix
+1 3 6 1 5 5 7           : PKIX
+
+# PKIX Arcs
+id-pkix 0               : id-pkix-mod
+id-pkix 1               : id-pe
+id-pkix 2               : id-qt
+id-pkix 3               : id-kp
+id-pkix 4               : id-it
+id-pkix 5               : id-pkip
+id-pkix 6               : id-alg
+id-pkix 7               : id-cmc
+id-pkix 8               : id-on
+id-pkix 9               : id-pda
+id-pkix 10              : id-aca
+id-pkix 11              : id-qcs
+id-pkix 12              : id-cct
+id-pkix 21              : id-ppl
+id-pkix 48              : id-ad
+
+# PKIX Modules
+id-pkix-mod 1           : id-pkix1-explicit-88
+id-pkix-mod 2           : id-pkix1-implicit-88
+id-pkix-mod 3           : id-pkix1-explicit-93
+id-pkix-mod 4           : id-pkix1-implicit-93
+id-pkix-mod 5           : id-mod-crmf
+id-pkix-mod 6           : id-mod-cmc
+id-pkix-mod 7           : id-mod-kea-profile-88
+id-pkix-mod 8           : id-mod-kea-profile-93
+id-pkix-mod 9           : id-mod-cmp
+id-pkix-mod 10          : id-mod-qualified-cert-88
+id-pkix-mod 11          : id-mod-qualified-cert-93
+id-pkix-mod 12          : id-mod-attribute-cert
+id-pkix-mod 13          : id-mod-timestamp-protocol
+id-pkix-mod 14          : id-mod-ocsp
+id-pkix-mod 15          : id-mod-dvcs
+id-pkix-mod 16          : id-mod-cmp2000
+
+# PKIX Private Extensions
+!Cname info-access
+id-pe 1                 : authorityInfoAccess   : Authority Information Access
+id-pe 2                 : biometricInfo         : Biometric Info
+id-pe 3                 : qcStatements
+id-pe 4                 : ac-auditEntity
+id-pe 5                 : ac-targeting
+id-pe 6                 : aaControls
+id-pe 7                 : sbqp-ipAddrBlock
+id-pe 8                 : sbqp-autonomousSysNum
+id-pe 9                 : sbqp-routerIdentifier
+id-pe 10                : ac-proxying
+!Cname sinfo-access
+id-pe 11                : subjectInfoAccess     : Subject Information Access
+id-pe 14                : proxyCertInfo         : Proxy Certificate Information
+
+# PKIX policyQualifiers for Internet policy qualifiers
+id-qt 1                 : id-qt-cps             : Policy Qualifier CPS
+id-qt 2                 : id-qt-unotice         : Policy Qualifier User Notice
+id-qt 3                 : textNotice
+
+# PKIX key purpose identifiers
+!Cname server-auth
+id-kp 1                 : serverAuth            : TLS Web Server Authentication
+!Cname client-auth
+id-kp 2                 : clientAuth            : TLS Web Client Authentication
+!Cname code-sign
+id-kp 3                 : codeSigning           : Code Signing
+!Cname email-protect
+id-kp 4                 : emailProtection       : E-mail Protection
+id-kp 5                 : ipsecEndSystem        : IPSec End System
+id-kp 6                 : ipsecTunnel           : IPSec Tunnel
+id-kp 7                 : ipsecUser             : IPSec User
+!Cname time-stamp
+id-kp 8                 : timeStamping          : Time Stamping
+# From OCSP spec RFC2560
+!Cname OCSP-sign
+id-kp 9                 : OCSPSigning           : OCSP Signing
+id-kp 10                : DVCS                  : dvcs
+
+# CMP information types
+id-it 1                 : id-it-caProtEncCert
+id-it 2                 : id-it-signKeyPairTypes
+id-it 3                 : id-it-encKeyPairTypes
+id-it 4                 : id-it-preferredSymmAlg
+id-it 5                 : id-it-caKeyUpdateInfo
+id-it 6                 : id-it-currentCRL
+id-it 7                 : id-it-unsupportedOIDs
+# obsolete
+id-it 8                 : id-it-subscriptionRequest
+# obsolete
+id-it 9                 : id-it-subscriptionResponse
+id-it 10                : id-it-keyPairParamReq
+id-it 11                : id-it-keyPairParamRep
+id-it 12                : id-it-revPassphrase
+id-it 13                : id-it-implicitConfirm
+id-it 14                : id-it-confirmWaitTime
+id-it 15                : id-it-origPKIMessage
+
+# CRMF registration
+id-pkip 1               : id-regCtrl
+id-pkip 2               : id-regInfo
+
+# CRMF registration controls
+id-regCtrl 1            : id-regCtrl-regToken
+id-regCtrl 2            : id-regCtrl-authenticator
+id-regCtrl 3            : id-regCtrl-pkiPublicationInfo
+id-regCtrl 4            : id-regCtrl-pkiArchiveOptions
+id-regCtrl 5            : id-regCtrl-oldCertID
+id-regCtrl 6            : id-regCtrl-protocolEncrKey
+
+# CRMF registration information
+id-regInfo 1            : id-regInfo-utf8Pairs
+id-regInfo 2            : id-regInfo-certReq
+
+# algorithms
+id-alg 1                : id-alg-des40
+id-alg 2                : id-alg-noSignature
+id-alg 3                : id-alg-dh-sig-hmac-sha1
+id-alg 4                : id-alg-dh-pop
+
+# CMC controls
+id-cmc 1                : id-cmc-statusInfo
+id-cmc 2                : id-cmc-identification
+id-cmc 3                : id-cmc-identityProof
+id-cmc 4                : id-cmc-dataReturn
+id-cmc 5                : id-cmc-transactionId
+id-cmc 6                : id-cmc-senderNonce
+id-cmc 7                : id-cmc-recipientNonce
+id-cmc 8                : id-cmc-addExtensions
+id-cmc 9                : id-cmc-encryptedPOP
+id-cmc 10               : id-cmc-decryptedPOP
+id-cmc 11               : id-cmc-lraPOPWitness
+id-cmc 15               : id-cmc-getCert
+id-cmc 16               : id-cmc-getCRL
+id-cmc 17               : id-cmc-revokeRequest
+id-cmc 18               : id-cmc-regInfo
+id-cmc 19               : id-cmc-responseInfo
+id-cmc 21               : id-cmc-queryPending
+id-cmc 22               : id-cmc-popLinkRandom
+id-cmc 23               : id-cmc-popLinkWitness
+id-cmc 24               : id-cmc-confirmCertAcceptance 
+
+# other names
+id-on 1                 : id-on-personalData
+
+# personal data attributes
+id-pda 1                : id-pda-dateOfBirth
+id-pda 2                : id-pda-placeOfBirth
+id-pda 3                : id-pda-gender
+id-pda 4                : id-pda-countryOfCitizenship
+id-pda 5                : id-pda-countryOfResidence
+
+# attribute certificate attributes
+id-aca 1                : id-aca-authenticationInfo
+id-aca 2                : id-aca-accessIdentity
+id-aca 3                : id-aca-chargingIdentity
+id-aca 4                : id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
+id-aca 5                : id-aca-role
+id-aca 6                : id-aca-encAttrs
+
+# qualified certificate statements
+id-qcs 1                : id-qcs-pkixQCSyntax-v1
+
+# CMC content types
+id-cct 1                : id-cct-crs
+id-cct 2                : id-cct-PKIData
+id-cct 3                : id-cct-PKIResponse
+
+# Predefined Proxy Certificate policy languages
+id-ppl 0                : id-ppl-anyLanguage    : Any language
+id-ppl 1                : id-ppl-inheritAll     : Inherit all
+id-ppl 2                : id-ppl-independent    : Independent
+
+# access descriptors for authority info access extension
+!Cname ad-OCSP
+id-ad 1                 : OCSP                  : OCSP
+!Cname ad-ca-issuers
+id-ad 2                 : caIssuers             : CA Issuers
+!Cname ad-timeStamping
+id-ad 3                 : ad_timestamping       : AD Time Stamping
+!Cname ad-dvcs
+id-ad 4                 : AD_DVCS               : ad dvcs
+
+
+!Alias id-pkix-OCSP ad-OCSP
+!module id-pkix-OCSP
+!Cname basic
+id-pkix-OCSP 1          : basicOCSPResponse     : Basic OCSP Response
+id-pkix-OCSP 2          : Nonce                 : OCSP Nonce
+id-pkix-OCSP 3          : CrlID                 : OCSP CRL ID
+id-pkix-OCSP 4          : acceptableResponses   : Acceptable OCSP Responses
+id-pkix-OCSP 5          : noCheck               : OCSP No Check
+id-pkix-OCSP 6          : archiveCutoff         : OCSP Archive Cutoff
+id-pkix-OCSP 7          : serviceLocator        : OCSP Service Locator
+id-pkix-OCSP 8          : extendedStatus        : Extended OCSP Status
+id-pkix-OCSP 9          : valid
+id-pkix-OCSP 10         : path
+id-pkix-OCSP 11         : trustRoot             : Trust Root
+!global
+
+1 3 14 3 2              : algorithm             : algorithm
+algorithm 3             : RSA-NP-MD5            : md5WithRSA
+algorithm 6             : DES-ECB               : des-ecb
+algorithm 7             : DES-CBC               : des-cbc
+!Cname des-ofb64
+algorithm 8             : DES-OFB               : des-ofb
+!Cname des-cfb64
+algorithm 9             : DES-CFB               : des-cfb
+algorithm 11            : rsaSignature
+!Cname dsa-2
+algorithm 12            : DSA-old               : dsaEncryption-old
+algorithm 13            : DSA-SHA               : dsaWithSHA
+algorithm 15            : RSA-SHA               : shaWithRSAEncryption
+!Cname des-ede-ecb
+algorithm 17            : DES-EDE               : des-ede
+!Cname des-ede3-ecb
+                        : DES-EDE3              : des-ede3
+                        : DES-EDE-CBC           : des-ede-cbc
+!Cname des-ede-cfb64
+                        : DES-EDE-CFB           : des-ede-cfb
+!Cname des-ede3-cfb64
+                        : DES-EDE3-CFB          : des-ede3-cfb
+!Cname des-ede-ofb64
+                        : DES-EDE-OFB           : des-ede-ofb
+!Cname des-ede3-ofb64
+                        : DES-EDE3-OFB          : des-ede3-ofb
+                        : DESX-CBC              : desx-cbc
+algorithm 18            : SHA                   : sha
+algorithm 26            : SHA1                  : sha1
+!Cname dsaWithSHA1-2
+algorithm 27            : DSA-SHA1-old          : dsaWithSHA1-old
+algorithm 29            : RSA-SHA1-2            : sha1WithRSA
+
+1 3 36 3 2 1            : RIPEMD160             : ripemd160
+1 3 36 3 3 1 2          : RSA-RIPEMD160         : ripemd160WithRSA
+
+!Cname sxnet
+1 3 101 1 4 1           : SXNetID               : Strong Extranet ID
+
+2 5                     : X500                  : directory services (X.500)
+
+X500 4                  : X509
+X509 3                  : CN                    : commonName
+X509 4                  : SN                    : surname
+X509 5                  :                       : serialNumber
+X509 6                  : C                     : countryName
+X509 7                  : L                     : localityName
+X509 8                  : ST                    : stateOrProvinceName
+X509 9                  :                       : streetAddress
+X509 10                 : O                     : organizationName
+X509 11                 : OU                    : organizationalUnitName
+X509 12                 :                       : title
+X509 13                 :                       : description
+X509 17                 :                       : postalCode
+X509 41                 : name                  : name
+X509 42                 : GN                    : givenName
+X509 43                 :                       : initials
+X509 44                 :                       : generationQualifier
+X509 45                 :                       : x500UniqueIdentifier
+X509 46                 : dnQualifier           : dnQualifier
+X509 65                 :                       : pseudonym
+X509 72                 : role                  : role
+
+X500 8                  : X500algorithms        : directory services - algorithms
+X500algorithms 1 1      : RSA                   : rsa
+X500algorithms 3 100    : RSA-MDC2              : mdc2WithRSA
+X500algorithms 3 101    : MDC2                  : mdc2
+
+X500 29                 : id-ce
+!Cname subject-key-identifier
+id-ce 14                : subjectKeyIdentifier  : X509v3 Subject Key Identifier
+!Cname key-usage
+id-ce 15                : keyUsage              : X509v3 Key Usage
+!Cname private-key-usage-period
+id-ce 16                : privateKeyUsagePeriod : X509v3 Private Key Usage Period
+!Cname subject-alt-name
+id-ce 17                : subjectAltName        : X509v3 Subject Alternative Name
+!Cname issuer-alt-name
+id-ce 18                : issuerAltName         : X509v3 Issuer Alternative Name
+!Cname basic-constraints
+id-ce 19                : basicConstraints      : X509v3 Basic Constraints
+!Cname crl-number
+id-ce 20                : crlNumber             : X509v3 CRL Number
+!Cname crl-reason
+id-ce 21                : CRLReason             : X509v3 CRL Reason Code
+!Cname invalidity-date
+id-ce 24                : invalidityDate        : Invalidity Date
+!Cname delta-crl
+id-ce 27                : deltaCRL              : X509v3 Delta CRL Indicator
+!Cname crl-distribution-points
+id-ce 31                : crlDistributionPoints : X509v3 CRL Distribution Points
+!Cname certificate-policies
+id-ce 32                : certificatePolicies   : X509v3 Certificate Policies
+!Cname authority-key-identifier
+id-ce 35                : authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36                : policyConstraints     : X509v3 Policy Constraints
+!Cname ext-key-usage
+id-ce 37                : extendedKeyUsage      : X509v3 Extended Key Usage
+!Cname target-information
+id-ce 55                : targetInformation     : X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56                : noRevAvail            : X509v3 No Revocation Available
+
+!Cname netscape
+2 16 840 1 113730       : Netscape              : Netscape Communications Corp.
+!Cname netscape-cert-extension
+netscape 1              : nsCertExt             : Netscape Certificate Extension
+!Cname netscape-data-type
+netscape 2              : nsDataType            : Netscape Data Type
+!Cname netscape-cert-type
+netscape-cert-extension 1 : nsCertType          : Netscape Cert Type
+!Cname netscape-base-url
+netscape-cert-extension 2 : nsBaseUrl           : Netscape Base Url
+!Cname netscape-revocation-url
+netscape-cert-extension 3 : nsRevocationUrl     : Netscape Revocation Url
+!Cname netscape-ca-revocation-url
+netscape-cert-extension 4 : nsCaRevocationUrl   : Netscape CA Revocation Url
+!Cname netscape-renewal-url
+netscape-cert-extension 7 : nsRenewalUrl        : Netscape Renewal Url
+!Cname netscape-ca-policy-url
+netscape-cert-extension 8 : nsCaPolicyUrl       : Netscape CA Policy Url
+!Cname netscape-ssl-server-name
+netscape-cert-extension 12 : nsSslServerName    : Netscape SSL Server Name
+!Cname netscape-comment
+netscape-cert-extension 13 : nsComment          : Netscape Comment
+!Cname netscape-cert-sequence
+netscape-data-type 5    : nsCertSequence        : Netscape Certificate Sequence
+!Cname ns-sgc
+netscape 4 1            : nsSGC                 : Netscape Server Gated Crypto
+
+# iso(1)
+iso 3                   : ORG                   : org
+org 6                   : DOD                   : dod
+dod 1                   : IANA                  : iana
+!Alias internet iana
+
+internet 1              : directory             : Directory
+internet 2              : mgmt                  : Management
+internet 3              : experimental          : Experimental
+internet 4              : private               : Private
+internet 5              : security              : Security
+internet 6              : snmpv2                : SNMPv2
+# Documents refer to "internet 7" as "mail". This however leads to ambiguities
+# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# rfc822Mailbox. The short name is therefore here left out for a reason.
+# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# references are realized via long name "Mail" (with capital M).
+internet 7              :                       : Mail
+
+Private 1               : enterprises           : Enterprises
+
+# RFC 2247
+Enterprises 1466 344    : dcobject              : dcObject
+
+# RFC 1495
+Mail 1                  : mime-mhs              : MIME MHS
+mime-mhs 1              : mime-mhs-headings     : mime-mhs-headings
+mime-mhs 2              : mime-mhs-bodies       : mime-mhs-bodies
+mime-mhs-headings 1     : id-hex-partial-message : id-hex-partial-message
+mime-mhs-headings 2     : id-hex-multipart-message : id-hex-multipart-message
+
+# What the hell are these OIDs, really?
+!Cname rle-compression
+1 1 1 1 666 1           : RLE                   : run length compression
+!Cname zlib-compression
+1 1 1 1 666 2           : ZLIB                  : zlib compression
+
+# AES aka Rijndael
+
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+
+aes 1                   : AES-128-ECB           : aes-128-ecb
+aes 2                   : AES-128-CBC           : aes-128-cbc
+!Cname aes-128-ofb128
+aes 3                   : AES-128-OFB           : aes-128-ofb
+!Cname aes-128-cfb128
+aes 4                   : AES-128-CFB           : aes-128-cfb
+
+aes 21                  : AES-192-ECB           : aes-192-ecb
+aes 22                  : AES-192-CBC           : aes-192-cbc
+!Cname aes-192-ofb128
+aes 23                  : AES-192-OFB           : aes-192-ofb
+!Cname aes-192-cfb128
+aes 24                  : AES-192-CFB           : aes-192-cfb
+
+aes 41                  : AES-256-ECB           : aes-256-ecb
+aes 42                  : AES-256-CBC           : aes-256-cbc
+!Cname aes-256-ofb128
+aes 43                  : AES-256-OFB           : aes-256-ofb
+!Cname aes-256-cfb128
+aes 44                  : AES-256-CFB           : aes-256-cfb
+
+# There are no OIDs for these modes...
+
+                        : AES-128-CFB1          : aes-128-cfb1
+                        : AES-192-CFB1          : aes-192-cfb1
+                        : AES-256-CFB1          : aes-256-cfb1
+                        : AES-128-CFB8          : aes-128-cfb8
+                        : AES-192-CFB8          : aes-192-cfb8
+                        : AES-256-CFB8          : aes-256-cfb8
+                        : DES-CFB1              : des-cfb1
+                        : DES-CFB8              : des-cfb8
+                        : DES-EDE3-CFB1         : des-ede3-cfb1
+                        : DES-EDE3-CFB8         : des-ede3-cfb8
+
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23                : holdInstructionCode   : Hold Instruction Code
+!Alias holdInstruction  X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1       : holdInstructionNone   : Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2       : holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3       : holdInstructionReject : Hold Instruction Reject
+
+# OID's from CCITT.  Most of this is defined in RFC 1274.  A couple of
+# them are also mentioned in RFC 2247
+ccitt 9                 : data
+data 2342               : pss
+pss 19200300            : ucl
+ucl 100                 : pilot
+pilot 1                 :                       : pilotAttributeType
+pilot 3                 :                       : pilotAttributeSyntax
+pilot 4                 :                       : pilotObjectClass
+pilot 10                :                       : pilotGroups
+pilotAttributeSyntax 4  :                       : iA5StringSyntax
+pilotAttributeSyntax 5  :                       : caseIgnoreIA5StringSyntax
+pilotObjectClass 3      :                       : pilotObject
+pilotObjectClass 4      :                       : pilotPerson
+pilotObjectClass 5      : account
+pilotObjectClass 6      : document
+pilotObjectClass 7      : room
+pilotObjectClass 9      :                       : documentSeries
+pilotObjectClass 13     : domain                : Domain
+pilotObjectClass 14     :                       : rFC822localPart
+pilotObjectClass 15     :                       : dNSDomain
+pilotObjectClass 17     :                       : domainRelatedObject
+pilotObjectClass 18     :                       : friendlyCountry
+pilotObjectClass 19     :                       : simpleSecurityObject
+pilotObjectClass 20     :                       : pilotOrganization
+pilotObjectClass 21     :                       : pilotDSA
+pilotObjectClass 22     :                       : qualityLabelledData
+pilotAttributeType 1    : UID                   : userId
+pilotAttributeType 2    :                       : textEncodedORAddress
+pilotAttributeType 3    : mail                  : rfc822Mailbox
+pilotAttributeType 4    : info
+pilotAttributeType 5    :                       : favouriteDrink
+pilotAttributeType 6    :                       : roomNumber
+pilotAttributeType 7    : photo
+pilotAttributeType 8    :                       : userClass
+pilotAttributeType 9    : host
+pilotAttributeType 10   : manager
+pilotAttributeType 11   :                       : documentIdentifier
+pilotAttributeType 12   :                       : documentTitle
+pilotAttributeType 13   :                       : documentVersion
+pilotAttributeType 14   :                       : documentAuthor
+pilotAttributeType 15   :                       : documentLocation
+pilotAttributeType 20   :                       : homeTelephoneNumber
+pilotAttributeType 21   : secretary
+pilotAttributeType 22   :                       : otherMailbox
+pilotAttributeType 23   :                       : lastModifiedTime
+pilotAttributeType 24   :                       : lastModifiedBy
+pilotAttributeType 25   : DC                    : domainComponent
+pilotAttributeType 26   :                       : aRecord
+pilotAttributeType 27   :                       : pilotAttributeType27
+pilotAttributeType 28   :                       : mXRecord
+pilotAttributeType 29   :                       : nSRecord
+pilotAttributeType 30   :                       : sOARecord
+pilotAttributeType 31   :                       : cNAMERecord
+pilotAttributeType 37   :                       : associatedDomain
+pilotAttributeType 38   :                       : associatedName
+pilotAttributeType 39   :                       : homePostalAddress
+pilotAttributeType 40   :                       : personalTitle
+pilotAttributeType 41   :                       : mobileTelephoneNumber
+pilotAttributeType 42   :                       : pagerTelephoneNumber
+pilotAttributeType 43   :                       : friendlyCountryName
+# The following clashes with 2.5.4.45, so commented away
+#pilotAttributeType 44  : uid                   : uniqueIdentifier
+pilotAttributeType 45   :                       : organizationalStatus
+pilotAttributeType 46   :                       : janetMailbox
+pilotAttributeType 47   :                       : mailPreferenceOption
+pilotAttributeType 48   :                       : buildingName
+pilotAttributeType 49   :                       : dSAQuality
+pilotAttributeType 50   :                       : singleLevelQuality
+pilotAttributeType 51   :                       : subtreeMinimumQuality
+pilotAttributeType 52   :                       : subtreeMaximumQuality
+pilotAttributeType 53   :                       : personalSignature
+pilotAttributeType 54   :                       : dITRedirect
+pilotAttributeType 55   : audio
+pilotAttributeType 56   :                       : documentPublisher
+
+2 23 42                 : id-set                : Secure Electronic Transactions
+
+id-set 0                : set-ctype             : content types
+id-set 1                : set-msgExt            : message extensions
+id-set 3                : set-attr
+id-set 5                : set-policy
+id-set 7                : set-certExt           : certificate extensions
+id-set 8                : set-brand
+
+set-ctype 0             : setct-PANData
+set-ctype 1             : setct-PANToken
+set-ctype 2             : setct-PANOnly
+set-ctype 3             : setct-OIData
+set-ctype 4             : setct-PI
+set-ctype 5             : setct-PIData
+set-ctype 6             : setct-PIDataUnsigned
+set-ctype 7             : setct-HODInput
+set-ctype 8             : setct-AuthResBaggage
+set-ctype 9             : setct-AuthRevReqBaggage
+set-ctype 10            : setct-AuthRevResBaggage
+set-ctype 11            : setct-CapTokenSeq
+set-ctype 12            : setct-PInitResData
+set-ctype 13            : setct-PI-TBS
+set-ctype 14            : setct-PResData
+set-ctype 16            : setct-AuthReqTBS
+set-ctype 17            : setct-AuthResTBS
+set-ctype 18            : setct-AuthResTBSX
+set-ctype 19            : setct-AuthTokenTBS
+set-ctype 20            : setct-CapTokenData
+set-ctype 21            : setct-CapTokenTBS
+set-ctype 22            : setct-AcqCardCodeMsg
+set-ctype 23            : setct-AuthRevReqTBS
+set-ctype 24            : setct-AuthRevResData
+set-ctype 25            : setct-AuthRevResTBS
+set-ctype 26            : setct-CapReqTBS
+set-ctype 27            : setct-CapReqTBSX
+set-ctype 28            : setct-CapResData
+set-ctype 29            : setct-CapRevReqTBS
+set-ctype 30            : setct-CapRevReqTBSX
+set-ctype 31            : setct-CapRevResData
+set-ctype 32            : setct-CredReqTBS
+set-ctype 33            : setct-CredReqTBSX
+set-ctype 34            : setct-CredResData
+set-ctype 35            : setct-CredRevReqTBS
+set-ctype 36            : setct-CredRevReqTBSX
+set-ctype 37            : setct-CredRevResData
+set-ctype 38            : setct-PCertReqData
+set-ctype 39            : setct-PCertResTBS
+set-ctype 40            : setct-BatchAdminReqData
+set-ctype 41            : setct-BatchAdminResData
+set-ctype 42            : setct-CardCInitResTBS
+set-ctype 43            : setct-MeAqCInitResTBS
+set-ctype 44            : setct-RegFormResTBS
+set-ctype 45            : setct-CertReqData
+set-ctype 46            : setct-CertReqTBS
+set-ctype 47            : setct-CertResData
+set-ctype 48            : setct-CertInqReqTBS
+set-ctype 49            : setct-ErrorTBS
+set-ctype 50            : setct-PIDualSignedTBE
+set-ctype 51            : setct-PIUnsignedTBE
+set-ctype 52            : setct-AuthReqTBE
+set-ctype 53            : setct-AuthResTBE
+set-ctype 54            : setct-AuthResTBEX
+set-ctype 55            : setct-AuthTokenTBE
+set-ctype 56            : setct-CapTokenTBE
+set-ctype 57            : setct-CapTokenTBEX
+set-ctype 58            : setct-AcqCardCodeMsgTBE
+set-ctype 59            : setct-AuthRevReqTBE
+set-ctype 60            : setct-AuthRevResTBE
+set-ctype 61            : setct-AuthRevResTBEB
+set-ctype 62            : setct-CapReqTBE
+set-ctype 63            : setct-CapReqTBEX
+set-ctype 64            : setct-CapResTBE
+set-ctype 65            : setct-CapRevReqTBE
+set-ctype 66            : setct-CapRevReqTBEX
+set-ctype 67            : setct-CapRevResTBE
+set-ctype 68            : setct-CredReqTBE
+set-ctype 69            : setct-CredReqTBEX
+set-ctype 70            : setct-CredResTBE
+set-ctype 71            : setct-CredRevReqTBE
+set-ctype 72            : setct-CredRevReqTBEX
+set-ctype 73            : setct-CredRevResTBE
+set-ctype 74            : setct-BatchAdminReqTBE
+set-ctype 75            : setct-BatchAdminResTBE
+set-ctype 76            : setct-RegFormReqTBE
+set-ctype 77            : setct-CertReqTBE
+set-ctype 78            : setct-CertReqTBEX
+set-ctype 79            : setct-CertResTBE
+set-ctype 80            : setct-CRLNotificationTBS
+set-ctype 81            : setct-CRLNotificationResTBS
+set-ctype 82            : setct-BCIDistributionTBS
+
+set-msgExt 1            : setext-genCrypt       : generic cryptogram
+set-msgExt 3            : setext-miAuth         : merchant initiated auth
+set-msgExt 4            : setext-pinSecure
+set-msgExt 5            : setext-pinAny
+set-msgExt 7            : setext-track2
+set-msgExt 8            : setext-cv             : additional verification
+
+set-policy 0            : set-policy-root
+
+set-certExt 0           : setCext-hashedRoot
+set-certExt 1           : setCext-certType
+set-certExt 2           : setCext-merchData
+set-certExt 3           : setCext-cCertRequired
+set-certExt 4           : setCext-tunneling
+set-certExt 5           : setCext-setExt
+set-certExt 6           : setCext-setQualf
+set-certExt 7           : setCext-PGWYcapabilities
+set-certExt 8           : setCext-TokenIdentifier
+set-certExt 9           : setCext-Track2Data
+set-certExt 10          : setCext-TokenType
+set-certExt 11          : setCext-IssuerCapabilities
+
+set-attr 0              : setAttr-Cert
+set-attr 1              : setAttr-PGWYcap       : payment gateway capabilities
+set-attr 2              : setAttr-TokenType
+set-attr 3              : setAttr-IssCap        : issuer capabilities
+
+setAttr-Cert 0          : set-rootKeyThumb
+setAttr-Cert 1          : set-addPolicy
+
+setAttr-TokenType 1     : setAttr-Token-EMV
+setAttr-TokenType 2     : setAttr-Token-B0Prime
+
+setAttr-IssCap 3        : setAttr-IssCap-CVM
+setAttr-IssCap 4        : setAttr-IssCap-T2
+setAttr-IssCap 5        : setAttr-IssCap-Sig
+
+setAttr-IssCap-CVM 1    : setAttr-GenCryptgrm   : generate cryptogram
+setAttr-IssCap-T2 1     : setAttr-T2Enc         : encrypted track 2
+setAttr-IssCap-T2 2     : setAttr-T2cleartxt    : cleartext track 2
+
+setAttr-IssCap-Sig 1    : setAttr-TokICCsig     : ICC or token signature
+setAttr-IssCap-Sig 2    : setAttr-SecDevSig     : secure device signature
+
+set-brand 1             : set-brand-IATA-ATA
+set-brand 30            : set-brand-Diners
+set-brand 34            : set-brand-AmericanExpress
+set-brand 35            : set-brand-JCB
+set-brand 4             : set-brand-Visa
+set-brand 5             : set-brand-MasterCard
+set-brand 6011          : set-brand-Novus
+
+rsadsi 3 10             : DES-CDMF              : des-cdmf
+rsadsi 1 1 6            : rsaOAEPEncryptionSET
diff --git a/src/lib/libcrypto/ocsp/Makefile.ssl b/src/lib/libcrypto/ocsp/Makefile.ssl
new file mode 100644
index 0000000000..02477be538
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/Makefile.ssl
@@ -0,0 +1,293 @@
+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+
+DIR=    ocsp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
+        ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_asn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ocsp_asn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+ocsp_asn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_asn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_asn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c
+ocsp_cl.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_cl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_cl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_cl.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_cl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_cl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_cl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_cl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+ocsp_cl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_cl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
+ocsp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c
+ocsp_ext.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_ext.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h ocsp_ext.c
+ocsp_ht.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ht.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_ht.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ht.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_ht.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_ht.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_ht.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_ht.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
+ocsp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h ocsp_lib.c
+ocsp_prn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c
+ocsp_srv.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_srv.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_srv.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_srv.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_srv.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_srv.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_srv.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_srv.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_srv.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_srv.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_srv.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_srv.o: ../cryptlib.h ocsp_srv.c
+ocsp_vfy.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_vfy.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_vfy.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
new file mode 100644
index 0000000000..fab3c03182
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -0,0 +1,619 @@
+/* ocsp.h */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OCSP_H
+#define HEADER_OCSP_H
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+#define OCSP_DEFAULT_NONCE_LENGTH       16
+
+#define OCSP_NOCERTS                    0x1
+#define OCSP_NOINTERN                   0x2
+#define OCSP_NOSIGS                     0x4
+#define OCSP_NOCHAIN                    0x8
+#define OCSP_NOVERIFY                   0x10
+#define OCSP_NOEXPLICIT                 0x20
+#define OCSP_NOCASIGN                   0x40
+#define OCSP_NODELEGATED                0x80
+#define OCSP_NOCHECKS                   0x100
+#define OCSP_TRUSTOTHER                 0x200
+#define OCSP_RESPID_KEY                 0x400
+#define OCSP_NOTIME                     0x800
+
+/*   CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+typedef struct ocsp_cert_id_st
+        {
+        X509_ALGOR *hashAlgorithm;
+        ASN1_OCTET_STRING *issuerNameHash;
+        ASN1_OCTET_STRING *issuerKeyHash;
+        ASN1_INTEGER *serialNumber;
+        } OCSP_CERTID;
+
+DECLARE_STACK_OF(OCSP_CERTID)
+
+/*   Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_one_request_st
+        {
+        OCSP_CERTID *reqCert;
+        STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+        } OCSP_ONEREQ;
+
+DECLARE_STACK_OF(OCSP_ONEREQ)
+DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
+
+
+/*   TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_req_info_st
+        {
+        ASN1_INTEGER *version;
+        GENERAL_NAME *requestorName;
+        STACK_OF(OCSP_ONEREQ) *requestList;
+        STACK_OF(X509_EXTENSION) *requestExtensions;
+        } OCSP_REQINFO;
+
+/*   Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+typedef struct ocsp_signature_st
+        {
+        X509_ALGOR *signatureAlgorithm;
+        ASN1_BIT_STRING *signature;
+        STACK_OF(X509) *certs;
+        } OCSP_SIGNATURE;
+
+/*   OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+typedef struct ocsp_request_st
+        {
+        OCSP_REQINFO *tbsRequest;
+        OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+        } OCSP_REQUEST;
+
+/*   OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
+#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#define OCSP_RESPONSE_STATUS_TRYLATER             3
+#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+/*   ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+typedef struct ocsp_resp_bytes_st
+        {
+        ASN1_OBJECT *responseType;
+        ASN1_OCTET_STRING *response;
+        } OCSP_RESPBYTES;
+
+/*   OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+typedef struct ocsp_response_st
+        {
+        ASN1_ENUMERATED *responseStatus;
+        OCSP_RESPBYTES  *responseBytes;
+        } OCSP_RESPONSE;
+
+/*   ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+#define V_OCSP_RESPID_NAME 0
+#define V_OCSP_RESPID_KEY  1
+typedef struct ocsp_responder_id_st
+        {
+        int type;
+        union   {
+                X509_NAME* byName;
+                ASN1_OCTET_STRING *byKey;
+                } value;
+        } OCSP_RESPID;
+/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*   RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+typedef struct ocsp_revoked_info_st
+        {
+        ASN1_GENERALIZEDTIME *revocationTime;
+        ASN1_ENUMERATED *revocationReason;
+        } OCSP_REVOKEDINFO;
+
+/*   CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+#define V_OCSP_CERTSTATUS_GOOD    0
+#define V_OCSP_CERTSTATUS_REVOKED 1
+#define V_OCSP_CERTSTATUS_UNKNOWN 2
+typedef struct ocsp_cert_status_st
+        {
+        int type;
+        union   {
+                ASN1_NULL *good;
+                OCSP_REVOKEDINFO *revoked;
+                ASN1_NULL *unknown;
+                } value;
+        } OCSP_CERTSTATUS;
+
+/*   SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_single_response_st
+        {
+        OCSP_CERTID *certId;
+        OCSP_CERTSTATUS *certStatus;
+        ASN1_GENERALIZEDTIME *thisUpdate;
+        ASN1_GENERALIZEDTIME *nextUpdate;
+        STACK_OF(X509_EXTENSION) *singleExtensions;
+        } OCSP_SINGLERESP;
+
+DECLARE_STACK_OF(OCSP_SINGLERESP)
+DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
+
+/*   ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_response_data_st
+        {
+        ASN1_INTEGER *version;
+        OCSP_RESPID  *responderId;
+        ASN1_GENERALIZEDTIME *producedAt;
+        STACK_OF(OCSP_SINGLERESP) *responses;
+        STACK_OF(X509_EXTENSION) *responseExtensions;
+        } OCSP_RESPDATA;
+
+/*   BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /* Note 1:
+     The value for "signature" is specified in the OCSP rfc2560 as follows:
+     "The value for the signature SHALL be computed on the hash of the DER
+     encoding ResponseData."  This means that you must hash the DER-encoded
+     tbsResponseData, and then run it through a crypto-signing function, which
+     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
+     a bit odd, but that's the spec.  Also note that the data structures do not
+     leave anywhere to independently specify the algorithm used for the initial
+     hash. So, we look at the signature-specification algorithm, and try to do
+     something intelligent.     -- Kathy Weinhold, CertCo */
+  /* Note 2:
+     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
+     for interpretation.  I've done tests against another responder, and found
+     that it doesn't do the double hashing that the RFC seems to say one
+     should.  Therefore, all relevant functions take a flag saying which
+     variant should be used.    -- Richard Levitte, OpenSSL team and CeloCom */
+typedef struct ocsp_basic_response_st
+        {
+        OCSP_RESPDATA *tbsResponseData;
+        X509_ALGOR *signatureAlgorithm;
+        ASN1_BIT_STRING *signature;
+        STACK_OF(X509) *certs;
+        } OCSP_BASICRESP;
+
+/*
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+/* CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+typedef struct ocsp_crl_id_st
+        {
+        ASN1_IA5STRING *crlUrl;
+        ASN1_INTEGER *crlNum;
+        ASN1_GENERALIZEDTIME *crlTime;
+        } OCSP_CRLID;
+
+/* ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+typedef struct ocsp_service_locator_st
+        {
+        X509_NAME* issuer;
+        STACK_OF(ACCESS_DESCRIPTION) *locator;
+        } OCSP_SERVICELOC;
+ 
+#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
+#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
+                OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
+                (unsigned char **)(p))
+
+#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
+                OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
+                (unsigned char **)(p))
+
+#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
+
+#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
+
+#define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
+                (unsigned char *)o)
+
+#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
+                (unsigned char *)o)
+
+#define OCSP_REQUEST_sign(o,pkey,md) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+                o->optionalSignature->signatureAlgorithm,NULL,\
+                o->optionalSignature->signature,o->tbsRequest,pkey,md)
+
+#define OCSP_BASICRESP_sign(o,pkey,md,d) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
+                o->signature,o->tbsResponseData,pkey,md)
+
+#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        a->optionalSignature->signatureAlgorithm,\
+        a->optionalSignature->signature,a->tbsRequest,r)
+
+#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+        a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
+
+#define ASN1_BIT_STRING_digest(data,type,md,len) \
+        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
+                (char *(*)())d2i_OCSP_CERTID,(char *)(cid))
+
+#define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+                              X509_NAME *issuerName, 
+                              ASN1_BIT_STRING* issuerKey, 
+                              ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+                      X509           *signer,
+                      EVP_PKEY       *key,
+                      const EVP_MD   *dgst,
+                      STACK_OF(X509) *certs,
+                      unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                                ASN1_GENERALIZEDTIME **revtime,
+                                ASN1_GENERALIZEDTIME **thisupd,
+                                ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                                int *reason,
+                                ASN1_GENERALIZEDTIME **revtime,
+                                ASN1_GENERALIZEDTIME **thisupd,
+                                ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd,
+                        long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                        ASN1_OCTET_STRING **pikeyHash,
+                        ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                                OCSP_CERTID *cid,
+                                                int status, int reason,
+                                                ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd, ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
+                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                        STACK_OF(X509) *certs, unsigned long flags);
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+                                char *data, STACK_OF(ASN1_OBJECT) *sk);
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_OCSP_strings(void);
+
+/* Error codes for the OCSP functions. */
+
+/* Function codes. */
+#define OCSP_F_ASN1_STRING_ENCODE                        100
+#define OCSP_F_CERT_ID_NEW                               101
+#define OCSP_F_D2I_OCSP_NONCE                            102
+#define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
+#define OCSP_F_OCSP_BASIC_SIGN                           104
+#define OCSP_F_OCSP_BASIC_VERIFY                         105
+#define OCSP_F_OCSP_CHECK_DELEGATED                      106
+#define OCSP_F_OCSP_CHECK_IDS                            107
+#define OCSP_F_OCSP_CHECK_ISSUER                         108
+#define OCSP_F_OCSP_CHECK_VALIDITY                       115
+#define OCSP_F_OCSP_MATCH_ISSUERID                       109
+#define OCSP_F_OCSP_PARSE_URL                            114
+#define OCSP_F_OCSP_REQUEST_SIGN                         110
+#define OCSP_F_OCSP_REQUEST_VERIFY                       116
+#define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
+#define OCSP_F_OCSP_SENDREQ_BIO                          112
+#define OCSP_F_REQUEST_VERIFY                            113
+
+/* Reason codes. */
+#define OCSP_R_BAD_DATA                                  100
+#define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
+#define OCSP_R_DIGEST_ERR                                102
+#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
+#define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
+#define OCSP_R_ERROR_PARSING_URL                         121
+#define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
+#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
+#define OCSP_R_NOT_BASIC_RESPONSE                        104
+#define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
+#define OCSP_R_NO_CONTENT                                106
+#define OCSP_R_NO_PUBLIC_KEY                             107
+#define OCSP_R_NO_RESPONSE_DATA                          108
+#define OCSP_R_NO_REVOKED_TIME                           109
+#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
+#define OCSP_R_REQUEST_NOT_SIGNED                        128
+#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
+#define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
+#define OCSP_R_SERVER_READ_ERROR                         113
+#define OCSP_R_SERVER_RESPONSE_ERROR                     114
+#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
+#define OCSP_R_SERVER_WRITE_ERROR                        116
+#define OCSP_R_SIGNATURE_FAILURE                         117
+#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
+#define OCSP_R_STATUS_EXPIRED                            125
+#define OCSP_R_STATUS_NOT_YET_VALID                      126
+#define OCSP_R_STATUS_TOO_OLD                            127
+#define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
+#define OCSP_R_UNKNOWN_NID                               120
+#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/ocsp/ocsp_asn.c b/src/lib/libcrypto/ocsp/ocsp_asn.c
new file mode 100644
index 0000000000..6a3a360d54
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_asn.c
@@ -0,0 +1,182 @@
+/* ocsp_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/ocsp.h>
+
+ASN1_SEQUENCE(OCSP_SIGNATURE) = {
+        ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+        ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
+ASN1_SEQUENCE(OCSP_CERTID) = {
+        ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(OCSP_CERTID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
+ASN1_SEQUENCE(OCSP_ONEREQ) = {
+        ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(OCSP_ONEREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
+ASN1_SEQUENCE(OCSP_REQINFO) = {
+        ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+        ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+        ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(OCSP_REQINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
+ASN1_SEQUENCE(OCSP_REQUEST) = {
+        ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+        ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+} ASN1_SEQUENCE_END(OCSP_REQUEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
+
+/* OCSP_RESPONSE templates */
+
+ASN1_SEQUENCE(OCSP_RESPBYTES) = {
+            ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+            ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
+ASN1_SEQUENCE(OCSP_RESPONSE) = {
+        ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+        ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+} ASN1_SEQUENCE_END(OCSP_RESPONSE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
+ASN1_CHOICE(OCSP_RESPID) = {
+           ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+           ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(OCSP_RESPID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
+
+ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
+        ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+        ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
+ASN1_CHOICE(OCSP_CERTSTATUS) = {
+        ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+        ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+        ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(OCSP_CERTSTATUS)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
+ASN1_SEQUENCE(OCSP_SINGLERESP) = {
+           ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+           ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+           ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+           ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
+ASN1_SEQUENCE(OCSP_RESPDATA) = {
+           ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+           ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+           ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+           ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_RESPDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
+ASN1_SEQUENCE(OCSP_BASICRESP) = {
+           ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+           ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+           ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_BASICRESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+           ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+           ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+           ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+        ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+        ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
new file mode 100644
index 0000000000..9b3e6dd8ca
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -0,0 +1,370 @@
+/* ocsp_cl.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Utility functions related to sending OCSP requests and extracting
+ * relevant information from the response.
+ */
+
+/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ 
+ * pointer: useful if we want to add extensions.
+ */
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
+        {
+        OCSP_ONEREQ *one = NULL;
+
+        if (!(one = OCSP_ONEREQ_new())) goto err;
+        if (one->reqCert) OCSP_CERTID_free(one->reqCert);
+        one->reqCert = cid;
+        if (req &&
+                !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+                                goto err;
+        return one;
+err:
+        OCSP_ONEREQ_free(one);
+        return NULL;
+        }
+
+/* Set requestorName from an X509_NAME structure */
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
+        {
+        GENERAL_NAME *gen;
+        gen = GENERAL_NAME_new();
+        if (!X509_NAME_set(&gen->d.directoryName, nm))
+                {
+                GENERAL_NAME_free(gen);
+                return 0;
+                }
+        gen->type = GEN_DIRNAME;
+        if (req->tbsRequest->requestorName)
+                GENERAL_NAME_free(req->tbsRequest->requestorName);
+        req->tbsRequest->requestorName = gen;
+        return 1;
+        }
+        
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
+        {
+        OCSP_SIGNATURE *sig;
+        if (!req->optionalSignature)
+                req->optionalSignature = OCSP_SIGNATURE_new();
+        sig = req->optionalSignature;
+        if (!sig) return 0;
+        if (!cert) return 1;
+        if (!sig->certs && !(sig->certs = sk_X509_new_null()))
+                return 0;
+
+        if(!sk_X509_push(sig->certs, cert)) return 0;
+        CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+        return 1;
+        }
+
+/* Sign an OCSP request set the requestorName to the subjec
+ * name of an optional signers certificate and include one
+ * or more optional certificates in the request. Behaves
+ * like PKCS7_sign().
+ */
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+                      X509           *signer,
+                      EVP_PKEY       *key,
+                      const EVP_MD   *dgst,
+                      STACK_OF(X509) *certs,
+                      unsigned long flags)
+        {
+        int i;
+        OCSP_SIGNATURE *sig;
+        X509 *x;
+
+        if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+                        goto err;
+
+        if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
+        if (!dgst) dgst = EVP_sha1();
+        if (key)
+                {
+                if (!X509_check_private_key(signer, key))
+                        {
+                        OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                        goto err;
+                        }
+                if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
+                }
+
+        if (!(flags & OCSP_NOCERTS))
+                {
+                if(!OCSP_request_add1_cert(req, signer)) goto err;
+                for (i = 0; i < sk_X509_num(certs); i++)
+                        {
+                        x = sk_X509_value(certs, i);
+                        if (!OCSP_request_add1_cert(req, x)) goto err;
+                        }
+                }
+
+        return 1;
+err:
+        OCSP_SIGNATURE_free(req->optionalSignature);
+        req->optionalSignature = NULL;
+        return 0;
+        }
+
+/* Get response status */
+
+int OCSP_response_status(OCSP_RESPONSE *resp)
+        {
+        return ASN1_ENUMERATED_get(resp->responseStatus);
+        }
+
+/* Extract basic response from OCSP_RESPONSE or NULL if
+ * no basic response present.
+ */
+ 
+
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
+        {
+        OCSP_RESPBYTES *rb;
+        rb = resp->responseBytes;
+        if (!rb)
+                {
+                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+                return NULL;
+                }
+        if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
+                {
+                OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+                return NULL;
+                }
+
+        return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+        }
+
+/* Return number of OCSP_SINGLERESP reponses present in
+ * a basic response.
+ */
+
+int OCSP_resp_count(OCSP_BASICRESP *bs)
+        {
+        if (!bs) return -1;
+        return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+        }
+
+/* Extract an OCSP_SINGLERESP response with a given index */
+
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
+        {
+        if (!bs) return NULL;
+        return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+        }
+
+/* Look single response matching a given certificate ID */
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
+        {
+        int i;
+        STACK_OF(OCSP_SINGLERESP) *sresp;
+        OCSP_SINGLERESP *single;
+        if (!bs) return -1;
+        if (last < 0) last = 0;
+        else last++;
+        sresp = bs->tbsResponseData->responses;
+        for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)
+                {
+                single = sk_OCSP_SINGLERESP_value(sresp, i);
+                if (!OCSP_id_cmp(id, single->certId)) return i;
+                }
+        return -1;
+        }
+
+/* Extract status information from an OCSP_SINGLERESP structure.
+ * Note: the revtime and reason values are only set if the 
+ * certificate status is revoked. Returns numerical value of
+ * status.
+ */
+
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                                ASN1_GENERALIZEDTIME **revtime,
+                                ASN1_GENERALIZEDTIME **thisupd,
+                                ASN1_GENERALIZEDTIME **nextupd)
+        {
+        int ret;
+        OCSP_CERTSTATUS *cst;
+        if(!single) return -1;
+        cst = single->certStatus;
+        ret = cst->type;
+        if (ret == V_OCSP_CERTSTATUS_REVOKED)
+                {
+                OCSP_REVOKEDINFO *rev = cst->value.revoked;
+                if (revtime) *revtime = rev->revocationTime;
+                if (reason) 
+                        {
+                        if(rev->revocationReason)
+                                *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+                        else *reason = -1;
+                        }
+                }
+        if(thisupd) *thisupd = single->thisUpdate;
+        if(nextupd) *nextupd = single->nextUpdate;
+        return ret;
+        }
+
+/* This function combines the previous ones: look up a certificate ID and
+ * if found extract status information. Return 0 is successful.
+ */
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                                int *reason,
+                                ASN1_GENERALIZEDTIME **revtime,
+                                ASN1_GENERALIZEDTIME **thisupd,
+                                ASN1_GENERALIZEDTIME **nextupd)
+        {
+        int i;
+        OCSP_SINGLERESP *single;
+        i = OCSP_resp_find(bs, id, -1);
+        /* Maybe check for multiple responses and give an error? */
+        if(i < 0) return 0;
+        single = OCSP_resp_get0(bs, i);
+        i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+        if(status) *status = i;
+        return 1;
+        }
+
+/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
+ * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
+ * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
+ * Also to avoid accepting very old responses without a nextUpdate field an optional maxage
+ * parameter specifies the maximum age the thisUpdate field can be.
+ */
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+        {
+        int ret = 1;
+        time_t t_now, t_tmp;
+        time(&t_now);
+        /* Check thisUpdate is valid and not more than nsec in the future */
+        if (!ASN1_GENERALIZEDTIME_check(thisupd))
+                {
+                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+                ret = 0;
+                }
+        else 
+                {
+                        t_tmp = t_now + nsec;
+                        if (X509_cmp_time(thisupd, &t_tmp) > 0)
+                        {
+                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+                        ret = 0;
+                        }
+
+                /* If maxsec specified check thisUpdate is not more than maxsec in the past */
+                if (maxsec >= 0)
+                        {
+                        t_tmp = t_now - maxsec;
+                        if (X509_cmp_time(thisupd, &t_tmp) < 0)
+                                {
+                                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+                                ret = 0;
+                                }
+                        }
+                }
+                
+
+        if (!nextupd) return ret;
+
+        /* Check nextUpdate is valid and not more than nsec in the past */
+        if (!ASN1_GENERALIZEDTIME_check(nextupd))
+                {
+                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+                ret = 0;
+                }
+        else 
+                {
+                t_tmp = t_now - nsec;
+                if (X509_cmp_time(nextupd, &t_tmp) < 0)
+                        {
+                        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+                        ret = 0;
+                        }
+                }
+
+        /* Also don't allow nextUpdate to precede thisUpdate */
+        if (ASN1_STRING_cmp(nextupd, thisupd) < 0)
+                {
+                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+                ret = 0;
+                }
+
+        return ret;
+        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
new file mode 100644
index 0000000000..4c4d8306f8
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -0,0 +1,139 @@
+/* crypto/ocsp/ocsp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA OCSP_str_functs[]=
+        {
+{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0),       "ASN1_STRING_encode"},
+{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0),      "CERT_ID_NEW"},
+{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0),   "D2I_OCSP_NONCE"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0),   "OCSP_basic_add1_status"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0),  "OCSP_basic_sign"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0),        "OCSP_basic_verify"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0),     "OCSP_CHECK_DELEGATED"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0),   "OCSP_CHECK_IDS"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0),        "OCSP_CHECK_ISSUER"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0),      "OCSP_check_validity"},
+{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0),      "OCSP_MATCH_ISSUERID"},
+{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0),   "OCSP_parse_url"},
+{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0),        "OCSP_request_sign"},
+{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0),      "OCSP_request_verify"},
+{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0), "OCSP_response_get1_basic"},
+{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0), "OCSP_sendreq_bio"},
+{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0),   "REQUEST_VERIFY"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA OCSP_str_reasons[]=
+        {
+{OCSP_R_BAD_DATA                         ,"bad data"},
+{OCSP_R_CERTIFICATE_VERIFY_ERROR         ,"certificate verify error"},
+{OCSP_R_DIGEST_ERR                       ,"digest err"},
+{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD        ,"error in nextupdate field"},
+{OCSP_R_ERROR_IN_THISUPDATE_FIELD        ,"error in thisupdate field"},
+{OCSP_R_ERROR_PARSING_URL                ,"error parsing url"},
+{OCSP_R_MISSING_OCSPSIGNING_USAGE        ,"missing ocspsigning usage"},
+{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE     ,"nextupdate before thisupdate"},
+{OCSP_R_NOT_BASIC_RESPONSE               ,"not basic response"},
+{OCSP_R_NO_CERTIFICATES_IN_CHAIN         ,"no certificates in chain"},
+{OCSP_R_NO_CONTENT                       ,"no content"},
+{OCSP_R_NO_PUBLIC_KEY                    ,"no public key"},
+{OCSP_R_NO_RESPONSE_DATA                 ,"no response data"},
+{OCSP_R_NO_REVOKED_TIME                  ,"no revoked time"},
+{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
+{OCSP_R_REQUEST_NOT_SIGNED               ,"request not signed"},
+{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"},
+{OCSP_R_ROOT_CA_NOT_TRUSTED              ,"root ca not trusted"},
+{OCSP_R_SERVER_READ_ERROR                ,"server read error"},
+{OCSP_R_SERVER_RESPONSE_ERROR            ,"server response error"},
+{OCSP_R_SERVER_RESPONSE_PARSE_ERROR      ,"server response parse error"},
+{OCSP_R_SERVER_WRITE_ERROR               ,"server write error"},
+{OCSP_R_SIGNATURE_FAILURE                ,"signature failure"},
+{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND     ,"signer certificate not found"},
+{OCSP_R_STATUS_EXPIRED                   ,"status expired"},
+{OCSP_R_STATUS_NOT_YET_VALID             ,"status not yet valid"},
+{OCSP_R_STATUS_TOO_OLD                   ,"status too old"},
+{OCSP_R_UNKNOWN_MESSAGE_DIGEST           ,"unknown message digest"},
+{OCSP_R_UNKNOWN_NID                      ,"unknown nid"},
+{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE   ,"unsupported requestorname type"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_OCSP_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
+                ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
new file mode 100644
index 0000000000..57399433fc
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -0,0 +1,538 @@
+/* ocsp_ext.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+        {
+        return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+        }
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+        {
+        return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));
+        }
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
+        {
+        return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));
+        }
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+        {
+        return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));
+        }
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+        {
+        return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));
+        }
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+        {
+        return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));
+        }
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+        }
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+        {
+        return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);
+        }
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+        {
+        return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);
+        }
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+        {
+        return(X509v3_get_ext_count(x->singleRequestExtensions));
+        }
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+        {
+        return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));
+        }
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
+        {
+        return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));
+        }
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+        {
+        return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));
+        }
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+        {
+        return(X509v3_get_ext(x->singleRequestExtensions,loc));
+        }
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+        {
+        return(X509v3_delete_ext(x->singleRequestExtensions,loc));
+        }
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+        }
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+        {
+        return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);
+        }
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+        {
+        return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);
+        }
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+        {
+        return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+        }
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+        {
+        return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));
+        }
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
+        {
+        return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));
+        }
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
+        {
+        return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));
+        }
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+        {
+        return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));
+        }
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+        {
+        return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));
+        }
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);
+        }
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+        {
+        return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);
+        }
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+        {
+        return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);
+        }
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+        {
+        return(X509v3_get_ext_count(x->singleExtensions));
+        }
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+        {
+        return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));
+        }
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)
+        {
+        return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));
+        }
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)
+        {
+        return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));
+        }
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+        {
+        return(X509v3_get_ext(x->singleExtensions,loc));
+        }
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+        {
+        return(X509v3_delete_ext(x->singleExtensions,loc));
+        }
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)
+        {
+        return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+        }
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+        {
+        return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+        }
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+        {
+        return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);
+        }
+
+/* also CRL Entry Extensions */
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+                                char *data, STACK_OF(ASN1_OBJECT) *sk)
+        {
+        int i;
+        unsigned char *p, *b = NULL;
+
+        if (data)
+                {
+                if ((i=i2d(data,NULL)) <= 0) goto err;
+                if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+                        goto err;
+                if (i2d(data, &p) <= 0) goto err;
+                }
+        else if (sk)
+                {
+                if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE,
+                                   V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
+                if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+                        goto err;
+                if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE,
+                                 V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
+                }
+        else
+                {
+                OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
+                goto err;
+                }
+        if (!s && !(s = ASN1_STRING_new())) goto err;
+        if (!(ASN1_STRING_set(s, b, i))) goto err;
+        OPENSSL_free(b);
+        return s;
+err:
+        if (b) OPENSSL_free(b);
+        return NULL;
+        }
+
+/* Nonce handling functions */
+
+/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
+ * a random nonce will be generated.
+ * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 
+ * nonce, previous versions used the raw nonce.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
+        {
+        unsigned char *tmpval;
+        ASN1_OCTET_STRING os;
+        int ret = 0;
+        if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
+        /* Create the OCTET STRING manually by writing out the header and
+         * appending the content octets. This avoids an extra memory allocation
+         * operation in some cases. Applications should *NOT* do this because
+         * it relies on library internals.
+         */
+        os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+        os.data = OPENSSL_malloc(os.length);
+        if (os.data == NULL)
+                goto err;
+        tmpval = os.data;
+        ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+        if (val)
+                memcpy(tmpval, val, len);
+        else
+                RAND_pseudo_bytes(tmpval, len);
+        if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+                        &os, 0, X509V3_ADD_REPLACE))
+                                goto err;
+        ret = 1;
+        err:
+        if (os.data)
+                OPENSSL_free(os.data);
+        return ret;
+        }
+
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+        {
+        return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+        }
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+        {
+        return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);
+        }
+
+/* Check nonce validity in a request and response.
+ * Return value reflects result:
+ *  1: nonces present and equal.
+ *  2: nonces both absent.
+ *  3: nonce present in response only.
+ *  0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ *  For most responders clients can check return > 0.
+ *  If responder doesn't handle nonces return != 0 may be
+ *  necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+        {
+        /*
+         * Since we are only interested in the presence or absence of
+         * the nonce and comparing its value there is no need to use
+         * the X509V3 routines: this way we can avoid them allocating an
+         * ASN1_OCTET_STRING structure for the value which would be
+         * freed immediately anyway.
+         */
+
+        int req_idx, resp_idx;
+        X509_EXTENSION *req_ext, *resp_ext;
+        req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+        resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+        /* Check both absent */
+        if((req_idx < 0) && (resp_idx < 0))
+                return 2;
+        /* Check in request only */
+        if((req_idx >= 0) && (resp_idx < 0))
+                return -1;
+        /* Check in response but not request */
+        if((req_idx < 0) && (resp_idx >= 0))
+                return 3;
+        /* Otherwise nonce in request and response so retrieve the extensions */
+        req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+        resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+        if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+                return 0;
+        return 1;
+        }
+
+/* Copy the nonce value (if any) from an OCSP request to 
+ * a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+        {
+        X509_EXTENSION *req_ext;
+        int req_idx;
+        /* Check for nonce in request */
+        req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+        /* If no nonce that's OK */
+        if (req_idx < 0) return 2;
+        req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+        return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+        }
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+        {
+        X509_EXTENSION *x = NULL;
+        OCSP_CRLID *cid = NULL;
+        
+        if (!(cid = OCSP_CRLID_new())) goto err;
+        if (url)
+                {
+                if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
+                if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
+                }
+        if (n)
+                {
+                if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
+                if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
+                }
+        if (tim)
+                {
+                if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
+                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
+                        goto err;
+                }
+        if (!(x = X509_EXTENSION_new())) goto err;
+        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
+        if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
+                goto err;
+        OCSP_CRLID_free(cid);
+        return x;
+err:
+        if (x) X509_EXTENSION_free(x);
+        if (cid) OCSP_CRLID_free(cid);
+        return NULL;
+        }
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+        {
+        int nid;
+        STACK_OF(ASN1_OBJECT) *sk = NULL;
+        ASN1_OBJECT *o = NULL;
+        X509_EXTENSION *x = NULL;
+
+        if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;
+        while (oids && *oids)
+                {
+                if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
+                        sk_ASN1_OBJECT_push(sk, o);
+                oids++;
+                }
+        if (!(x = X509_EXTENSION_new())) goto err;
+        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+                goto err;
+        if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
+                goto err;
+        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+        return x;
+err:
+        if (x) X509_EXTENSION_free(x);
+        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+        return NULL;
+        }
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
+        {
+        X509_EXTENSION *x=NULL;
+        ASN1_GENERALIZEDTIME *gt = NULL;
+
+        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
+        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
+        if (!(x = X509_EXTENSION_new())) goto err;
+        if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
+        if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
+                                 (char*)gt,NULL))) goto err;
+        ASN1_GENERALIZEDTIME_free(gt);
+        return x;
+err:
+        if (gt) ASN1_GENERALIZEDTIME_free(gt);
+        if (x) X509_EXTENSION_free(x);
+        return NULL;
+        }
+
+/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
+ * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
+        {
+        X509_EXTENSION *x = NULL;
+        ASN1_IA5STRING *ia5 = NULL;
+        OCSP_SERVICELOC *sloc = NULL;
+        ACCESS_DESCRIPTION *ad = NULL;
+        
+        if (!(sloc = OCSP_SERVICELOC_new())) goto err;
+        if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
+        if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;
+        while (urls && *urls)
+                {
+                if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
+                if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
+                if (!(ad->location = GENERAL_NAME_new())) goto err;
+                if (!(ia5 = ASN1_IA5STRING_new())) goto err;
+                if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
+                ad->location->type = GEN_URI;
+                ad->location->d.ia5 = ia5;
+                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
+                urls++;
+                }
+        if (!(x = X509_EXTENSION_new())) goto err;
+        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
+                goto err;
+        if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
+                                 (char*)sloc, NULL))) goto err;
+        OCSP_SERVICELOC_free(sloc);
+        return x;
+err:
+        if (x) X509_EXTENSION_free(x);
+        if (sloc) OCSP_SERVICELOC_free(sloc);
+        return NULL;
+        }
+
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
new file mode 100644
index 0000000000..9213e58ae4
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -0,0 +1,173 @@
+/* ocsp_ht.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/asn1.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#ifdef OPENSSL_SYS_SUNOS
+#define strtoul (unsigned long)strtol
+#endif /* OPENSSL_SYS_SUNOS */
+
+/* Quick and dirty HTTP OCSP request handler.
+ * Could make this a bit cleverer by adding
+ * support for non blocking BIOs and a few
+ * other refinements.
+ */
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
+{
+        BIO *mem = NULL;
+        char tmpbuf[1024];
+        OCSP_RESPONSE *resp = NULL;
+        char *p, *q, *r;
+        int len, retcode;
+        static char req_txt[] =
+"POST %s HTTP/1.0\r\n\
+Content-Type: application/ocsp-request\r\n\
+Content-Length: %d\r\n\r\n";
+
+        len = i2d_OCSP_REQUEST(req, NULL);
+        if(BIO_printf(b, req_txt, path, len) < 0) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
+                goto err;
+        }
+        if(i2d_OCSP_REQUEST_bio(b, req) <= 0) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
+                goto err;
+        }
+        if(!(mem = BIO_new(BIO_s_mem()))) goto err;
+        /* Copy response to a memory BIO: socket bios can't do gets! */
+        while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
+                if(len < 0) {
+                        OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
+                        goto err;
+                }
+                BIO_write(mem, tmpbuf, len);
+        }
+        if(BIO_gets(mem, tmpbuf, 512) <= 0) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                goto err;
+        }
+        /* Parse the HTTP response. This will look like this:
+         * "HTTP/1.0 200 OK". We need to obtain the numeric code and
+         * (optional) informational message.
+         */
+
+        /* Skip to first white space (passed protocol info) */
+        for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;
+        if(!*p) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                goto err;
+        }
+        /* Skip past white space to start of response code */
+        while(*p && isspace((unsigned char)*p)) p++;
+        if(!*p) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                goto err;
+        }
+        /* Find end of response code: first whitespace after start of code */
+        for(q = p; *q && !isspace((unsigned char)*q); q++) continue;
+        if(!*q) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                goto err;
+        }
+        /* Set end of response code and start of message */ 
+        *q++ = 0;
+        /* Attempt to parse numeric code */
+        retcode = strtoul(p, &r, 10);
+        if(*r) goto err;
+        /* Skip over any leading white space in message */
+        while(*q && isspace((unsigned char)*q))  q++;
+        if(*q) {
+        /* Finally zap any trailing white space in message (include CRLF) */
+        /* We know q has a non white space character so this is OK */
+                for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
+        }
+        if(retcode != 200) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
+                if(!*q) { 
+                        ERR_add_error_data(2, "Code=", p);
+                }
+                else {
+                        ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+                }
+                goto err;
+        }
+        /* Find blank line marking beginning of content */      
+        while(BIO_gets(mem, tmpbuf, 512) > 0)
+        {
+                for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue;
+                if(!*p) break;
+        }
+        if(*p) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT);
+                goto err;
+        }
+        if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+        }
+        err:
+        BIO_free(mem);
+        return resp;
+}
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
new file mode 100644
index 0000000000..9e87fc7895
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -0,0 +1,262 @@
+/* ocsp_lib.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Convert a certificate and its issuer to an OCSP_CERTID */
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+{
+        X509_NAME *iname;
+        ASN1_INTEGER *serial;
+        ASN1_BIT_STRING *ikey;
+#ifndef OPENSSL_NO_SHA1
+        if(!dgst) dgst = EVP_sha1();
+#endif
+        if (subject)
+                {
+                iname = X509_get_issuer_name(subject);
+                serial = X509_get_serialNumber(subject);
+                }
+        else
+                {
+                iname = X509_get_subject_name(issuer);
+                serial = NULL;
+                }
+        ikey = X509_get0_pubkey_bitstr(issuer);
+        return OCSP_cert_id_new(dgst, iname, ikey, serial);
+}
+
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+                              X509_NAME *issuerName, 
+                              ASN1_BIT_STRING* issuerKey, 
+                              ASN1_INTEGER *serialNumber)
+        {
+        int nid;
+        unsigned int i;
+        X509_ALGOR *alg;
+        OCSP_CERTID *cid = NULL;
+        unsigned char md[EVP_MAX_MD_SIZE];
+
+        if (!(cid = OCSP_CERTID_new())) goto err;
+
+        alg = cid->hashAlgorithm;
+        if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
+        if ((nid = EVP_MD_type(dgst)) == NID_undef)
+                {
+                OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+                goto err;
+                }
+        if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
+        if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        alg->parameter->type=V_ASN1_NULL;
+
+        if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
+        if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
+
+        /* Calculate the issuerKey hash, excluding tag and length */
+        EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
+
+        if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
+
+        if (serialNumber)
+                {
+                ASN1_INTEGER_free(cid->serialNumber);
+                if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+                }
+        return cid;
+digerr:
+        OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+err:
+        if (cid) OCSP_CERTID_free(cid);
+        return NULL;
+        }
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+        {
+        int ret;
+        ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+        if (ret) return ret;
+        ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
+        if (ret) return ret;
+        return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
+        }
+
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+        {
+        int ret;
+        ret = OCSP_id_issuer_cmp(a, b);
+        if (ret) return ret;
+        return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
+        }
+
+
+/* Parse a URL and split it up into host, port and path components and whether
+ * it is SSL.
+ */
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
+        {
+        char *p, *buf;
+
+        char *host, *port;
+
+        /* dup the buffer since we are going to mess with it */
+        buf = BUF_strdup(url);
+        if (!buf) goto mem_err;
+
+        *phost = NULL;
+        *pport = NULL;
+        *ppath = NULL;
+
+        /* Check for initial colon */
+        p = strchr(buf, ':');
+
+        if (!p) goto parse_err;
+
+        *(p++) = '\0';
+
+        if (!strcmp(buf, "http"))
+                {
+                *pssl = 0;
+                port = "80";
+                }
+        else if (!strcmp(buf, "https"))
+                {
+                *pssl = 1;
+                port = "443";
+                }
+        else
+                goto parse_err;
+
+        /* Check for double slash */
+        if ((p[0] != '/') || (p[1] != '/'))
+                goto parse_err;
+
+        p += 2;
+
+        host = p;
+
+        /* Check for trailing part of path */
+
+        p = strchr(p, '/');
+
+        if (!p) 
+                *ppath = BUF_strdup("/");
+        else
+                {
+                *ppath = BUF_strdup(p);
+                /* Set start of path to 0 so hostname is valid */
+                *p = '\0';
+                }
+
+        if (!*ppath) goto mem_err;
+
+        /* Look for optional ':' for port number */
+        if ((p = strchr(host, ':')))
+                {
+                *p = 0;
+                port = p + 1;
+                }
+        else
+                {
+                /* Not found: set default port */
+                if (*pssl) port = "443";
+                else port = "80";
+                }
+
+        *pport = BUF_strdup(port);
+        if (!*pport) goto mem_err;
+
+        *phost = BUF_strdup(host);
+
+        if (!*phost) goto mem_err;
+
+        OPENSSL_free(buf);
+
+        return 1;
+
+        mem_err:
+        OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+        goto err;
+
+        parse_err:
+        OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+
+        err:
+        if (buf) OPENSSL_free(buf);
+        if (*ppath) OPENSSL_free(*ppath);
+        if (*pport) OPENSSL_free(*pport);
+        if (*phost) OPENSSL_free(*phost);
+        return 0;
+
+        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
new file mode 100644
index 0000000000..4b7bc28769
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -0,0 +1,291 @@
+/* ocsp_prn.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
+        {
+        BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+        indent += 2;
+        BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+        i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+        BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+        i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+        BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+        i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+        BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+        i2a_ASN1_INTEGER(bp, a->serialNumber);
+        BIO_printf(bp, "\n");
+        return 1;
+        }
+
+typedef struct
+        {
+        long t;
+        char *m;
+        } OCSP_TBLSTR;
+
+static char *table2string(long s, OCSP_TBLSTR *ts, int len)
+{
+        OCSP_TBLSTR *p;
+        for (p=ts; p < ts + len; p++)
+                if (p->t == s)
+                         return p->m;
+        return "(UNKNOWN)";
+}
+
+char *OCSP_response_status_str(long s)
+        {
+        static OCSP_TBLSTR rstat_tbl[] = {
+                { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
+                { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
+                { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
+                { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
+                { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
+                { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };
+        return table2string(s, rstat_tbl, 6);
+        } 
+
+char *OCSP_cert_status_str(long s)
+        {
+        static OCSP_TBLSTR cstat_tbl[] = {
+                { V_OCSP_CERTSTATUS_GOOD, "good" },
+                { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
+                { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
+        return table2string(s, cstat_tbl, 3);
+        } 
+
+char *OCSP_crl_reason_str(long s)
+        {
+        OCSP_TBLSTR reason_tbl[] = {
+          { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
+          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
+          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
+          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
+          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
+          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
+          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
+          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };
+        return table2string(s, reason_tbl, 8);
+        } 
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
+        {
+        int i;
+        long l;
+        OCSP_CERTID* cid = NULL;
+        OCSP_ONEREQ *one = NULL;
+        OCSP_REQINFO *inf = o->tbsRequest;
+        OCSP_SIGNATURE *sig = o->optionalSignature;
+
+        if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
+        l=ASN1_INTEGER_get(inf->version);
+        if (BIO_printf(bp,"    Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
+        if (inf->requestorName != NULL)
+                {
+                if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
+                        goto err;
+                GENERAL_NAME_print(bp, inf->requestorName);
+                }
+        if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
+        for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
+                {
+                one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+                cid = one->reqCert;
+                ocsp_certid_print(bp, cid, 8);
+                if (!X509V3_extensions_print(bp,
+                                        "Request Single Extensions",
+                                        one->singleRequestExtensions, flags, 8))
+                                                        goto err;
+                }
+        if (!X509V3_extensions_print(bp, "Request Extensions",
+                        inf->requestExtensions, flags, 4))
+                                                        goto err;
+        if (sig)
+                {
+                X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+                for (i=0; i<sk_X509_num(sig->certs); i++)
+                        {
+                        X509_print(bp, sk_X509_value(sig->certs,i));
+                        PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
+                        }
+                }
+        return 1;
+err:
+        return 0;
+        }
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
+        {
+        int i, ret = 0;
+        long l;
+        unsigned char *p;
+        OCSP_CERTID *cid = NULL;
+        OCSP_BASICRESP *br = NULL;
+        OCSP_RESPID *rid = NULL;
+        OCSP_RESPDATA  *rd = NULL;
+        OCSP_CERTSTATUS *cst = NULL;
+        OCSP_REVOKEDINFO *rev = NULL;
+        OCSP_SINGLERESP *single = NULL;
+        OCSP_RESPBYTES *rb = o->responseBytes;
+
+        if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
+        l=ASN1_ENUMERATED_get(o->responseStatus);
+        if (BIO_printf(bp,"    OCSP Response Status: %s (0x%x)\n",
+                       OCSP_response_status_str(l), l) <= 0) goto err;
+        if (rb == NULL) return 1;
+        if (BIO_puts(bp,"    Response Type: ") <= 0)
+                goto err;
+        if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+                goto err;
+        if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
+                {
+                BIO_puts(bp," (unknown response type)\n");
+                return 1;
+                }
+
+        p = ASN1_STRING_data(rb->response);
+        i = ASN1_STRING_length(rb->response);
+        if (!(br = OCSP_response_get1_basic(o))) goto err;
+        rd = br->tbsResponseData;
+        l=ASN1_INTEGER_get(rd->version);
+        if (BIO_printf(bp,"\n    Version: %lu (0x%lx)\n",
+                       l+1,l) <= 0) goto err;
+        if (BIO_puts(bp,"    Responder Id: ") <= 0) goto err;
+
+        rid =  rd->responderId;
+        switch (rid->type)
+                {
+                case V_OCSP_RESPID_NAME:
+                        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+                        break;
+                case V_OCSP_RESPID_KEY:
+                        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+                        break;
+                }
+
+        if (BIO_printf(bp,"\n    Produced At: ")<=0) goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
+        if (BIO_printf(bp,"\n    Responses:\n") <= 0) goto err;
+        for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
+                {
+                if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
+                single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+                cid = single->certId;
+                if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
+                cst = single->certStatus;
+                if (BIO_printf(bp,"    Cert Status: %s",
+                               OCSP_cert_status_str(cst->type)) <= 0)
+                        goto err;
+                if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
+                        {
+                        rev = cst->value.revoked;
+                        if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) 
+                                goto err;
+                        if (!ASN1_GENERALIZEDTIME_print(bp, 
+                                                        rev->revocationTime)) 
+                                goto err;
+                        if (rev->revocationReason) 
+                                {
+                                l=ASN1_ENUMERATED_get(rev->revocationReason);
+                                if (BIO_printf(bp, 
+                                         "\n    Revocation Reason: %s (0x%x)",
+                                               OCSP_crl_reason_str(l), l) <= 0)
+                                        goto err;
+                                }
+                        }
+                if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;
+                if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 
+                        goto err;
+                if (single->nextUpdate)
+                        {
+                        if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;
+                        if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
+                                goto err;
+                        }
+                if (!BIO_write(bp,"\n",1)) goto err;
+                if (!X509V3_extensions_print(bp,
+                                        "Response Single Extensions",
+                                        single->singleExtensions, flags, 8))
+                                                        goto err;
+                if (!BIO_write(bp,"\n",1)) goto err;
+                }
+        if (!X509V3_extensions_print(bp, "Response Extensions",
+                                        rd->responseExtensions, flags, 4))
+        if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+                                                        goto err;
+
+        for (i=0; i<sk_X509_num(br->certs); i++)
+                {
+                X509_print(bp, sk_X509_value(br->certs,i));
+                PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+                }
+
+        ret = 1;
+err:
+        OCSP_BASICRESP_free(br);
+        return ret;
+        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c
new file mode 100644
index 0000000000..fffa134e75
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_srv.c
@@ -0,0 +1,264 @@
+/* ocsp_srv.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Utility functions related to sending OCSP responses and extracting
+ * relevant information from the request.
+ */
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req)
+        {
+        return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+        }
+
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+        {
+        return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+        }
+
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+        {
+        return one->reqCert;
+        }
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                        ASN1_OCTET_STRING **pikeyHash,
+                        ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+        {
+        if (!cid) return 0;
+        if (pmd) *pmd = cid->hashAlgorithm->algorithm;
+        if(piNameHash) *piNameHash = cid->issuerNameHash;
+        if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
+        if (pserial) *pserial = cid->serialNumber;
+        return 1;
+        }
+
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+        {
+        if(req->optionalSignature) return 1;
+        return 0;
+        }
+
+/* Create an OCSP response and encode an optional basic response */
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+        {
+        OCSP_RESPONSE *rsp = NULL;
+
+        if (!(rsp = OCSP_RESPONSE_new())) goto err;
+        if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
+        if (!bs) return rsp;
+        if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
+        rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+        if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+                                goto err;
+        return rsp;
+err:
+        if (rsp) OCSP_RESPONSE_free(rsp);
+        return NULL;
+        }
+
+
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                                OCSP_CERTID *cid,
+                                                int status, int reason,
+                                                ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd, ASN1_TIME *nextupd)
+        {
+        OCSP_SINGLERESP *single = NULL;
+        OCSP_CERTSTATUS *cs;
+        OCSP_REVOKEDINFO *ri;
+
+        if(!rsp->tbsResponseData->responses &&
+            !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
+                goto err;
+
+        if (!(single = OCSP_SINGLERESP_new()))
+                goto err;
+
+
+
+        if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+                goto err;
+        if (nextupd &&
+                !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+                goto err;
+
+        OCSP_CERTID_free(single->certId);
+
+        if(!(single->certId = OCSP_CERTID_dup(cid)))
+                goto err;
+
+        cs = single->certStatus;
+        switch(cs->type = status)
+                {
+        case V_OCSP_CERTSTATUS_REVOKED:
+                if (!revtime)
+                        {
+                        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
+                        goto err;
+                        }
+                if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
+                if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+                        goto err;       
+                if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
+                        {
+                        if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
+                                goto err;
+                        if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
+                                                  reason)))
+                                goto err;       
+                        }
+                break;
+
+        case V_OCSP_CERTSTATUS_GOOD:
+                cs->value.good = ASN1_NULL_new();
+                break;
+
+        case V_OCSP_CERTSTATUS_UNKNOWN:
+                cs->value.unknown = ASN1_NULL_new();
+                break;
+
+        default:
+                goto err;
+
+                }
+        if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+                goto err;
+        return single;
+err:
+        OCSP_SINGLERESP_free(single);
+        return NULL;
+        }
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+        {
+        if (!resp->certs && !(resp->certs = sk_X509_new_null()))
+                return 0;
+
+        if(!sk_X509_push(resp->certs, cert)) return 0;
+        CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+        return 1;
+        }
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
+                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                        STACK_OF(X509) *certs, unsigned long flags)
+        {
+        int i;
+        OCSP_RESPID *rid;
+
+        if (!X509_check_private_key(signer, key))
+                {
+                OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                goto err;
+                }
+
+        if(!(flags & OCSP_NOCERTS))
+                {
+                if(!OCSP_basic_add1_cert(brsp, signer))
+                        goto err;
+                for (i = 0; i < sk_X509_num(certs); i++)
+                        {
+                        X509 *tmpcert = sk_X509_value(certs, i);
+                        if(!OCSP_basic_add1_cert(brsp, tmpcert))
+                                goto err;
+                        }
+                }
+
+        rid = brsp->tbsResponseData->responderId;
+        if (flags & OCSP_RESPID_KEY)
+                {
+                unsigned char md[SHA_DIGEST_LENGTH];
+                X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
+                if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
+                        goto err;
+                if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
+                                goto err;
+                rid->type = V_OCSP_RESPID_KEY;
+                }
+        else
+                {
+                if (!X509_NAME_set(&rid->value.byName,
+                                        X509_get_subject_name(signer)))
+                                goto err;
+                rid->type = V_OCSP_RESPID_NAME;
+                }
+
+        if (!(flags & OCSP_NOTIME) &&
+                !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+                goto err;
+
+        /* Right now, I think that not doing double hashing is the right
+           thing.       -- Richard Levitte */
+
+        if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
+
+        return 1;
+err:
+        return 0;
+        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
new file mode 100644
index 0000000000..3d58dfb06c
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -0,0 +1,444 @@
+/* ocsp_vfy.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <string.h>
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags);
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_delegated(X509 *x, int flags);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags);
+
+/* Verify a basic response message */
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags)
+        {
+        X509 *signer, *x;
+        STACK_OF(X509) *chain = NULL;
+        X509_STORE_CTX ctx;
+        int i, ret = 0;
+        ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+        if (!ret)
+                {
+                OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+                goto end;
+                }
+        if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+                flags |= OCSP_NOVERIFY;
+        if (!(flags & OCSP_NOSIGS))
+                {
+                EVP_PKEY *skey;
+                skey = X509_get_pubkey(signer);
+                ret = OCSP_BASICRESP_verify(bs, skey, 0);
+                EVP_PKEY_free(skey);
+                if(ret <= 0)
+                        {
+                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+                        goto end;
+                        }
+                }
+        if (!(flags & OCSP_NOVERIFY))
+                {
+                int init_res;
+                if(flags & OCSP_NOCHAIN)
+                        init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
+                else
+                        init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+                if(!init_res)
+                        {
+                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+                        goto end;
+                        }
+
+                X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+                ret = X509_verify_cert(&ctx);
+                chain = X509_STORE_CTX_get1_chain(&ctx);
+                X509_STORE_CTX_cleanup(&ctx);
+                if (ret <= 0)
+                        {
+                        i = X509_STORE_CTX_get_error(&ctx);     
+                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
+                        ERR_add_error_data(2, "Verify error:",
+                                        X509_verify_cert_error_string(i));
+                        goto end;
+                        }
+                if(flags & OCSP_NOCHECKS)
+                        {
+                        ret = 1;
+                        goto end;
+                        }
+                /* At this point we have a valid certificate chain
+                 * need to verify it against the OCSP issuer criteria.
+                 */
+                ret = ocsp_check_issuer(bs, chain, flags);
+
+                /* If fatal error or valid match then finish */
+                if (ret != 0) goto end;
+
+                /* Easy case: explicitly trusted. Get root CA and
+                 * check for explicit trust
+                 */
+                if(flags & OCSP_NOEXPLICIT) goto end;
+
+                x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+                if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
+                        {
+                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
+                        goto end;
+                        }
+                ret = 1;
+                }
+
+
+
+        end:
+        if(chain) sk_X509_pop_free(chain, X509_free);
+        return ret;
+        }
+
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags)
+        {
+        X509 *signer;
+        OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+        if ((signer = ocsp_find_signer_sk(certs, rid)))
+                {
+                *psigner = signer;
+                return 2;
+                }
+        if(!(flags & OCSP_NOINTERN) &&
+            (signer = ocsp_find_signer_sk(bs->certs, rid)))
+                {
+                *psigner = signer;
+                return 1;
+                }
+        /* Maybe lookup from store if by subject name */
+
+        *psigner = NULL;
+        return 0;
+        }
+
+
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+        {
+        int i;
+        unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+        X509 *x;
+
+        /* Easy if lookup by name */
+        if (id->type == V_OCSP_RESPID_NAME)
+                return X509_find_by_subject(certs, id->value.byName);
+
+        /* Lookup by key hash */
+
+        /* If key hash isn't SHA1 length then forget it */
+        if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
+        keyhash = id->value.byKey->data;
+        /* Calculate hash of each key and compare */
+        for (i = 0; i < sk_X509_num(certs); i++)
+                {
+                x = sk_X509_value(certs, i);
+                X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+                if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+                        return x;
+                }
+        return NULL;
+        }
+
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
+        {
+        STACK_OF(OCSP_SINGLERESP) *sresp;
+        X509 *signer, *sca;
+        OCSP_CERTID *caid = NULL;
+        int i;
+        sresp = bs->tbsResponseData->responses;
+
+        if (sk_X509_num(chain) <= 0)
+                {
+                OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+                return -1;
+                }
+
+        /* See if the issuer IDs match. */
+        i = ocsp_check_ids(sresp, &caid);
+
+        /* If ID mismatch or other error then return */
+        if (i <= 0) return i;
+
+        signer = sk_X509_value(chain, 0);
+        /* Check to see if OCSP responder CA matches request CA */
+        if (sk_X509_num(chain) > 1)
+                {
+                sca = sk_X509_value(chain, 1);
+                i = ocsp_match_issuerid(sca, caid, sresp);
+                if (i < 0) return i;
+                if (i)
+                        {
+                        /* We have a match, if extensions OK then success */
+                        if (ocsp_check_delegated(signer, flags)) return 1;
+                        return 0;
+                        }
+                }
+
+        /* Otherwise check if OCSP request signed directly by request CA */
+        return ocsp_match_issuerid(signer, caid, sresp);
+        }
+
+
+/* Check the issuer certificate IDs for equality. If there is a mismatch with the same
+ * algorithm then there's no point trying to match any certificates against the issuer.
+ * If the issuer IDs all match then we just need to check equality against one of them.
+ */
+        
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
+        {
+        OCSP_CERTID *tmpid, *cid;
+        int i, idcount;
+
+        idcount = sk_OCSP_SINGLERESP_num(sresp);
+        if (idcount <= 0)
+                {
+                OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+                return -1;
+                }
+
+        cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+        *ret = NULL;
+
+        for (i = 1; i < idcount; i++)
+                {
+                tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+                /* Check to see if IDs match */
+                if (OCSP_id_issuer_cmp(cid, tmpid))
+                        {
+                        /* If algoritm mismatch let caller deal with it */
+                        if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
+                                        cid->hashAlgorithm->algorithm))
+                                        return 2;
+                        /* Else mismatch */
+                        return 0;
+                        }
+                }
+
+        /* All IDs match: only need to check one ID */
+        *ret = cid;
+        return 1;
+        }
+
+
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                        STACK_OF(OCSP_SINGLERESP) *sresp)
+        {
+        /* If only one ID to match then do it */
+        if(cid)
+                {
+                const EVP_MD *dgst;
+                X509_NAME *iname;
+                int mdlen;
+                unsigned char md[EVP_MAX_MD_SIZE];
+                if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
+                        {
+                        OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+                        return -1;
+                        }
+
+                mdlen = EVP_MD_size(dgst);
+                if ((cid->issuerNameHash->length != mdlen) ||
+                   (cid->issuerKeyHash->length != mdlen))
+                        return 0;
+                iname = X509_get_subject_name(cert);
+                if (!X509_NAME_digest(iname, dgst, md, NULL))
+                        return -1;
+                if (memcmp(md, cid->issuerNameHash->data, mdlen))
+                        return 0;
+                X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+                if (memcmp(md, cid->issuerKeyHash->data, mdlen))
+                        return 0;
+
+                return 1;
+
+                }
+        else
+                {
+                /* We have to match the whole lot */
+                int i, ret;
+                OCSP_CERTID *tmpid;
+                for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
+                        {
+                        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+                        ret = ocsp_match_issuerid(cert, tmpid, NULL);
+                        if (ret <= 0) return ret;
+                        }
+                return 1;
+                }
+                        
+        }
+
+static int ocsp_check_delegated(X509 *x, int flags)
+        {
+        X509_check_purpose(x, -1, 0);
+        if ((x->ex_flags & EXFLAG_XKUSAGE) &&
+            (x->ex_xkusage & XKU_OCSP_SIGN))
+                return 1;
+        OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+        return 0;
+        }
+
+/* Verify an OCSP request. This is fortunately much easier than OCSP
+ * response verify. Just find the signers certificate and verify it
+ * against a given trust value.
+ */
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
+        {
+        X509 *signer;
+        X509_NAME *nm;
+        GENERAL_NAME *gen;
+        int ret;
+        X509_STORE_CTX ctx;
+        if (!req->optionalSignature) 
+                {
+                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+                return 0;
+                }
+        gen = req->tbsRequest->requestorName;
+        if (gen->type != GEN_DIRNAME)
+                {
+                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+                return 0;
+                }
+        nm = gen->d.directoryName;
+        ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+        if (ret <= 0)
+                {
+                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+                return 0;
+                }
+        if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+                flags |= OCSP_NOVERIFY;
+        if (!(flags & OCSP_NOSIGS))
+                {
+                EVP_PKEY *skey;
+                skey = X509_get_pubkey(signer);
+                ret = OCSP_REQUEST_verify(req, skey);
+                EVP_PKEY_free(skey);
+                if(ret <= 0)
+                        {
+                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+                        return 0;
+                        }
+                }
+        if (!(flags & OCSP_NOVERIFY))
+                {
+                int init_res;
+                if(flags & OCSP_NOCHAIN)
+                        init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
+                else
+                        init_res = X509_STORE_CTX_init(&ctx, store, signer,
+                                        req->optionalSignature->certs);
+                if(!init_res)
+                        {
+                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
+                        return 0;
+                        }
+
+                X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+                X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
+                ret = X509_verify_cert(&ctx);
+                X509_STORE_CTX_cleanup(&ctx);
+                if (ret <= 0)
+                        {
+                        ret = X509_STORE_CTX_get_error(&ctx);   
+                        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
+                        ERR_add_error_data(2, "Verify error:",
+                                        X509_verify_cert_error_string(ret));
+                        return 0;
+                        }
+                }
+        return 1;
+        }
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags)
+        {
+        X509 *signer;
+        if(!(flags & OCSP_NOINTERN))
+                {
+                signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+                *psigner = signer;
+                return 1;
+                }
+
+        signer = X509_find_by_subject(certs, nm);
+        if (signer)
+                {
+                *psigner = signer;
+                return 2;
+                }
+        return 0;
+        }
diff --git a/src/lib/libcrypto/opensslconf.h b/src/lib/libcrypto/opensslconf.h
deleted file mode 100644
index 492041bc7c..0000000000
--- a/src/lib/libcrypto/opensslconf.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
new file mode 100644
index 0000000000..5d5f688edd
--- /dev/null
+++ b/src/lib/libcrypto/opensslv.h
@@ -0,0 +1,89 @@
+#ifndef HEADER_OPENSSLV_H
+#define HEADER_OPENSSLV_H
+
+/* Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release.  The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev      0x00903000
+ * 0.9.3-beta1    0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
+ * 0.9.3          0x0090300f
+ * 0.9.3a         0x0090301f
+ * 0.9.4          0x0090400f
+ * 1.2.3z         0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit.  This means
+ * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ *  major minor fix final patch/beta)
+ */
+#define OPENSSL_VERSION_NUMBER  0x0090707fL
+#ifdef OPENSSL_FIPS
+#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7g-fips 11 Apr 2005"
+#else
+#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7g 11 Apr 2005"
+#endif
+#define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
+
+
+/* The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning.  That kind of versioning works a bit differently between
+ * operating systems.  The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time.  With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ *      libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major verson number only:
+ *
+ *      libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons.  The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time.  When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired.  However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string.  Consecutive builds would
+ * give the following versions strings:
+ *
+ *      3.0
+ *      3.0:3.1
+ *      3.0:3.1:3.2
+ *      4.0
+ *      4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+#define SHLIB_VERSION_HISTORY ""
+#define SHLIB_VERSION_NUMBER "0.9.7"
+
+
+#endif /* HEADER_OPENSSLV_H */
diff --git a/src/lib/libcrypto/ossl_typ.h b/src/lib/libcrypto/ossl_typ.h
new file mode 100644
index 0000000000..285fd0b1d9
--- /dev/null
+++ b/src/lib/libcrypto/ossl_typ.h
@@ -0,0 +1,122 @@
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OPENSSL_TYPES_H
+#define HEADER_OPENSSL_TYPES_H
+
+#include <openssl/e_os2.h>
+
+#ifdef NO_ASN1_TYPEDEFS
+#define ASN1_INTEGER            ASN1_STRING
+#define ASN1_ENUMERATED         ASN1_STRING
+#define ASN1_BIT_STRING         ASN1_STRING
+#define ASN1_OCTET_STRING       ASN1_STRING
+#define ASN1_PRINTABLESTRING    ASN1_STRING
+#define ASN1_T61STRING          ASN1_STRING
+#define ASN1_IA5STRING          ASN1_STRING
+#define ASN1_UTCTIME            ASN1_STRING
+#define ASN1_GENERALIZEDTIME    ASN1_STRING
+#define ASN1_TIME               ASN1_STRING
+#define ASN1_GENERALSTRING      ASN1_STRING
+#define ASN1_UNIVERSALSTRING    ASN1_STRING
+#define ASN1_BMPSTRING          ASN1_STRING
+#define ASN1_VISIBLESTRING      ASN1_STRING
+#define ASN1_UTF8STRING         ASN1_STRING
+#define ASN1_BOOLEAN            int
+#define ASN1_NULL               int
+#else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef int ASN1_BOOLEAN;
+typedef int ASN1_NULL;
+#endif
+
+#ifdef OPENSSL_SYS_WIN32
+#undef X509_NAME
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+typedef struct env_md_st EVP_MD;
+typedef struct env_md_ctx_st EVP_MD_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+typedef struct x509_st X509;
+typedef struct X509_algor_st X509_ALGOR;
+typedef struct X509_crl_st X509_CRL;
+typedef struct X509_name_st X509_NAME;
+typedef struct x509_store_st X509_STORE;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
+
+typedef struct engine_st ENGINE;
+
+  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
+#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
+#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
+
+#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/src/lib/libcrypto/pem/Makefile.ssl b/src/lib/libcrypto/pem/Makefile.ssl
new file mode 100644
index 0000000000..d3043eb401
--- /dev/null
+++ b/src/lib/libcrypto/pem/Makefile.ssl
@@ -0,0 +1,336 @@
+#
+# SSLeay/crypto/pem/Makefile
+#
+
+DIR=    pem
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
+
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
+        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= pem.h pem2.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links: $(EXHEADER)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pem_all.o: ../../e_os.h ../../include/openssl/aes.h
+pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pem_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: pem_err.c
+pem_info.o: ../../e_os.h ../../include/openssl/aes.h
+pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h pem_info.c
+pem_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
+pem_oth.o: ../../e_os.h ../../include/openssl/aes.h
+pem_oth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_oth.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_oth.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_oth.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_oth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_oth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_oth.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_oth.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_oth.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_oth.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_oth.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../cryptlib.h pem_oth.c
+pem_pk8.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pk8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pk8.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pk8.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pk8.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pk8.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pk8.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pk8.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pk8.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pk8.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_pk8.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_pk8.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_pk8.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_pk8.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
+pem_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pkey.o: ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pkey.o: ../cryptlib.h pem_pkey.c
+pem_seal.o: ../../e_os.h ../../include/openssl/aes.h
+pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_seal.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_seal.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_seal.o: ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c
+pem_sign.o: ../../e_os.h ../../include/openssl/aes.h
+pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_sign.o: ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_sign.c
+pem_x509.o: ../../e_os.h ../../include/openssl/aes.h
+pem_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_x509.o: ../cryptlib.h pem_x509.c
+pem_xaux.o: ../../e_os.h ../../include/openssl/aes.h
+pem_xaux.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_xaux.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_xaux.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_xaux.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_xaux.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_xaux.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_xaux.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_xaux.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_xaux.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_xaux.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_xaux.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_xaux.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_xaux.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_xaux.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_xaux.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_xaux.o: ../cryptlib.h pem_xaux.c
diff --git a/src/lib/libcrypto/pem/message b/src/lib/libcrypto/pem/message
new file mode 100644
index 0000000000..e8bf9d7592
--- /dev/null
+++ b/src/lib/libcrypto/pem/message
@@ -0,0 +1,16 @@
+-----BEGIN PRIVACY-ENHANCED MESSAGE-----
+Proc-Type: 4,ENCRYPTED
+Proc-Type: 4,MIC-ONLY
+Proc-Type: 4,MIC-CLEAR
+Content-Domain: RFC822
+DEK-Info: DES-CBC,0123456789abcdef
+Originator-Certificate
+ xxxx
+Issuer-Certificate
+ xxxx
+MIC-Info: RSA-MD5,RSA,
+ xxxx
+
+
+-----END PRIVACY-ENHANCED MESSAGE-----
+
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
new file mode 100644
index 0000000000..d330cbf9a3
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem.h
@@ -0,0 +1,672 @@
+/* crypto/pem/pem.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_PEM_H
+#define HEADER_PEM_H
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_STACK
+#include <openssl/stack.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem2.h>
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define PEM_BUFSIZE             1024
+
+#define PEM_OBJ_UNDEF           0
+#define PEM_OBJ_X509            1
+#define PEM_OBJ_X509_REQ        2
+#define PEM_OBJ_CRL             3
+#define PEM_OBJ_SSL_SESSION     4
+#define PEM_OBJ_PRIV_KEY        10
+#define PEM_OBJ_PRIV_RSA        11
+#define PEM_OBJ_PRIV_DSA        12
+#define PEM_OBJ_PRIV_DH         13
+#define PEM_OBJ_PUB_RSA         14
+#define PEM_OBJ_PUB_DSA         15
+#define PEM_OBJ_PUB_DH          16
+#define PEM_OBJ_DHPARAMS        17
+#define PEM_OBJ_DSAPARAMS       18
+#define PEM_OBJ_PRIV_RSA_PUBLIC 19
+
+#define PEM_ERROR               30
+#define PEM_DEK_DES_CBC         40
+#define PEM_DEK_IDEA_CBC        45
+#define PEM_DEK_DES_EDE         50
+#define PEM_DEK_DES_ECB         60
+#define PEM_DEK_RSA             70
+#define PEM_DEK_RSA_MD2         80
+#define PEM_DEK_RSA_MD5         90
+
+#define PEM_MD_MD2              NID_md2
+#define PEM_MD_MD5              NID_md5
+#define PEM_MD_SHA              NID_sha
+#define PEM_MD_MD2_RSA          NID_md2WithRSAEncryption
+#define PEM_MD_MD5_RSA          NID_md5WithRSAEncryption
+#define PEM_MD_SHA_RSA          NID_sha1WithRSAEncryption
+
+#define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
+#define PEM_STRING_X509         "CERTIFICATE"
+#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
+#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
+#define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
+#define PEM_STRING_X509_CRL     "X509 CRL"
+#define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
+#define PEM_STRING_PUBLIC       "PUBLIC KEY"
+#define PEM_STRING_RSA          "RSA PRIVATE KEY"
+#define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
+#define PEM_STRING_DSA          "DSA PRIVATE KEY"
+#define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
+#define PEM_STRING_PKCS7        "PKCS7"
+#define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
+#define PEM_STRING_PKCS8INF     "PRIVATE KEY"
+#define PEM_STRING_DHPARAMS     "DH PARAMETERS"
+#define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
+#define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
+
+  /* Note that this structure is initialised by PEM_SealInit and cleaned up
+     by PEM_SealFinal (at least for now) */
+typedef struct PEM_Encode_Seal_st
+        {
+        EVP_ENCODE_CTX encode;
+        EVP_MD_CTX md;
+        EVP_CIPHER_CTX cipher;
+        } PEM_ENCODE_SEAL_CTX;
+
+/* enc_type is one off */
+#define PEM_TYPE_ENCRYPTED      10
+#define PEM_TYPE_MIC_ONLY       20
+#define PEM_TYPE_MIC_CLEAR      30
+#define PEM_TYPE_CLEAR          40
+
+typedef struct pem_recip_st
+        {
+        char *name;
+        X509_NAME *dn;
+
+        int cipher;
+        int key_enc;
+        /*      char iv[8]; unused and wrong size */
+        } PEM_USER;
+
+typedef struct pem_ctx_st
+        {
+        int type;               /* what type of object */
+
+        struct  {
+                int version;    
+                int mode;               
+                } proc_type;
+
+        char *domain;
+
+        struct  {
+                int cipher;
+        /* unused, and wrong size
+           unsigned char iv[8]; */
+                } DEK_info;
+                
+        PEM_USER *originator;
+
+        int num_recipient;
+        PEM_USER **recipient;
+
+#ifndef OPENSSL_NO_STACK
+        STACK *x509_chain;      /* certificate chain */
+#else
+        char *x509_chain;       /* certificate chain */
+#endif
+        EVP_MD *md;             /* signature type */
+
+        int md_enc;             /* is the md encrypted or not? */
+        int md_len;             /* length of md_data */
+        char *md_data;          /* message digest, could be pkey encrypted */
+
+        EVP_CIPHER *dec;        /* date encryption cipher */
+        int key_len;            /* key length */
+        unsigned char *key;     /* key */
+        /* unused, and wrong size
+           unsigned char iv[8]; */
+
+        
+        int  data_enc;          /* is the data encrypted */
+        int data_len;
+        unsigned char *data;
+        } PEM_CTX;
+
+/* These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either:
+ * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ */
+
+#ifdef OPENSSL_NO_FP_API
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+
+#else
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
+        cb,u)); \
+} \
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
+                                                         NULL,NULL,0,NULL,NULL)); \
+} 
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
+        }
+
+#endif
+
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
+                                                        (char **)x,cb,u)); \
+}
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
+                                                         NULL,NULL,0,NULL,NULL)); \
+}
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
+        }
+
+#define IMPLEMENT_PEM_write(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write(name, type, str, asn1)
+
+#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
+
+#define DECLARE_PEM_read_fp(name, type) /**/
+#define DECLARE_PEM_write_fp(name, type) /**/
+#define DECLARE_PEM_write_cb_fp(name, type) /**/
+
+#else
+
+#define DECLARE_PEM_read_fp(name, type) \
+        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x);
+
+#define DECLARE_PEM_write_cb_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#define DECLARE_PEM_read_bio(name, type) \
+        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x);
+
+#define DECLARE_PEM_write_cb_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#else
+
+#define DECLARE_PEM_read_bio(name, type) /**/
+#define DECLARE_PEM_write_bio(name, type) /**/
+#define DECLARE_PEM_write_cb_bio(name, type) /**/
+
+#endif
+
+#define DECLARE_PEM_write(name, type) \
+        DECLARE_PEM_write_bio(name, type) \
+        DECLARE_PEM_write_fp(name, type) 
+
+#define DECLARE_PEM_write_cb(name, type) \
+        DECLARE_PEM_write_cb_bio(name, type) \
+        DECLARE_PEM_write_cb_fp(name, type) 
+
+#define DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_read_bio(name, type) \
+        DECLARE_PEM_read_fp(name, type)
+
+#define DECLARE_PEM_rw(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write(name, type)
+
+#define DECLARE_PEM_rw_cb(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_cb(name, type)
+
+#ifdef SSLEAY_MACROS
+
+#define PEM_write_SSL_SESSION(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+                        PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_X509(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
+                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
+                        NULL,NULL,0,NULL,NULL)
+#define PEM_write_X509_CRL(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
+                        fp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
+                PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
+                        (char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_RSAPublicKey(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
+                        PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
+                PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
+                        (char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
+                PEM_ASN1_write((int (*)())i2d_PrivateKey,\
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+                        bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_PKCS7(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_DHparams(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
+                        (char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+                        PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
+#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
+#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
+#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
+#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
+#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
+#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
+#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
+#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
+
+#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
+                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
+                                                        (char **)x,cb,u)
+
+#define PEM_write_bio_SSL_SESSION(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
+                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_X509(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
+                (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
+                        NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_X509_CRL(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
+                        bp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
+                PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
+                        bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_bio_RSAPublicKey(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
+                        PEM_STRING_RSA_PUBLIC,\
+                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
+                PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
+                        bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
+                PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+                        bp,(char *)x,enc,kstr,klen,cb,u)
+#define PEM_write_bio_PKCS7(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_DHparams(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
+                        bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define PEM_write_bio_DSAparams(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
+                        PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+                        PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
+#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
+#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
+#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
+#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
+#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
+#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
+#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
+                (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
+                                                        (char **)x,cb,u)
+
+#endif
+
+#if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
+#else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb(char *buf, int size, int rwflag);
+#endif
+
+int     PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int     PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
+        pem_password_cb *callback,void *u);
+
+#ifndef OPENSSL_NO_BIO
+int     PEM_read_bio(BIO *bp, char **name, char **header,
+                unsigned char **data,long *len);
+int     PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
+                long len);
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+             pem_password_cb *cb, void *u);
+char *  PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
+                pem_password_cb *cb, void *u);
+int     PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
+                           const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+                           pem_password_cb *cb, void *u);
+STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
+int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
+                unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
+#endif
+
+#ifndef OPENSSL_SYS_WIN16
+int     PEM_read(FILE *fp, char **name, char **header,
+                unsigned char **data,long *len);
+int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
+char *  PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
+        pem_password_cb *cb, void *u);
+int     PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
+                       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+                       pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+        pem_password_cb *cb, void *u);
+#endif
+
+int     PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
+                EVP_MD *md_type, unsigned char **ek, int *ekl,
+                unsigned char *iv, EVP_PKEY **pubk, int npubk);
+void    PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+                unsigned char *in, int inl);
+int     PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
+                unsigned char *out, int *outl, EVP_PKEY *priv);
+
+void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
+int     PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                unsigned int *siglen, EVP_PKEY *pkey);
+
+int     PEM_def_callback(char *buf, int num, int w, void *key);
+void    PEM_proc_type(char *buf, int type);
+void    PEM_dek_info(char *buf, const char *type, int len, char *str);
+
+#ifndef SSLEAY_MACROS
+
+#include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+
+DECLARE_PEM_rw(X509_AUX, X509)
+
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+
+DECLARE_PEM_rw(PKCS7, PKCS7)
+
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+#ifndef OPENSSL_NO_RSA
+
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+
+DECLARE_PEM_rw(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+
+#endif
+
+#ifndef OPENSSL_NO_DSA
+
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
+
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+
+DECLARE_PEM_rw(DSAparams, DSA)
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+DECLARE_PEM_rw(DHparams, DH)
+
+#endif
+
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
+                              char *kstr,int klen, pem_password_cb *cd, void *u);
+
+#endif /* SSLEAY_MACROS */
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PEM_strings(void);
+
+/* Error codes for the PEM functions. */
+
+/* Function codes. */
+#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
+#define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+#define PEM_F_DEF_CALLBACK                               100
+#define PEM_F_LOAD_IV                                    101
+#define PEM_F_PEM_ASN1_READ                              102
+#define PEM_F_PEM_ASN1_READ_BIO                          103
+#define PEM_F_PEM_ASN1_WRITE                             104
+#define PEM_F_PEM_ASN1_WRITE_BIO                         105
+#define PEM_F_PEM_DO_HEADER                              106
+#define PEM_F_PEM_F_DO_PK8KEY_FP                         122
+#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
+#define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
+#define PEM_F_PEM_READ                                   108
+#define PEM_F_PEM_READ_BIO                               109
+#define PEM_F_PEM_SEALFINAL                              110
+#define PEM_F_PEM_SEALINIT                               111
+#define PEM_F_PEM_SIGNFINAL                              112
+#define PEM_F_PEM_WRITE                                  113
+#define PEM_F_PEM_WRITE_BIO                              114
+#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY              119
+#define PEM_F_PEM_X509_INFO_READ                         115
+#define PEM_F_PEM_X509_INFO_READ_BIO                     116
+#define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
+
+/* Reason codes. */
+#define PEM_R_BAD_BASE64_DECODE                          100
+#define PEM_R_BAD_DECRYPT                                101
+#define PEM_R_BAD_END_LINE                               102
+#define PEM_R_BAD_IV_CHARS                               103
+#define PEM_R_BAD_PASSWORD_READ                          104
+#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+#define PEM_R_NOT_DEK_INFO                               105
+#define PEM_R_NOT_ENCRYPTED                              106
+#define PEM_R_NOT_PROC_TYPE                              107
+#define PEM_R_NO_START_LINE                              108
+#define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
+#define PEM_R_PUBLIC_KEY_NO_RSA                          110
+#define PEM_R_READ_KEY                                   111
+#define PEM_R_SHORT_HEADER                               112
+#define PEM_R_UNSUPPORTED_CIPHER                         113
+#define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h
new file mode 100644
index 0000000000..f31790d69c
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem2.h
@@ -0,0 +1,70 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This header only exists to break a circular dependency between pem and err
+ * Ben 30 Jan 1999.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef HEADER_PEM_H
+void ERR_load_PEM_strings(void);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
new file mode 100644
index 0000000000..07963314c9
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -0,0 +1,315 @@
+/* crypto/pem/pem_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/fips.h>
+
+#ifndef OPENSSL_NO_RSA
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
+#endif
+
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
+
+IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
+
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
+
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
+
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+                                        PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
+
+
+#ifndef OPENSSL_NO_RSA
+
+/* We treat RSA or DSA private keys as a special case.
+ *
+ * For private keys we read in an EVP_PKEY structure with
+ * PEM_read_bio_PrivateKey() and extract the relevant private
+ * key: this means can handle "traditional" and PKCS#8 formats
+ * transparently.
+ */
+
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+        RSA *rtmp;
+        if(!key) return NULL;
+        rtmp = EVP_PKEY_get1_RSA(key);
+        EVP_PKEY_free(key);
+        if(!rtmp) return NULL;
+        if(rsa) {
+                RSA_free(*rsa);
+                *rsa = rtmp;
+        }
+        return rtmp;
+}
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+        return pkey_get_rsa(pktmp, rsa);
+}
+
+#ifndef OPENSSL_NO_FP_API
+
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+        return pkey_get_rsa(pktmp, rsa);
+}
+
+#endif
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_RSA(k, x);
+
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+
+        EVP_PKEY_set1_RSA(k, x);
+
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+
+#else
+
+IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
+IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
+
+#endif
+
+#ifndef OPENSSL_NO_DSA
+
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+        DSA *dtmp;
+        if(!key) return NULL;
+        dtmp = EVP_PKEY_get1_DSA(key);
+        EVP_PKEY_free(key);
+        if(!dtmp) return NULL;
+        if(dsa) {
+                DSA_free(*dsa);
+                *dsa = dtmp;
+        }
+        return dtmp;
+}
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+        return pkey_get_dsa(pktmp, dsa);
+}
+
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_DSA(k, x);
+
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_DSA(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+
+#else
+
+IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
+IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+
+#ifndef OPENSSL_NO_FP_API
+
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
+                                                                void *u)
+{
+        EVP_PKEY *pktmp;
+        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+        return pkey_get_dsa(pktmp, dsa);
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+
+#endif
+
+
+/* The PrivateKey case is not that straightforward.
+ *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+ * does not work, RSA and DSA keys have specific strings.
+ * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
+ * appropriate.)
+ */
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        bp,(char *)x,enc,kstr,klen,cb,u);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_PKCS8PrivateKey(fp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        fp,(char *)x,enc,kstr,klen,cb,u);
+        }
+#endif
+
+#else
+
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
+
+#endif
+
+IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
+
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
new file mode 100644
index 0000000000..3b39b84d66
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -0,0 +1,131 @@
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA PEM_str_functs[]=
+        {
+{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0),   "d2i_PKCS8PrivateKey_bio"},
+{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0),    "d2i_PKCS8PrivateKey_fp"},
+{ERR_PACK(0,PEM_F_DEF_CALLBACK,0),      "DEF_CALLBACK"},
+{ERR_PACK(0,PEM_F_LOAD_IV,0),   "LOAD_IV"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0),     "PEM_ASN1_read"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0),    "PEM_ASN1_write"},
+{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0),        "PEM_ASN1_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0),     "PEM_do_header"},
+{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0),        "PEM_F_DO_PK8KEY_FP"},
+{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0),   "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
+{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0),   "PEM_get_EVP_CIPHER_INFO"},
+{ERR_PACK(0,PEM_F_PEM_READ,0),  "PEM_read"},
+{ERR_PACK(0,PEM_F_PEM_READ_BIO,0),      "PEM_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0),     "PEM_SealFinal"},
+{ERR_PACK(0,PEM_F_PEM_SEALINIT,0),      "PEM_SealInit"},
+{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0),     "PEM_SignFinal"},
+{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0),     "PEM_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0),     "PEM_write_bio_PKCS8PrivateKey"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0),        "PEM_X509_INFO_read"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0),    "PEM_X509_INFO_read_bio"},
+{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0),   "PEM_X509_INFO_write_bio"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA PEM_str_reasons[]=
+        {
+{PEM_R_BAD_BASE64_DECODE                 ,"bad base64 decode"},
+{PEM_R_BAD_DECRYPT                       ,"bad decrypt"},
+{PEM_R_BAD_END_LINE                      ,"bad end line"},
+{PEM_R_BAD_IV_CHARS                      ,"bad iv chars"},
+{PEM_R_BAD_PASSWORD_READ                 ,"bad password read"},
+{PEM_R_ERROR_CONVERTING_PRIVATE_KEY      ,"error converting private key"},
+{PEM_R_NOT_DEK_INFO                      ,"not dek info"},
+{PEM_R_NOT_ENCRYPTED                     ,"not encrypted"},
+{PEM_R_NOT_PROC_TYPE                     ,"not proc type"},
+{PEM_R_NO_START_LINE                     ,"no start line"},
+{PEM_R_PROBLEMS_GETTING_PASSWORD         ,"problems getting password"},
+{PEM_R_PUBLIC_KEY_NO_RSA                 ,"public key no rsa"},
+{PEM_R_READ_KEY                          ,"read key"},
+{PEM_R_SHORT_HEADER                      ,"short header"},
+{PEM_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{PEM_R_UNSUPPORTED_ENCRYPTION            ,"unsupported encryption"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_PEM_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
+                ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
new file mode 100644
index 0000000000..9e4af29c95
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -0,0 +1,365 @@
+/* crypto/pem/pem_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#ifndef OPENSSL_NO_FP_API
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
+        {
+        BIO *b;
+        STACK_OF(X509_INFO) *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
+        {
+        X509_INFO *xi=NULL;
+        char *name=NULL,*header=NULL,**pp;
+        unsigned char *data=NULL,*p;
+        long len,error=0;
+        int ok=0;
+        STACK_OF(X509_INFO) *ret=NULL;
+        unsigned int i,raw;
+        char *(*d2i)();
+
+        if (sk == NULL)
+                {
+                if ((ret=sk_X509_INFO_new_null()) == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                ret=sk;
+
+        if ((xi=X509_INFO_new()) == NULL) goto err;
+        for (;;)
+                {
+                raw=0;
+                i=PEM_read_bio(bp,&name,&header,&data,&len);
+                if (i == 0)
+                        {
+                        error=ERR_GET_REASON(ERR_peek_last_error());
+                        if (error == PEM_R_NO_START_LINE)
+                                {
+                                ERR_clear_error();
+                                break;
+                                }
+                        goto err;
+                        }
+start:
+                if (    (strcmp(name,PEM_STRING_X509) == 0) ||
+                        (strcmp(name,PEM_STRING_X509_OLD) == 0))
+                        {
+                        d2i=(char *(*)())d2i_X509;
+                        if (xi->x509 != NULL)
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->x509);
+                        }
+                else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
+                        {
+                        d2i=(char *(*)())d2i_X509_AUX;
+                        if (xi->x509 != NULL)
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->x509);
+                        }
+                else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
+                        {
+                        d2i=(char *(*)())d2i_X509_CRL;
+                        if (xi->crl != NULL)
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->crl);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                        if (strcmp(name,PEM_STRING_RSA) == 0)
+                        {
+                        d2i=(char *(*)())d2i_RSAPrivateKey;
+                        if (xi->x_pkey != NULL) 
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+
+                        xi->enc_data=NULL;
+                        xi->enc_len=0;
+
+                        xi->x_pkey=X509_PKEY_new();
+                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                                goto err;
+                        xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa);
+                        if ((int)strlen(header) > 10) /* assume encrypted */
+                                raw=1;
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                        if (strcmp(name,PEM_STRING_DSA) == 0)
+                        {
+                        d2i=(char *(*)())d2i_DSAPrivateKey;
+                        if (xi->x_pkey != NULL) 
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+
+                        xi->enc_data=NULL;
+                        xi->enc_len=0;
+
+                        xi->x_pkey=X509_PKEY_new();
+                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                                goto err;
+                        xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);
+                        if ((int)strlen(header) > 10) /* assume encrypted */
+                                raw=1;
+                        }
+                else
+#endif
+                        {
+                        d2i=NULL;
+                        pp=NULL;
+                        }
+
+                if (d2i != NULL)
+                        {
+                        if (!raw)
+                                {
+                                EVP_CIPHER_INFO cipher;
+
+                                if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
+                                        goto err;
+                                if (!PEM_do_header(&cipher,data,&len,cb,u))
+                                        goto err;
+                                p=data;
+                                if (d2i(pp,&p,len) == NULL)
+                                        {
+                                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
+                                        goto err;
+                                        }
+                                }
+                        else
+                                { /* encrypted RSA data */
+                                if (!PEM_get_EVP_CIPHER_INFO(header,
+                                        &xi->enc_cipher)) goto err;
+                                xi->enc_data=(char *)data;
+                                xi->enc_len=(int)len;
+                                data=NULL;
+                                }
+                        }
+                else    {
+                        /* unknown */
+                        }
+                if (name != NULL) OPENSSL_free(name);
+                if (header != NULL) OPENSSL_free(header);
+                if (data != NULL) OPENSSL_free(data);
+                name=NULL;
+                header=NULL;
+                data=NULL;
+                }
+
+        /* if the last one hasn't been pushed yet and there is anything
+         * in it then add it to the stack ... 
+         */
+        if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+                (xi->x_pkey != NULL) || (xi->enc_data != NULL))
+                {
+                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                xi=NULL;
+                }
+        ok=1;
+err:
+        if (xi != NULL) X509_INFO_free(xi);
+        if (!ok)
+                {
+                for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
+                        {
+                        xi=sk_X509_INFO_value(ret,i);
+                        X509_INFO_free(xi);
+                        }
+                if (ret != sk) sk_X509_INFO_free(ret);
+                ret=NULL;
+                }
+                
+        if (name != NULL) OPENSSL_free(name);
+        if (header != NULL) OPENSSL_free(header);
+        if (data != NULL) OPENSSL_free(data);
+        return(ret);
+        }
+
+
+/* A TJH addition */
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
+        {
+        EVP_CIPHER_CTX ctx;
+        int i,ret=0;
+        unsigned char *data=NULL;
+        const char *objstr=NULL;
+        char buf[PEM_BUFSIZE];
+        unsigned char *iv=NULL;
+        
+        if (enc != NULL)
+                {
+                objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
+                if (objstr == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                        goto err;
+                        }
+                }
+
+        /* now for the fun part ... if we have a private key then 
+         * we have to be able to handle a not-yet-decrypted key
+         * being written out correctly ... if it is decrypted or
+         * it is non-encrypted then we use the base code
+         */
+        if (xi->x_pkey!=NULL)
+                {
+                if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
+                        {
+                        /* copy from weirdo names into more normal things */
+                        iv=xi->enc_cipher.iv;
+                        data=(unsigned char *)xi->enc_data;
+                        i=xi->enc_len;
+
+                        /* we take the encryption data from the
+                         * internal stuff rather than what the
+                         * user has passed us ... as we have to 
+                         * match exactly for some strange reason
+                         */
+                        objstr=OBJ_nid2sn(
+                                EVP_CIPHER_nid(xi->enc_cipher.cipher));
+                        if (objstr == NULL)
+                                {
+                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                                goto err;
+                                }
+
+                        /* create the right magic header stuff */
+                        OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
+                        buf[0]='\0';
+                        PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+                        PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+
+                        /* use the normal code to write things out */
+                        i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
+                        if (i <= 0) goto err;
+                        }
+                else
+                        {
+                        /* Add DSA/DH */
+#ifndef OPENSSL_NO_RSA
+                        /* normal optionally encrypted stuff */
+                        if (PEM_write_bio_RSAPrivateKey(bp,
+                                xi->x_pkey->dec_pkey->pkey.rsa,
+                                enc,kstr,klen,cb,u)<=0)
+                                goto err;
+#endif
+                        }
+                }
+
+        /* if we have a certificate then write it out now */
+        if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
+                goto err;
+
+        /* we are ignoring anything else that is loaded into the X509_INFO
+         * structure for the moment ... as I don't need it so I'm not
+         * coding it here and Eric can do it when this makes it into the
+         * base library --tjh
+         */
+
+        ret=1;
+
+err:
+        OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+        OPENSSL_cleanse(buf,PEM_BUFSIZE);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
new file mode 100644
index 0000000000..82815067b3
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -0,0 +1,776 @@
+/* crypto/pem/pem_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#ifndef OPENSSL_NO_DES
+#include <openssl/des.h>
+#endif
+
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
+
+#define MIN_LENGTH      4
+
+static int load_iv(char **fromp,unsigned char *to, int num);
+static int check_pem(const char *nm, const char *name);
+
+int PEM_def_callback(char *buf, int num, int w, void *key)
+        {
+#ifdef OPENSSL_NO_FP_API
+        /* We should not ever call the default callback routine from
+         * windows. */
+        PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return(-1);
+#else
+        int i,j;
+        const char *prompt;
+        if(key) {
+                i=strlen(key);
+                i=(i > num)?num:i;
+                memcpy(buf,key,i);
+                return(i);
+        }
+
+        prompt=EVP_get_pw_prompt();
+        if (prompt == NULL)
+                prompt="Enter PEM pass phrase:";
+
+        for (;;)
+                {
+                i=EVP_read_pw_string(buf,num,prompt,w);
+                if (i != 0)
+                        {
+                        PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+                        memset(buf,0,(unsigned int)num);
+                        return(-1);
+                        }
+                j=strlen(buf);
+                if (j < MIN_LENGTH)
+                        {
+                        fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
+                        }
+                else
+                        break;
+                }
+        return(j);
+#endif
+        }
+
+void PEM_proc_type(char *buf, int type)
+        {
+        const char *str;
+
+        if (type == PEM_TYPE_ENCRYPTED)
+                str="ENCRYPTED";
+        else if (type == PEM_TYPE_MIC_CLEAR)
+                str="MIC-CLEAR";
+        else if (type == PEM_TYPE_MIC_ONLY)
+                str="MIC-ONLY";
+        else
+                str="BAD-TYPE";
+                
+        BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
+        BUF_strlcat(buf,str,PEM_BUFSIZE);
+        BUF_strlcat(buf,"\n",PEM_BUFSIZE);
+        }
+
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
+        {
+        static const unsigned char map[17]="0123456789ABCDEF";
+        long i;
+        int j;
+
+        BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
+        BUF_strlcat(buf,type,PEM_BUFSIZE);
+        BUF_strlcat(buf,",",PEM_BUFSIZE);
+        j=strlen(buf);
+        if (j + (len * 2) + 1 > PEM_BUFSIZE)
+                return;
+        for (i=0; i<len; i++)
+                {
+                buf[j+i*2]  =map[(str[i]>>4)&0x0f];
+                buf[j+i*2+1]=map[(str[i]   )&0x0f];
+                }
+        buf[j+i*2]='\n';
+        buf[j+i*2+1]='\0';
+        }
+
+#ifndef OPENSSL_NO_FP_API
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
+             pem_password_cb *cb, void *u)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+static int check_pem(const char *nm, const char *name)
+{
+        /* Normal matching nm and name */
+        if (!strcmp(nm,name)) return 1;
+
+        /* Make PEM_STRING_EVP_PKEY match any private key */
+
+        if(!strcmp(nm,PEM_STRING_PKCS8) &&
+                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
+                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_RSA) &&
+                !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_DSA) &&
+                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+        /* Permit older strings */
+
+        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
+                !strcmp(name,PEM_STRING_X509)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
+                !strcmp(name,PEM_STRING_X509_REQ)) return 1;
+
+        /* Allow normal certs to be read as trusted certs */
+        if(!strcmp(nm,PEM_STRING_X509) &&
+                !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+
+        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
+                !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+
+        /* Some CAs use PKCS#7 with CERTIFICATE headers */
+        if(!strcmp(nm, PEM_STRING_X509) &&
+                !strcmp(name, PEM_STRING_PKCS7)) return 1;
+
+        return 0;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+             pem_password_cb *cb, void *u)
+        {
+        EVP_CIPHER_INFO cipher;
+        char *nm=NULL,*header=NULL;
+        unsigned char *data=NULL;
+        long len;
+        int ret = 0;
+
+        for (;;)
+                {
+                if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
+                        if(ERR_GET_REASON(ERR_peek_error()) ==
+                                PEM_R_NO_START_LINE)
+                                ERR_add_error_data(2, "Expecting: ", name);
+                        return 0;
+                }
+                if(check_pem(nm, name)) break;
+                OPENSSL_free(nm);
+                OPENSSL_free(header);
+                OPENSSL_free(data);
+                }
+        if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
+        if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
+
+        *pdata = data;
+        *plen = len;
+
+        if (pnm)
+                *pnm = nm;
+
+        ret = 1;
+
+err:
+        if (!ret || !pnm) OPENSSL_free(nm);
+        OPENSSL_free(header);
+        if (!ret) OPENSSL_free(data);
+        return ret;
+        }
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+             pem_password_cb *callback, void *u)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+             pem_password_cb *callback, void *u)
+        {
+        EVP_CIPHER_CTX ctx;
+        int dsize=0,i,j,ret=0;
+        unsigned char *p,*data=NULL;
+        const char *objstr=NULL;
+        char buf[PEM_BUFSIZE];
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        
+        if (enc != NULL)
+                {
+                objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
+                if (objstr == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                        goto err;
+                        }
+                }
+
+        if ((dsize=i2d(x,NULL)) < 0)
+                {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
+                dsize=0;
+                goto err;
+                }
+        /* dzise + 8 bytes are needed */
+        /* actually it needs the cipher block size extra... */
+        data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
+        if (data == NULL)
+                {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        p=data;
+        i=i2d(x,&p);
+
+        if (enc != NULL)
+                {
+                if (kstr == NULL)
+                        {
+                        if (callback == NULL)
+                                klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
+                        else
+                                klen=(*callback)(buf,PEM_BUFSIZE,1,u);
+                        if (klen <= 0)
+                                {
+                                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
+                                goto err;
+                                }
+#ifdef CHARSET_EBCDIC
+                        /* Convert the pass phrase from EBCDIC */
+                        ebcdic2ascii(buf, buf, klen);
+#endif
+                        kstr=(unsigned char *)buf;
+                        }
+                RAND_add(data,i,0);/* put in the RSA key. */
+                OPENSSL_assert(enc->iv_len <= sizeof iv);
+                if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
+                        goto err;
+                /* The 'iv' is used as the iv and as a salt.  It is
+                 * NOT taken from the BytesToKey function */
+                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+
+                if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+
+                OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
+
+                buf[0]='\0';
+                PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+                PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+                /* k=strlen(buf); */
+
+                EVP_CIPHER_CTX_init(&ctx);
+                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
+                EVP_EncryptUpdate(&ctx,data,&j,data,i);
+                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+                EVP_CIPHER_CTX_cleanup(&ctx);
+                i+=j;
+                ret=1;
+                }
+        else
+                {
+                ret=1;
+                buf[0]='\0';
+                }
+        i=PEM_write_bio(bp,name,buf,data,i);
+        if (i <= 0) ret=0;
+err:
+        OPENSSL_cleanse(key,sizeof(key));
+        OPENSSL_cleanse(iv,sizeof(iv));
+        OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+        OPENSSL_cleanse(buf,PEM_BUFSIZE);
+        if (data != NULL)
+                {
+                OPENSSL_cleanse(data,(unsigned int)dsize);
+                OPENSSL_free(data);
+                }
+        return(ret);
+        }
+
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+             pem_password_cb *callback,void *u)
+        {
+        int i,j,o,klen;
+        long len;
+        EVP_CIPHER_CTX ctx;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        char buf[PEM_BUFSIZE];
+
+        len= *plen;
+
+        if (cipher->cipher == NULL) return(1);
+        if (callback == NULL)
+                klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
+        else
+                klen=callback(buf,PEM_BUFSIZE,0,u);
+        if (klen <= 0)
+                {
+                PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
+                return(0);
+                }
+#ifdef CHARSET_EBCDIC
+        /* Convert the pass phrase from EBCDIC */
+        ebcdic2ascii(buf, buf, klen);
+#endif
+
+        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+                (unsigned char *)buf,klen,1,key,NULL);
+
+        j=(int)len;
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+        EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        OPENSSL_cleanse((char *)buf,sizeof(buf));
+        OPENSSL_cleanse((char *)key,sizeof(key));
+        j+=i;
+        if (!o)
+                {
+                PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
+                return(0);
+                }
+        *plen=j;
+        return(1);
+        }
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
+        {
+        int o;
+        const EVP_CIPHER *enc=NULL;
+        char *p,c;
+        char **header_pp = &header;
+
+        cipher->cipher=NULL;
+        if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+                return(1);
+        if (strncmp(header,"Proc-Type: ",11) != 0)
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
+        header+=11;
+        if (*header != '4') return(0); header++;
+        if (*header != ',') return(0); header++;
+        if (strncmp(header,"ENCRYPTED",9) != 0)
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
+        for (; (*header != '\n') && (*header != '\0'); header++)
+                ;
+        if (*header == '\0')
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
+        header++;
+        if (strncmp(header,"DEK-Info: ",10) != 0)
+                { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
+        header+=10;
+
+        p=header;
+        for (;;)
+                {
+                c= *header;
+#ifndef CHARSET_EBCDIC
+                if (!(  ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
+                        ((c >= '0') && (c <= '9'))))
+                        break;
+#else
+                if (!(  isupper(c) || (c == '-') ||
+                        isdigit(c)))
+                        break;
+#endif
+                header++;
+                }
+        *header='\0';
+        o=OBJ_sn2nid(p);
+        cipher->cipher=enc=EVP_get_cipherbyname(p);
+        *header=c;
+        header++;
+
+        if (enc == NULL)
+                {
+                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
+                return(0);
+                }
+        if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
+                return(0);
+
+        return(1);
+        }
+
+static int load_iv(char **fromp, unsigned char *to, int num)
+        {
+        int v,i;
+        char *from;
+
+        from= *fromp;
+        for (i=0; i<num; i++) to[i]=0;
+        num*=2;
+        for (i=0; i<num; i++)
+                {
+                if ((*from >= '0') && (*from <= '9'))
+                        v= *from-'0';
+                else if ((*from >= 'A') && (*from <= 'F'))
+                        v= *from-'A'+10;
+                else if ((*from >= 'a') && (*from <= 'f'))
+                        v= *from-'a'+10;
+                else
+                        {
+                        PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
+                        return(0);
+                        }
+                from++;
+                to[i/2]|=v<<(long)((!(i&1))*4);
+                }
+
+        *fromp=from;
+        return(1);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+             long len)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_write_bio(b, name, header, data,len);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
+             long len)
+        {
+        int nlen,n,i,j,outl;
+        unsigned char *buf = NULL;
+        EVP_ENCODE_CTX ctx;
+        int reason=ERR_R_BUF_LIB;
+        
+        EVP_EncodeInit(&ctx);
+        nlen=strlen(name);
+
+        if (    (BIO_write(bp,"-----BEGIN ",11) != 11) ||
+                (BIO_write(bp,name,nlen) != nlen) ||
+                (BIO_write(bp,"-----\n",6) != 6))
+                goto err;
+                
+        i=strlen(header);
+        if (i > 0)
+                {
+                if (    (BIO_write(bp,header,i) != i) ||
+                        (BIO_write(bp,"\n",1) != 1))
+                        goto err;
+                }
+
+        buf = OPENSSL_malloc(PEM_BUFSIZE*8);
+        if (buf == NULL)
+                {
+                reason=ERR_R_MALLOC_FAILURE;
+                goto err;
+                }
+
+        i=j=0;
+        while (len > 0)
+                {
+                n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
+                EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
+                if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
+                        goto err;
+                i+=outl;
+                len-=n;
+                j+=n;
+                }
+        EVP_EncodeFinal(&ctx,buf,&outl);
+        if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+        OPENSSL_free(buf);
+        buf = NULL;
+        if (    (BIO_write(bp,"-----END ",9) != 9) ||
+                (BIO_write(bp,name,nlen) != nlen) ||
+                (BIO_write(bp,"-----\n",6) != 6))
+                goto err;
+        return(i+outl);
+err:
+        if (buf)
+                OPENSSL_free(buf);
+        PEMerr(PEM_F_PEM_WRITE_BIO,reason);
+        return(0);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+             long *len)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_read_bio(b, name, header, data,len);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+             long *len)
+        {
+        EVP_ENCODE_CTX ctx;
+        int end=0,i,k,bl=0,hl=0,nohead=0;
+        char buf[256];
+        BUF_MEM *nameB;
+        BUF_MEM *headerB;
+        BUF_MEM *dataB,*tmpB;
+        
+        nameB=BUF_MEM_new();
+        headerB=BUF_MEM_new();
+        dataB=BUF_MEM_new();
+        if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
+                {
+                BUF_MEM_free(nameB);
+                BUF_MEM_free(headerB);
+                BUF_MEM_free(dataB);
+                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        buf[254]='\0';
+        for (;;)
+                {
+                i=BIO_gets(bp,buf,254);
+
+                if (i <= 0)
+                        {
+                        PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
+                        goto err;
+                        }
+
+                while ((i >= 0) && (buf[i] <= ' ')) i--;
+                buf[++i]='\n'; buf[++i]='\0';
+
+                if (strncmp(buf,"-----BEGIN ",11) == 0)
+                        {
+                        i=strlen(&(buf[11]));
+
+                        if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
+                                continue;
+                        if (!BUF_MEM_grow(nameB,i+9))
+                                {
+                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        memcpy(nameB->data,&(buf[11]),i-6);
+                        nameB->data[i-6]='\0';
+                        break;
+                        }
+                }
+        hl=0;
+        if (!BUF_MEM_grow(headerB,256))
+                { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+        headerB->data[0]='\0';
+        for (;;)
+                {
+                i=BIO_gets(bp,buf,254);
+                if (i <= 0) break;
+
+                while ((i >= 0) && (buf[i] <= ' ')) i--;
+                buf[++i]='\n'; buf[++i]='\0';
+
+                if (buf[0] == '\n') break;
+                if (!BUF_MEM_grow(headerB,hl+i+9))
+                        { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+                if (strncmp(buf,"-----END ",9) == 0)
+                        {
+                        nohead=1;
+                        break;
+                        }
+                memcpy(&(headerB->data[hl]),buf,i);
+                headerB->data[hl+i]='\0';
+                hl+=i;
+                }
+
+        bl=0;
+        if (!BUF_MEM_grow(dataB,1024))
+                { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
+        dataB->data[0]='\0';
+        if (!nohead)
+                {
+                for (;;)
+                        {
+                        i=BIO_gets(bp,buf,254);
+                        if (i <= 0) break;
+
+                        while ((i >= 0) && (buf[i] <= ' ')) i--;
+                        buf[++i]='\n'; buf[++i]='\0';
+
+                        if (i != 65) end=1;
+                        if (strncmp(buf,"-----END ",9) == 0)
+                                break;
+                        if (i > 65) break;
+                        if (!BUF_MEM_grow_clean(dataB,i+bl+9))
+                                {
+                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        memcpy(&(dataB->data[bl]),buf,i);
+                        dataB->data[bl+i]='\0';
+                        bl+=i;
+                        if (end)
+                                {
+                                buf[0]='\0';
+                                i=BIO_gets(bp,buf,254);
+                                if (i <= 0) break;
+
+                                while ((i >= 0) && (buf[i] <= ' ')) i--;
+                                buf[++i]='\n'; buf[++i]='\0';
+
+                                break;
+                                }
+                        }
+                }
+        else
+                {
+                tmpB=headerB;
+                headerB=dataB;
+                dataB=tmpB;
+                bl=hl;
+                }
+        i=strlen(nameB->data);
+        if (    (strncmp(buf,"-----END ",9) != 0) ||
+                (strncmp(nameB->data,&(buf[9]),i) != 0) ||
+                (strncmp(&(buf[9+i]),"-----\n",6) != 0))
+                {
+                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
+                goto err;
+                }
+
+        EVP_DecodeInit(&ctx);
+        i=EVP_DecodeUpdate(&ctx,
+                (unsigned char *)dataB->data,&bl,
+                (unsigned char *)dataB->data,bl);
+        if (i < 0)
+                {
+                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
+                goto err;
+                }
+        i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
+        if (i < 0)
+                {
+                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
+                goto err;
+                }
+        bl+=k;
+
+        if (bl == 0) goto err;
+        *name=nameB->data;
+        *header=headerB->data;
+        *data=(unsigned char *)dataB->data;
+        *len=bl;
+        OPENSSL_free(nameB);
+        OPENSSL_free(headerB);
+        OPENSSL_free(dataB);
+        return(1);
+err:
+        BUF_MEM_free(nameB);
+        BUF_MEM_free(headerB);
+        BUF_MEM_free(dataB);
+        return(0);
+        }
diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c
new file mode 100644
index 0000000000..8d9064ea7c
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_oth.c
@@ -0,0 +1,85 @@
+/* crypto/pem/pem_oth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* Handle 'other' PEMs: not private keys */
+
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+             pem_password_cb *cb, void *u)
+        {
+        unsigned char *p=NULL,*data=NULL;
+        long len;
+        char *ret=NULL;
+
+        if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+                return NULL;
+        p = data;
+        ret=d2i(x,&p,len);
+        if (ret == NULL)
+                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+        OPENSSL_free(data);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
new file mode 100644
index 0000000000..db38a2a79d
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_pk8.c
@@ -0,0 +1,243 @@
+/* crypto/pem/pem_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
+                                int nid, const EVP_CIPHER *enc,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
+                                int nid, const EVP_CIPHER *enc,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+
+/* These functions write a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
+ * is NULL then it uses the unencrypted private key form. The 'nid' versions
+ * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        X509_SIG *p8;
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        char buf[PEM_BUFSIZE];
+        int ret;
+        if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+                                        PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+                return 0;
+        }
+        if(enc || (nid != -1)) {
+                if(!kstr) {
+                        if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+                        else klen = cb(buf, PEM_BUFSIZE, 1, u);
+                        if(klen <= 0) {
+                                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+                                                                PEM_R_READ_KEY);
+                                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                                return 0;
+                        }
+                                
+                        kstr = buf;
+                }
+                p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+                if(kstr == buf) OPENSSL_cleanse(buf, klen);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                if(isder) ret = i2d_PKCS8_bio(bp, p8);
+                else ret = PEM_write_bio_PKCS8(bp, p8);
+                X509_SIG_free(p8);
+                return ret;
+        } else {
+                if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+                else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                return ret;
+        }
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+        PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+        X509_SIG *p8 = NULL;
+        int klen;
+        EVP_PKEY *ret;
+        char psbuf[PEM_BUFSIZE];
+        p8 = d2i_PKCS8_bio(bp, NULL);
+        if(!p8) return NULL;
+        if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+        else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+        if (klen <= 0) {
+                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+                X509_SIG_free(p8);
+                return NULL;    
+        }
+        p8inf = PKCS8_decrypt(p8, psbuf, klen);
+        X509_SIG_free(p8);
+        if(!p8inf) return NULL;
+        ret = EVP_PKCS82PKEY(p8inf);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        if(!ret) return NULL;
+        if(x) {
+                if(*x) EVP_PKEY_free(*x);
+                *x = ret;
+        }
+        return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+        return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        BIO *bp;
+        int ret;
+        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+                PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
+                return(0);
+        }
+        ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+        BIO_free(bp);
+        return ret;
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+        BIO *bp;
+        EVP_PKEY *ret;
+        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
+                return NULL;
+        }
+        ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+        BIO_free(bp);
+        return ret;
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+                                                         PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
new file mode 100644
index 0000000000..9ecdbd5419
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -0,0 +1,145 @@
+/* crypto/pem/pem_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+        {
+        char *nm=NULL;
+        unsigned char *p=NULL,*data=NULL;
+        long len;
+        EVP_PKEY *ret=NULL;
+
+        if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+                return NULL;
+        p = data;
+
+        if (strcmp(nm,PEM_STRING_RSA) == 0)
+                ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
+        else if (strcmp(nm,PEM_STRING_DSA) == 0)
+                ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
+        else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+                PKCS8_PRIV_KEY_INFO *p8inf;
+                p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+                if(!p8inf) goto p8err;
+                ret = EVP_PKCS82PKEY(p8inf);
+                if(x) {
+                        if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+                        *x = ret;
+                }
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+        } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+                PKCS8_PRIV_KEY_INFO *p8inf;
+                X509_SIG *p8;
+                int klen;
+                char psbuf[PEM_BUFSIZE];
+                p8 = d2i_X509_SIG(NULL, &p, len);
+                if(!p8) goto p8err;
+                if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+                else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+                if (klen <= 0) {
+                        PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+                                        PEM_R_BAD_PASSWORD_READ);
+                        X509_SIG_free(p8);
+                        goto err;
+                }
+                p8inf = PKCS8_decrypt(p8, psbuf, klen);
+                X509_SIG_free(p8);
+                if(!p8inf) goto p8err;
+                ret = EVP_PKCS82PKEY(p8inf);
+                if(x) {
+                        if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+                        *x = ret;
+                }
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+        }
+p8err:
+        if (ret == NULL)
+                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+err:
+        OPENSSL_free(nm);
+        OPENSSL_free(data);
+        return(ret);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+        {
+        BIO *b;
+        EVP_PKEY *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_read_bio_PrivateKey(b,x,cb,u);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
new file mode 100644
index 0000000000..56e08abd70
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -0,0 +1,187 @@
+/* crypto/pem/pem_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_RSA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
+             unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
+             int npubk)
+        {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        int ret= -1;
+        int i,j,max=0;
+        char *s=NULL;
+
+        for (i=0; i<npubk; i++)
+                {
+                if (pubk[i]->type != EVP_PKEY_RSA)
+                        {
+                        PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
+                        goto err;
+                        }
+                j=RSA_size(pubk[i]->pkey.rsa);
+                if (j > max) max=j;
+                }
+        s=(char *)OPENSSL_malloc(max*2);
+        if (s == NULL)
+                {
+                PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_EncodeInit(&ctx->encode);
+
+        EVP_MD_CTX_init(&ctx->md);
+        EVP_SignInit(&ctx->md,md_type);
+
+        EVP_CIPHER_CTX_init(&ctx->cipher);
+        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
+        if (!ret) goto err;
+
+        /* base64 encode the keys */
+        for (i=0; i<npubk; i++)
+                {
+                j=EVP_EncodeBlock((unsigned char *)s,ek[i],
+                        RSA_size(pubk[i]->pkey.rsa));
+                ekl[i]=j;
+                memcpy(ek[i],s,j+1);
+                }
+
+        ret=npubk;
+err:
+        if (s != NULL) OPENSSL_free(s);
+        OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
+        return(ret);
+        }
+
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+             unsigned char *in, int inl)
+        {
+        unsigned char buffer[1600];
+        int i,j;
+
+        *outl=0;
+        EVP_SignUpdate(&ctx->md,in,inl);
+        for (;;)
+                {
+                if (inl <= 0) break;
+                if (inl > 1200)
+                        i=1200;
+                else
+                        i=inl;
+                EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
+                EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
+                *outl+=j;
+                out+=j;
+                in+=i;
+                inl-=i;
+                }
+        }
+
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+             unsigned char *out, int *outl, EVP_PKEY *priv)
+        {
+        unsigned char *s=NULL;
+        int ret=0,j;
+        unsigned int i;
+
+        if (priv->type != EVP_PKEY_RSA)
+                {
+                PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
+                goto err;
+                }
+        i=RSA_size(priv->pkey.rsa);
+        if (i < 100) i=100;
+        s=(unsigned char *)OPENSSL_malloc(i*2);
+        if (s == NULL)
+                {
+                PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
+        *outl=j;
+        out+=j;
+        EVP_EncodeFinal(&ctx->encode,out,&j);
+        *outl+=j;
+
+        if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
+        *sigl=EVP_EncodeBlock(sig,s,i);
+
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx->md);
+        EVP_CIPHER_CTX_cleanup(&ctx->cipher);
+        if (s != NULL) OPENSSL_free(s);
+        return(ret);
+        }
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
new file mode 100644
index 0000000000..c3b9808cb2
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_sign.c
@@ -0,0 +1,102 @@
+/* crypto/pem/pem_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+        {
+        EVP_DigestInit_ex(ctx, type, NULL);
+        }
+
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+             unsigned int count)
+        {
+        EVP_DigestUpdate(ctx,data,count);
+        }
+
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+             EVP_PKEY *pkey)
+        {
+        unsigned char *m;
+        int i,ret=0;
+        unsigned int m_len;
+
+        m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
+        if (m == NULL)
+                {
+                PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
+
+        i=EVP_EncodeBlock(sigret,m,m_len);
+        *siglen=i;
+        ret=1;
+err:
+        /* ctx has been zeroed by EVP_SignFinal() */
+        if (m != NULL) OPENSSL_free(m);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c
new file mode 100644
index 0000000000..19f88d8d3a
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_x509.c
@@ -0,0 +1,69 @@
+/* pem_x509.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
+
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
new file mode 100644
index 0000000000..2f579b5421
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_xaux.c
@@ -0,0 +1,68 @@
+/* pem_xaux.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
diff --git a/src/lib/libcrypto/pem/pkcs7.lis b/src/lib/libcrypto/pem/pkcs7.lis
new file mode 100644
index 0000000000..be90c5d87f
--- /dev/null
+++ b/src/lib/libcrypto/pem/pkcs7.lis
@@ -0,0 +1,22 @@
+21     0:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+ 00     2:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
+ 21    13:d=0 hl=2 l=  0 cons: cont: 00                 # explicit tag
+  21    15:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+   00    17:d=0 hl=2 l=  1 prim: univ: INTEGER          # version 
+   20    20:d=0 hl=2 l=  0 cons: univ: SET               
+   21    22:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
+    00    24:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
+    00    35:d=0 hl=2 l=  0 prim: univ: EOC               
+   21    37:d=0 hl=2 l=  0 cons: cont: 00               # cert tag
+    20    39:d=0 hl=4 l=545 cons: univ: SEQUENCE          
+    20   588:d=0 hl=4 l=524 cons: univ: SEQUENCE          
+    00  1116:d=0 hl=2 l=  0 prim: univ: EOC               
+   21  1118:d=0 hl=2 l=  0 cons: cont: 01               # crl tag
+    20  1120:d=0 hl=4 l=653 cons: univ: SEQUENCE          
+    20  1777:d=0 hl=4 l=285 cons: univ: SEQUENCE          
+    00  2066:d=0 hl=2 l=  0 prim: univ: EOC               
+   21  2068:d=0 hl=2 l=  0 cons: univ: SET              # signers 
+    00  2070:d=0 hl=2 l=  0 prim: univ: EOC               
+  00  2072:d=0 hl=2 l=  0 prim: univ: EOC               
+ 00  2074:d=0 hl=2 l=  0 prim: univ: EOC               
+00  2076:d=0 hl=2 l=  0 prim: univ: EOC               
diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl
new file mode 100644
index 0000000000..22149c680e
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/cbc.pl
@@ -0,0 +1,349 @@
+#!/usr/local/bin/perl
+
+# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+# des_cblock (*input);
+# des_cblock (*output);
+# long length;
+# des_key_schedule schedule;
+# des_cblock (*ivec);
+# int enc;
+#
+# calls 
+# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+#
+
+#&cbc("des_ncbc_encrypt","des_encrypt",0);
+#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
+#       1,4,5,3,5,-1);
+#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
+#       0,4,5,3,5,-1);
+#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
+#       0,6,7,3,4,5);
+#
+# When doing a cipher that needs bigendian order,
+# for encrypt, the iv is kept in bigendian form,
+# while for decrypt, it is kept in little endian.
+sub cbc
+        {
+        local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
+        # name is the function name
+        # enc_func and dec_func and the functions to call for encrypt/decrypt
+        # swap is true if byte order needs to be reversed
+        # iv_off is parameter number for the iv 
+        # enc_off is parameter number for the encrypt/decrypt flag
+        # p1,p2,p3 are the offsets for parameters to be passed to the
+        # underlying calls.
+
+        &function_begin_B($name,"");
+        &comment("");
+
+        $in="esi";
+        $out="edi";
+        $count="ebp";
+
+        &push("ebp");
+        &push("ebx");
+        &push("esi");
+        &push("edi");
+
+        $data_off=4;
+        $data_off+=4 if ($p1 > 0);
+        $data_off+=4 if ($p2 > 0);
+        $data_off+=4 if ($p3 > 0);
+
+        &mov($count,    &wparam(2));    # length
+
+        &comment("getting iv ptr from parameter $iv_off");
+        &mov("ebx",     &wparam($iv_off));      # Get iv ptr
+
+        &mov($in,       &DWP(0,"ebx","",0));#   iv[0]
+        &mov($out,      &DWP(4,"ebx","",0));#   iv[1]
+
+        &push($out);
+        &push($in);
+        &push($out);    # used in decrypt for iv[1]
+        &push($in);     # used in decrypt for iv[0]
+
+        &mov("ebx",     "esp");         # This is the address of tin[2]
+
+        &mov($in,       &wparam(0));    # in
+        &mov($out,      &wparam(1));    # out
+
+        # We have loaded them all, how lets push things
+        &comment("getting encrypt flag from parameter $enc_off");
+        &mov("ecx",     &wparam($enc_off));     # Get enc flag
+        if ($p3 > 0)
+                {
+                &comment("get and push parameter $p3");
+                if ($enc_off != $p3)
+                        { &mov("eax",   &wparam($p3)); &push("eax"); }
+                else    { &push("ecx"); }
+                }
+        if ($p2 > 0)
+                {
+                &comment("get and push parameter $p2");
+                if ($enc_off != $p2)
+                        { &mov("eax",   &wparam($p2)); &push("eax"); }
+                else    { &push("ecx"); }
+                }
+        if ($p1 > 0)
+                {
+                &comment("get and push parameter $p1");
+                if ($enc_off != $p1)
+                        { &mov("eax",   &wparam($p1)); &push("eax"); }
+                else    { &push("ecx"); }
+                }
+        &push("ebx");           # push data/iv
+
+        &cmp("ecx",0);
+        &jz(&label("decrypt"));
+
+        &and($count,0xfffffff8);
+        &mov("eax",     &DWP($data_off,"esp","",0));    # load iv[0]
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  # load iv[1]
+
+        &jz(&label("encrypt_finish"));
+
+        #############################################################
+
+        &set_label("encrypt_loop");
+        # encrypt start 
+        # "eax" and "ebx" hold iv (or the last cipher text)
+
+        &mov("ecx",     &DWP(0,$in,"",0));      # load first 4 bytes
+        &mov("edx",     &DWP(4,$in,"",0));      # second 4 bytes
+
+        &xor("eax",     "ecx");
+        &xor("ebx",     "edx");
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+
+        &call($enc_func);
+
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov(&DWP(0,$out,"",0),"eax");
+        &mov(&DWP(4,$out,"",0),"ebx");
+
+        # eax and ebx are the next iv.
+
+        &add($in,       8);
+        &add($out,      8);
+
+        &sub($count,    8);
+        &jnz(&label("encrypt_loop"));
+
+###################################################################3
+        &set_label("encrypt_finish");
+        &mov($count,    &wparam(2));    # length
+        &and($count,    7);
+        &jz(&label("finish"));
+        &call(&label("PIC_point"));
+&set_label("PIC_point");
+        &blindpop("edx");
+        &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
+        &mov($count,&DWP(0,"ecx",$count,4))
+        &add($count,"edx");
+        &xor("ecx","ecx");
+        &xor("edx","edx");
+        #&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
+        &jmp_ptr($count);
+
+&set_label("ej7");
+        &xor("edx",             "edx") if $ppro; # ppro friendly
+        &movb(&HB("edx"),       &BP(6,$in,"",0));
+        &shl("edx",8);
+&set_label("ej6");
+        &movb(&HB("edx"),       &BP(5,$in,"",0));
+&set_label("ej5");
+        &movb(&LB("edx"),       &BP(4,$in,"",0));
+&set_label("ej4");
+        &mov("ecx",             &DWP(0,$in,"",0));
+        &jmp(&label("ejend"));
+&set_label("ej3");
+        &movb(&HB("ecx"),       &BP(2,$in,"",0));
+        &xor("ecx",             "ecx") if $ppro; # ppro friendly
+        &shl("ecx",8);
+&set_label("ej2");
+        &movb(&HB("ecx"),       &BP(1,$in,"",0));
+&set_label("ej1");
+        &movb(&LB("ecx"),       &BP(0,$in,"",0));
+&set_label("ejend");
+
+        &xor("eax",     "ecx");
+        &xor("ebx",     "edx");
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+
+        &call($enc_func);
+
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov(&DWP(0,$out,"",0),"eax");
+        &mov(&DWP(4,$out,"",0),"ebx");
+
+        &jmp(&label("finish"));
+
+        #############################################################
+        #############################################################
+        &set_label("decrypt",1);
+        # decrypt start 
+        &and($count,0xfffffff8);
+        # The next 2 instructions are only for if the jz is taken
+        &mov("eax",     &DWP($data_off+8,"esp","",0));  # get iv[0]
+        &mov("ebx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
+        &jz(&label("decrypt_finish"));
+
+        &set_label("decrypt_loop");
+        &mov("eax",     &DWP(0,$in,"",0));      # load first 4 bytes
+        &mov("ebx",     &DWP(4,$in,"",0));      # second 4 bytes
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+
+        &call($dec_func);
+
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov("ecx",     &DWP($data_off+8,"esp","",0));  # get iv[0]
+        &mov("edx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
+
+        &xor("ecx",     "eax");
+        &xor("edx",     "ebx");
+
+        &mov("eax",     &DWP(0,$in,"",0));      # get old cipher text,
+        &mov("ebx",     &DWP(4,$in,"",0));      # next iv actually
+
+        &mov(&DWP(0,$out,"",0),"ecx");
+        &mov(&DWP(4,$out,"",0),"edx");
+
+        &mov(&DWP($data_off+8,"esp","",0),      "eax"); # save iv
+        &mov(&DWP($data_off+12,"esp","",0),     "ebx"); #
+
+        &add($in,       8);
+        &add($out,      8);
+
+        &sub($count,    8);
+        &jnz(&label("decrypt_loop"));
+############################ ENDIT #######################3
+        &set_label("decrypt_finish");
+        &mov($count,    &wparam(2));    # length
+        &and($count,    7);
+        &jz(&label("finish"));
+
+        &mov("eax",     &DWP(0,$in,"",0));      # load first 4 bytes
+        &mov("ebx",     &DWP(4,$in,"",0));      # second 4 bytes
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+
+        &call($dec_func);
+
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+
+        &bswap("eax")   if $swap;
+        &bswap("ebx")   if $swap;
+
+        &mov("ecx",     &DWP($data_off+8,"esp","",0));  # get iv[0]
+        &mov("edx",     &DWP($data_off+12,"esp","",0)); # get iv[1]
+
+        &xor("ecx",     "eax");
+        &xor("edx",     "ebx");
+
+        # this is for when we exit
+        &mov("eax",     &DWP(0,$in,"",0));      # get old cipher text,
+        &mov("ebx",     &DWP(4,$in,"",0));      # next iv actually
+
+&set_label("dj7");
+        &rotr("edx",    16);
+        &movb(&BP(6,$out,"",0), &LB("edx"));
+        &shr("edx",16);
+&set_label("dj6");
+        &movb(&BP(5,$out,"",0), &HB("edx"));
+&set_label("dj5");
+        &movb(&BP(4,$out,"",0), &LB("edx"));
+&set_label("dj4");
+        &mov(&DWP(0,$out,"",0), "ecx");
+        &jmp(&label("djend"));
+&set_label("dj3");
+        &rotr("ecx",    16);
+        &movb(&BP(2,$out,"",0), &LB("ecx"));
+        &shl("ecx",16);
+&set_label("dj2");
+        &movb(&BP(1,$in,"",0),  &HB("ecx"));
+&set_label("dj1");
+        &movb(&BP(0,$in,"",0),  &LB("ecx"));
+&set_label("djend");
+
+        # final iv is still in eax:ebx
+        &jmp(&label("finish"));
+
+
+############################ FINISH #######################3
+        &set_label("finish",1);
+        &mov("ecx",     &wparam($iv_off));      # Get iv ptr
+
+        #################################################
+        $total=16+4;
+        $total+=4 if ($p1 > 0);
+        $total+=4 if ($p2 > 0);
+        $total+=4 if ($p3 > 0);
+        &add("esp",$total);
+
+        &mov(&DWP(0,"ecx","",0),        "eax"); # save iv
+        &mov(&DWP(4,"ecx","",0),        "ebx"); # save iv
+
+        &function_end_A($name);
+
+        &set_label("cbc_enc_jmp_table",1);
+        &data_word("0");
+        &data_word(&label("ej1")."-".&label("PIC_point"));
+        &data_word(&label("ej2")."-".&label("PIC_point"));
+        &data_word(&label("ej3")."-".&label("PIC_point"));
+        &data_word(&label("ej4")."-".&label("PIC_point"));
+        &data_word(&label("ej5")."-".&label("PIC_point"));
+        &data_word(&label("ej6")."-".&label("PIC_point"));
+        &data_word(&label("ej7")."-".&label("PIC_point"));
+        # not used
+        #&set_label("cbc_dec_jmp_table",1);
+        #&data_word("0");
+        #&data_word(&label("dj1")."-".&label("PIC_point"));
+        #&data_word(&label("dj2")."-".&label("PIC_point"));
+        #&data_word(&label("dj3")."-".&label("PIC_point"));
+        #&data_word(&label("dj4")."-".&label("PIC_point"));
+        #&data_word(&label("dj5")."-".&label("PIC_point"));
+        #&data_word(&label("dj6")."-".&label("PIC_point"));
+        #&data_word(&label("dj7")."-".&label("PIC_point"));
+
+        &function_end_B($name);
+        
+        }
+
+1;
diff --git a/src/lib/libcrypto/perlasm/readme b/src/lib/libcrypto/perlasm/readme
new file mode 100644
index 0000000000..f02bbee75a
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/readme
@@ -0,0 +1,124 @@
+The perl scripts in this directory are my 'hack' to generate
+multiple different assembler formats via the one origional script.
+
+The way to use this library is to start with adding the path to this directory
+and then include it.
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+The first thing we do is setup the file and type of assember
+
+&asm_init($ARGV[0],$0);
+
+The first argument is the 'type'.  Currently
+'cpp', 'sol', 'a.out', 'elf' or 'win32'.
+Argument 2 is the file name.
+
+The reciprocal function is
+&asm_finish() which should be called at the end.
+
+There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
+and x86unix.pl which is the unix (gas) version.
+
+Functions of interest are:
+&external_label("des_SPtrans"); declare and external variable
+&LB(reg);                       Low byte for a register
+&HB(reg);                       High byte for a register
+&BP(off,base,index,scale)       Byte pointer addressing
+&DWP(off,base,index,scale)      Word pointer addressing
+&stack_push(num)                Basically a 'sub esp, num*4' with extra
+&stack_pop(num)                 inverse of stack_push
+&function_begin(name,extra)     Start a function with pushing of
+                                edi, esi, ebx and ebp.  extra is extra win32
+                                external info that may be required.
+&function_begin_B(name,extra)   Same as norma function_begin but no pushing.
+&function_end(name)             Call at end of function.
+&function_end_A(name)           Standard pop and ret, for use inside functions
+&function_end_B(name)           Call at end but with poping or 'ret'.
+&swtmp(num)                     Address on stack temp word.
+&wparam(num)                    Parameter number num, that was push
+                                in C convention.  This all works over pushes
+                                and pops.
+&comment("hello there")         Put in a comment.
+&label("loop")                  Refer to a label, normally a jmp target.
+&set_label("loop")              Set a label at this point.
+&data_word(word)                Put in a word of data.
+
+So how does this all hold together?  Given
+
+int calc(int len, int *data)
+        {
+        int i,j=0;
+
+        for (i=0; i<len; i++)
+                {
+                j+=other(data[i]);
+                }
+        }
+
+So a very simple version of this function could be coded as
+
+        push(@INC,"perlasm","../../perlasm");
+        require "x86asm.pl";
+        
+        &asm_init($ARGV[0],"cacl.pl");
+
+        &external_label("other");
+
+        $tmp1=  "eax";
+        $j=     "edi";
+        $data=  "esi";
+        $i=     "ebp";
+
+        &comment("a simple function");
+        &function_begin("calc");
+        &mov(   $data,          &wparam(1)); # data
+        &xor(   $j,             $j);
+        &xor(   $i,             $i);
+
+        &set_label("loop");
+        &cmp(   $i,             &wparam(0));
+        &jge(   &label("end"));
+
+        &mov(   $tmp1,          &DWP(0,$data,$i,4));
+        &push(  $tmp1);
+        &call(  "other");
+        &add(   $j,             "eax");
+        &pop(   $tmp1);
+        &inc(   $i);
+        &jmp(   &label("loop"));
+
+        &set_label("end");
+        &mov(   "eax",          $j);
+
+        &function_end("calc");
+
+        &asm_finish();
+
+The above example is very very unoptimised but gives an idea of how
+things work.
+
+There is also a cbc mode function generator in cbc.pl
+
+&cbc(   $name,
+        $encrypt_function_name,
+        $decrypt_function_name,
+        $true_if_byte_swap_needed,
+        $parameter_number_for_iv,
+        $parameter_number_for_encrypt_flag,
+        $first_parameter_to_pass,
+        $second_parameter_to_pass,
+        $third_parameter_to_pass);
+
+So for example, given
+void BF_encrypt(BF_LONG *data,BF_KEY *key);
+void BF_decrypt(BF_LONG *data,BF_KEY *key);
+void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+        BF_KEY *ks, unsigned char *iv, int enc);
+
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
+
+&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
+&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+
diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl
new file mode 100644
index 0000000000..60233f80e8
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86asm.pl
@@ -0,0 +1,135 @@
+#!/usr/local/bin/perl
+
+# require 'x86asm.pl';
+# &asm_init("cpp","des-586.pl");
+# XXX
+# XXX
+# main'asm_finish
+
+sub main'asm_finish
+        {
+        &file_end();
+        &asm_finish_cpp() if $cpp;
+        print &asm_get_output();
+        }
+
+sub main'asm_init
+        {
+        ($type,$fn,$i386)=@_;
+        $filename=$fn;
+
+        $elf=$cpp=$sol=$aout=$win32=$gaswin=$openbsd=0;
+        if (    ($type eq "elf"))
+                { $elf=1; require "x86unix.pl"; }
+        elsif ( ($type eq "openbsd-elf"))
+                { $openbsd=$elf=1; require "x86unix.pl"; }
+        elsif ( ($type eq "openbsd-a.out"))
+                { $openbsd=1; require "x86unix.pl"; }
+        elsif ( ($type eq "a.out"))
+                { $aout=1; require "x86unix.pl"; }
+        elsif ( ($type eq "gaswin"))
+                { $gaswin=1; $aout=1; require "x86unix.pl"; }
+        elsif ( ($type eq "sol"))
+                { $sol=1; require "x86unix.pl"; }
+        elsif ( ($type eq "cpp"))
+                { $cpp=1; require "x86unix.pl"; }
+        elsif ( ($type eq "win32"))
+                { $win32=1; require "x86ms.pl"; }
+        elsif ( ($type eq "win32n"))
+                { $win32=1; require "x86nasm.pl"; }
+        else
+                {
+                print STDERR <<"EOF";
+Pick one target type from
+        elf     - linux, FreeBSD etc
+        a.out   - old linux
+        sol     - x86 solaris
+        cpp     - format so x86unix.cpp can be used
+        win32   - Windows 95/Windows NT
+        win32n  - Windows 95/Windows NT NASM format
+        openbsd-elf     - OpenBSD elf
+        openbsd-a.out   - OpenBSD a.out
+EOF
+                exit(1);
+                }
+
+        $pic=0;
+        for (@ARGV) {   $pic=1 if (/\-[fK]PIC/i);       }
+
+        &asm_init_output();
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $filename");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+
+        $filename =~ s/\.pl$//;
+        &file($filename);
+        }
+
+sub asm_finish_cpp
+        {
+        return unless $cpp;
+
+        local($tmp,$i);
+        foreach $i (&get_labels())
+                {
+                $tmp.="#define $i _$i\n";
+                }
+        print <<"EOF";
+/* Run the C pre-processor over this file with one of the following defined
+ * ELF - elf object files,
+ * OUT - a.out object files,
+ * BSDI - BSDI style a.out object files
+ * SOL - Solaris style elf
+ */
+
+#define TYPE(a,b)       .type   a,b
+#define SIZE(a,b)       .size   a,b
+
+#if defined(OUT) || (defined(BSDI) && !defined(ELF))
+$tmp
+#endif
+
+#ifdef OUT
+#define OK      1
+#define ALIGN   4
+#if defined(__CYGWIN__) || defined(__DJGPP__)
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)       .def a; .scl 2; .type 32; .endef
+#endif /* __CYGWIN || __DJGPP */
+#endif
+
+#if defined(BSDI) && !defined(ELF)
+#define OK              1
+#define ALIGN           4
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK              1
+#define ALIGN           16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+/* Let the Assembler begin :-) */
+EOF
+        }
+
+sub main'align() {} # swallow align statements in 0.9.7 context
+
+1;
diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl
index 4bdb3fe180..5009acb4b3 100644
--- a/src/lib/libcrypto/perlasm/x86nasm.pl
+++ b/src/lib/libcrypto/perlasm/x86nasm.pl
@@ -221,15 +221,7 @@ sub using486
 
 sub main'file
         {
-        local $tmp;
-        $tmp=<<___;
-%ifdef __omf__
-section code    use32 class=code
-%else
-section .text
-%endif
-___
-        push(@out,$tmp);
+        push(@out, "segment .text use32\n");
         }
 
 sub main'function_begin
diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl
index a31a25c12b..b61425e951 100644
--- a/src/lib/libcrypto/perlasm/x86unix.pl
+++ b/src/lib/libcrypto/perlasm/x86unix.pl
@@ -15,6 +15,12 @@ sub main'asm_get_output { return(@out); }
 sub main'get_labels { return(@labels); }
 sub main'external_label { push(@labels,@_); }
 
+if ($main'openbsd)
+        {
+        $com_start='/*';
+        $com_end='*/';
+        }
+
 if ($main'cpp)
         {
         $align="ALIGN";
@@ -173,7 +179,9 @@ sub main'not	{ &out1("notl",@_); }
 sub main'call   { &out1("call",($_[0]=~/^\.L/?'':$under).$_[0]); }
 sub main'ret    { &out0("ret"); }
 sub main'nop    { &out0("nop"); }
+sub main'test   { &out2("testl",@_); }
 sub main'movz   { &out2("movzbl",@_); }
+sub main'neg    { &out1("negl",@_); }
 
 # The bswapl instruction is new for the 486. Emulate if i386.
 sub main'bswap
@@ -277,6 +285,9 @@ sub main'file
         {
         local($file)=@_;
 
+        if ($main'openbsd)
+                { push(@out,"#include <machine/asm.h>\n"); return; }
+
         local($tmp)=<<"EOF";
         .file   "$file.s"
         .version        "01.01"
@@ -292,6 +303,9 @@ sub main'function_begin
         &main'external_label($func);
         $func=$under.$func;
 
+        if ($main'openbsd)
+                { push (@out, "\nENTRY($func)\n"); goto skip; }
+
         local($tmp)=<<"EOF";
 .text
         .align $align
@@ -304,6 +318,7 @@ EOF
                 { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
         else    { $tmp=push(@out,"\t.type\t$func,\@function\n"); }
         push(@out,"$func:\n");
+skip:
         $tmp=<<"EOF";
         pushl   %ebp
         pushl   %ebx
@@ -322,6 +337,9 @@ sub main'function_begin_B
         &main'external_label($func);
         $func=$under.$func;
 
+        if ($main'openbsd)
+                { push(@out, "\nENTRY($func)\n"); goto skip; }
+
         local($tmp)=<<"EOF";
 .text
         .align $align
@@ -334,6 +352,7 @@ EOF
                 { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
         else    { push(@out,"\t.type    $func,\@function\n"); }
         push(@out,"$func:\n");
+skip:
         $stack=4;
         }
 
@@ -430,7 +449,8 @@ sub main'swtmp
 
 sub main'comment
         {
-        if ($main'elf)  # GNU and SVR4 as'es use different comment delimiters,
+        if (!$main'openbsd && $main'elf)
+                        # GNU and SVR4 as'es use different comment delimiters,
                 {       # so we just skip comments...
                 push(@out,"\n");
                 return;
@@ -444,6 +464,12 @@ sub main'comment
                 }
         }
 
+sub main'public_label
+        {
+        $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+        push(@out,".globl\t$label{$_[0]}\n");
+        }
+
 sub main'label
         {
         if (!defined($label{$_[0]}))
@@ -461,7 +487,10 @@ sub main'set_label
                 $label{$_[0]}=".${label}${_[0]}";
                 $label++;
                 }
-        push(@out,".align $align\n") if ($_[1] != 0);
+        if ($main'openbsd)
+                { push(@out,"_ALIGN_TEXT\n") if ($_[1] != 0); }
+        else
+                { push(@out,".align $align\n") if ($_[1] != 0); }
         push(@out,"$label{$_[0]}:\n");
         }
 
@@ -477,7 +506,7 @@ sub main'file_end
 
 sub main'data_word
         {
-        push(@out,"\t.long $_[0]\n");
+        push(@out,"\t.long\t".join(',',@_)."\n");
         }
 
 # debug output functions: puts, putx, printf
@@ -570,6 +599,16 @@ sub main'picmeup
 ___
                 push(@out,$tmp);
                 }
+        elsif ($main'openbsd)
+                {
+                push(@out, "#ifdef PIC\n");
+                push(@out, "\tPIC_PROLOGUE\n");
+                &main'mov($dst,"PIC_GOT($sym)");
+                push(@out, "\tPIC_EPILOGUE\n");
+                push(@out, "#else\n");
+                &main'lea($dst,&main'DWP($sym));
+                push(@out, "#endif\n");
+                }
         elsif ($main'pic && ($main'elf || $main'aout))
                 {
                 push(@out,"\t.align\t8\n");
diff --git a/src/lib/libcrypto/pkcs12/Makefile.ssl b/src/lib/libcrypto/pkcs12/Makefile.ssl
new file mode 100644
index 0000000000..a6e47b4085
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/Makefile.ssl
@@ -0,0 +1,417 @@
+#
+# SSLeay/crypto/pkcs12/Makefile
+#
+
+DIR=    pkcs12
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+        p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+        p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
+        p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+        p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs12.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+p12_add.o: ../../e_os.h ../../include/openssl/aes.h
+p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_add.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_add.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_add.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_add.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../cryptlib.h p12_add.c
+p12_asn.o: ../../e_os.h ../../include/openssl/aes.h
+p12_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p12_asn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_asn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_asn.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_asn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_asn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_asn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_asn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_asn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_asn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_asn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
+p12_attr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_attr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_attr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_attr.o: ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_attr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_attr.c
+p12_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crpt.c
+p12_crt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../cryptlib.h p12_crt.c
+p12_decr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_decr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_decr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_decr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_decr.o: ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_decr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_decr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_decr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_decr.c
+p12_init.o: ../../e_os.h ../../include/openssl/aes.h
+p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_init.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_init.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_init.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_init.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_init.o: ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_init.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_init.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_init.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_init.c
+p12_key.o: ../../e_os.h ../../include/openssl/aes.h
+p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_key.o: ../cryptlib.h p12_key.c
+p12_kiss.o: ../../e_os.h ../../include/openssl/aes.h
+p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_kiss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_kiss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_kiss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_kiss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_kiss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_kiss.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_kiss.c
+p12_mutl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_mutl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_mutl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_mutl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p12_mutl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_mutl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_mutl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_mutl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_mutl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_mutl.o: ../cryptlib.h p12_mutl.c
+p12_npas.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p12_npas.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_npas.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_npas.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_npas.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_npas.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_npas.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_npas.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_npas.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_npas.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_npas.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_npas.o: ../../include/openssl/x509_vfy.h p12_npas.c
+p12_p8d.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../cryptlib.h p12_p8d.c
+p12_p8e.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8e.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8e.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8e.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8e.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8e.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8e.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8e.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8e.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../cryptlib.h p12_p8e.c
+p12_utl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../cryptlib.h p12_utl.c
+pk12err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk12err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk12err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk12err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk12err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk12err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk12err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pk12err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk12err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk12err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk12err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
new file mode 100644
index 0000000000..1909f28506
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -0,0 +1,215 @@
+/* p12_add.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
+             int nid2)
+{
+        PKCS12_BAGS *bag;
+        PKCS12_SAFEBAG *safebag;
+        if (!(bag = PKCS12_BAGS_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        bag->type = OBJ_nid2obj(nid1);
+        if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        if (!(safebag = PKCS12_SAFEBAG_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        safebag->value.bag = bag;
+        safebag->type = OBJ_nid2obj(nid2);
+        return safebag;
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+{
+        PKCS12_SAFEBAG *bag;
+        if (!(bag = PKCS12_SAFEBAG_new())) {
+                PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        bag->type = OBJ_nid2obj(NID_keyBag);
+        bag->value.keybag = p8;
+        return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+             int passlen, unsigned char *salt, int saltlen, int iter,
+             PKCS8_PRIV_KEY_INFO *p8)
+{
+        PKCS12_SAFEBAG *bag;
+
+        /* Set up the safe bag */
+        if (!(bag = PKCS12_SAFEBAG_new())) {
+                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+        if (!(bag->value.shkeybag = 
+          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+                                                                         p8))) {
+                PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        return bag;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+        PKCS7 *p7;
+        if (!(p7 = PKCS7_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p7->type = OBJ_nid2obj(NID_pkcs7_data);
+        if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        
+        if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+                return NULL;
+        }
+        return p7;
+}
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+        if(!PKCS7_type_is_data(p7)) return NULL;
+        return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                              unsigned char *salt, int saltlen, int iter,
+                              STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+        PKCS7 *p7;
+        X509_ALGOR *pbe;
+        if (!(p7 = PKCS7_new())) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+                                PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+                return NULL;
+        }
+        if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+        p7->d.encrypted->enc_data->algorithm = pbe;
+        M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+        if (!(p7->d.encrypted->enc_data->enc_data =
+        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
+                                 bags, 1))) {
+                PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+                return NULL;
+        }
+
+        return p7;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
+{
+        if(!PKCS7_type_is_encrypted(p7)) return NULL;
+        return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                                   pass, passlen,
+                                   p7->d.encrypted->enc_data->enc_data, 1);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
+                                                                int passlen)
+{
+        return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
+{
+        if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+                &p12->authsafes->d.data)) 
+                        return 1;
+        return 0;
+}
+
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
+{
+        return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+}
diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c
new file mode 100644
index 0000000000..a3739fee1a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_asn.c
@@ -0,0 +1,125 @@
+/* p12_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 ASN1 module */
+
+ASN1_SEQUENCE(PKCS12) = {
+        ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+        ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+} ASN1_SEQUENCE_END(PKCS12)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+
+ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
+        ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+        ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+        ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+
+ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_BAGS) = {
+        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_BAGS) = {
+        ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_BAGS),
+} ASN1_SEQUENCE_END(PKCS12_BAGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_SAFEBAG) = {
+        ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+        ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+        ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
+        ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+        ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+
+/* SEQUENCE OF SafeBag */
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
+
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c
new file mode 100644
index 0000000000..026cf3826a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_attr.c
@@ -0,0 +1,145 @@
+/* p12_attr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Add a local keyid to a safebag */
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+             int namelen)
+{
+        if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+                                V_ASN1_OCTET_STRING, name, namelen))
+                return 1;
+        else 
+                return 0;
+}
+
+/* Add key usage to PKCS#8 structure */
+
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+        unsigned char us_val;
+        us_val = (unsigned char) usage;
+        if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
+                                V_ASN1_BIT_STRING, &us_val, 1))
+                return 1;
+        else
+                return 0;
+}
+
+/* Add a friendlyname to a safebag */
+
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen)
+{
+        if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+                return 1;
+        else
+                return 0;
+}
+
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                 const unsigned char *name, int namelen)
+{
+        if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_BMP, name, namelen))
+                return 1;
+        else
+                return 0;
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen)
+{
+        if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+                return 1;
+        else
+                return 0;
+}
+
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+{
+        X509_ATTRIBUTE *attrib;
+        int i;
+        if (!attrs) return NULL;
+        for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
+                attrib = sk_X509_ATTRIBUTE_value (attrs, i);
+                if (OBJ_obj2nid (attrib->object) == attr_nid) {
+                        if (sk_ASN1_TYPE_num (attrib->value.set))
+                            return sk_ASN1_TYPE_value(attrib->value.set, 0);
+                        else return NULL;
+                }
+        }
+        return NULL;
+}
+
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+        ASN1_TYPE *atype;
+        if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
+        if (atype->type != V_ASN1_BMPSTRING) return NULL;
+        return uni2asc(atype->value.bmpstring->data,
+                                 atype->value.bmpstring->length);
+}
+
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
new file mode 100644
index 0000000000..003ec7a33e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -0,0 +1,124 @@
+/* p12_crpt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 specific PBE functions */
+
+void PKCS12_PBE_add(void)
+{
+#ifndef OPENSSL_NO_RC4
+EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
+                                                         PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
+                                                         PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_DES
+EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                        EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
+                        EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_RC2
+EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
+                                        EVP_sha1(), PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
+                                        EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+}
+
+int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
+{
+        PBEPARAM *pbe;
+        int saltlen, iter, ret;
+        unsigned char *salt, *pbuf;
+        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+
+        /* Extract useful info from parameter */
+        pbuf = param->value.sequence->data;
+        if (!param || (param->type != V_ASN1_SEQUENCE) ||
+           !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+                EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+                return 0;
+        }
+
+        if (!pbe->iter) iter = 1;
+        else iter = ASN1_INTEGER_get (pbe->iter);
+        salt = pbe->salt->data;
+        saltlen = pbe->salt->length;
+        if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+                             iter, EVP_CIPHER_key_length(cipher), key, md)) {
+                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
+                PBEPARAM_free(pbe);
+                return 0;
+        }
+        if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
+                                iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
+                PBEPARAM_free(pbe);
+                return 0;
+        }
+        PBEPARAM_free(pbe);
+        ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+        return ret;
+}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
new file mode 100644
index 0000000000..4c36c643ce
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -0,0 +1,164 @@
+/* p12_crt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+             STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
+             int keytype)
+{
+        PKCS12 *p12;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
+        STACK_OF(PKCS7) *safes;
+        PKCS12_SAFEBAG *bag;
+        PKCS8_PRIV_KEY_INFO *p8;
+        PKCS7 *authsafe;
+        X509 *tcert;
+        int i;
+        unsigned char keyid[EVP_MAX_MD_SIZE];
+        unsigned int keyidlen;
+
+        /* Set defaults */
+        if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+        if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        if(!iter) iter = PKCS12_DEFAULT_ITER;
+        if(!mac_iter) mac_iter = 1;
+
+        if(!pkey || !cert) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
+                return NULL;
+        }
+
+        if(!X509_check_private_key(cert, pkey)) return NULL;
+
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        /* Add user certificate */
+        if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
+        if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
+        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+        if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
+
+        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        
+        /* Add all other certificates */
+        if(ca) {
+                for(i = 0; i < sk_X509_num(ca); i++) {
+                        tcert = sk_X509_value(ca, i);
+                        if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
+                        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
+                                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                                return NULL;
+                        }
+                }
+        }
+
+        /* Turn certbags into encrypted authsafe */
+        authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
+                                          iter, bags);
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+
+        if (!authsafe) return NULL;
+
+        if(!(safes = sk_PKCS7_new_null ())
+           || !sk_PKCS7_push(safes, authsafe)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        /* Make a shrouded key bag */
+        if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
+        if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
+        bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
+        if(!bag) return NULL;
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
+        if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null())
+           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        /* Turn it into unencrypted safe bag */
+        if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        if(!sk_PKCS7_push(safes, authsafe)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
+
+        if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
+
+        sk_PKCS7_pop_free(safes, PKCS7_free);
+
+        if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
+            return NULL;
+
+        return p12;
+
+}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
new file mode 100644
index 0000000000..b5684a83ba
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -0,0 +1,176 @@
+/* p12_decr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Define this to dump decrypted output to files called DERnnn */
+/*#define DEBUG_DECRYPT*/
+
+
+/* Encrypt/Decrypt a buffer based on password and algor, result in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+             int passlen, unsigned char *in, int inlen, unsigned char **data,
+             int *datalen, int en_de)
+{
+        unsigned char *out;
+        int outlen, i;
+        EVP_CIPHER_CTX ctx;
+
+        EVP_CIPHER_CTX_init(&ctx);
+        /* Decrypt data */
+        if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+                                         algor->parameter, &ctx, en_de)) {
+                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+                return NULL;
+        }
+
+        if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+
+        EVP_CipherUpdate(&ctx, out, &i, in, inlen);
+        outlen = i;
+        if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+                OPENSSL_free(out);
+                out = NULL;
+                PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+                goto err;
+        }
+        outlen += i;
+        if (datalen) *datalen = outlen;
+        if (data) *data = out;
+        err:
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        return out;
+
+}
+
+/* Decrypt an OCTET STRING and decode ASN1 structure 
+ * if zbuf set zero buffer after use.
+ */
+
+void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+             const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
+{
+        unsigned char *out, *p;
+        void *ret;
+        int outlen;
+
+        if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+                               &out, &outlen, 0)) {
+                PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+                return NULL;
+        }
+        p = out;
+#ifdef DEBUG_DECRYPT
+        {
+                FILE *op;
+
+                char fname[30];
+                static int fnm = 1;
+                sprintf(fname, "DER%d", fnm++);
+                op = fopen(fname, "wb");
+                fwrite (p, 1, outlen, op);
+                fclose(op);
+        }
+#endif
+        ret = ASN1_item_d2i(NULL, &p, outlen, it);
+        if (zbuf) OPENSSL_cleanse(out, outlen);
+        if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+        OPENSSL_free(out);
+        return ret;
+}
+
+/* Encode ASN1 structure and encrypt, return OCTET STRING 
+ * if zbuf set zero encoding.
+ */
+
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
+                                       const char *pass, int passlen,
+                                       void *obj, int zbuf)
+{
+        ASN1_OCTET_STRING *oct;
+        unsigned char *in = NULL;
+        int inlen;
+        if (!(oct = M_ASN1_OCTET_STRING_new ())) {
+                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        inlen = ASN1_item_i2d(obj, &in, it);
+        if (!in) {
+                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
+                return NULL;
+        }
+        if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+                                 &oct->length, 1)) {
+                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
+                OPENSSL_free(in);
+                return NULL;
+        }
+        if (zbuf) OPENSSL_cleanse(in, inlen);
+        OPENSSL_free(in);
+        return oct;
+}
+
+IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
new file mode 100644
index 0000000000..5276b12669
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -0,0 +1,92 @@
+/* p12_init.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *PKCS12_init (int mode)
+{
+        PKCS12 *pkcs12;
+        if (!(pkcs12 = PKCS12_new())) {
+                PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        ASN1_INTEGER_set(pkcs12->version, 3);
+        pkcs12->authsafes->type = OBJ_nid2obj(mode);
+        switch (mode) {
+                case NID_pkcs7_data:
+                        if (!(pkcs12->authsafes->d.data =
+                                 M_ASN1_OCTET_STRING_new())) {
+                        PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                break;
+                default:
+                        PKCS12err(PKCS12_F_PKCS12_INIT,
+                                PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+                        goto err;
+        }
+                
+        return pkcs12;
+err:
+        if (pkcs12 != NULL) PKCS12_free(pkcs12);
+        return NULL;
+}
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
new file mode 100644
index 0000000000..9196a34b4a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -0,0 +1,206 @@
+/* p12_key.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+
+/* Uncomment out this line to get debugging info about key generation */
+/*#define DEBUG_KEYGEN*/
+#ifdef DEBUG_KEYGEN
+#include <openssl/bio.h>
+extern BIO *bio_err;
+void h__dump (unsigned char *p, int len);
+#endif
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+#define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+             int saltlen, int id, int iter, int n, unsigned char *out,
+             const EVP_MD *md_type)
+{
+        int ret;
+        unsigned char *unipass;
+        int uniplen;
+        if(!pass) {
+                unipass = NULL;
+                uniplen = 0;
+        } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
+                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                                                 id, iter, n, out, md_type);
+        if(unipass) {
+                OPENSSL_cleanse(unipass, uniplen);      /* Clear password from memory */
+                OPENSSL_free(unipass);
+        }
+        return ret;
+}
+
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+             int saltlen, int id, int iter, int n, unsigned char *out,
+             const EVP_MD *md_type)
+{
+        unsigned char *B, *D, *I, *p, *Ai;
+        int Slen, Plen, Ilen, Ijlen;
+        int i, j, u, v;
+        BIGNUM *Ij, *Bpl1;      /* These hold Ij and B + 1 */
+        EVP_MD_CTX ctx;
+#ifdef  DEBUG_KEYGEN
+        unsigned char *tmpout = out;
+        int tmpn = n;
+#endif
+
+#if 0
+        if (!pass) {
+                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+        }
+#endif
+
+        EVP_MD_CTX_init(&ctx);
+#ifdef  DEBUG_KEYGEN
+        fprintf(stderr, "KEYGEN DEBUG\n");
+        fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+        fprintf(stderr, "Password (length %d):\n", passlen);
+        h__dump(pass, passlen);
+        fprintf(stderr, "Salt (length %d):\n", saltlen);
+        h__dump(salt, saltlen);
+#endif
+        v = EVP_MD_block_size (md_type);
+        u = EVP_MD_size (md_type);
+        D = OPENSSL_malloc (v);
+        Ai = OPENSSL_malloc (u);
+        B = OPENSSL_malloc (v + 1);
+        Slen = v * ((saltlen+v-1)/v);
+        if(passlen) Plen = v * ((passlen+v-1)/v);
+        else Plen = 0;
+        Ilen = Slen + Plen;
+        I = OPENSSL_malloc (Ilen);
+        Ij = BN_new();
+        Bpl1 = BN_new();
+        if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
+                PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        for (i = 0; i < v; i++) D[i] = id;
+        p = I;
+        for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
+        for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
+        for (;;) {
+                EVP_DigestInit_ex(&ctx, md_type, NULL);
+                EVP_DigestUpdate(&ctx, D, v);
+                EVP_DigestUpdate(&ctx, I, Ilen);
+                EVP_DigestFinal_ex(&ctx, Ai, NULL);
+                for (j = 1; j < iter; j++) {
+                        EVP_DigestInit_ex(&ctx, md_type, NULL);
+                        EVP_DigestUpdate(&ctx, Ai, u);
+                        EVP_DigestFinal_ex(&ctx, Ai, NULL);
+                }
+                memcpy (out, Ai, min (n, u));
+                if (u >= n) {
+                        OPENSSL_free (Ai);
+                        OPENSSL_free (B);
+                        OPENSSL_free (D);
+                        OPENSSL_free (I);
+                        BN_free (Ij);
+                        BN_free (Bpl1);
+                        EVP_MD_CTX_cleanup(&ctx);
+#ifdef DEBUG_KEYGEN
+                        fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+                        h__dump(tmpout, tmpn);
+#endif
+                        return 1;       
+                }
+                n -= u;
+                out += u;
+                for (j = 0; j < v; j++) B[j] = Ai[j % u];
+                /* Work out B + 1 first then can use B as tmp space */
+                BN_bin2bn (B, v, Bpl1);
+                BN_add_word (Bpl1, 1);
+                for (j = 0; j < Ilen ; j+=v) {
+                        BN_bin2bn (I + j, v, Ij);
+                        BN_add (Ij, Ij, Bpl1);
+                        BN_bn2bin (Ij, B);
+                        Ijlen = BN_num_bytes (Ij);
+                        /* If more than 2^(v*8) - 1 cut off MSB */
+                        if (Ijlen > v) {
+                                BN_bn2bin (Ij, B);
+                                memcpy (I + j, B + 1, v);
+#ifndef PKCS12_BROKEN_KEYGEN
+                        /* If less than v bytes pad with zeroes */
+                        } else if (Ijlen < v) {
+                                memset(I + j, 0, v - Ijlen);
+                                BN_bn2bin(Ij, I + j + v - Ijlen); 
+#endif
+                        } else BN_bn2bin (Ij, I + j);
+                }
+        }
+}
+#ifdef DEBUG_KEYGEN
+void h__dump (unsigned char *p, int len)
+{
+        for (; len --; p++) fprintf(stderr, "%02X", *p);
+        fprintf(stderr, "\n");  
+}
+#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
new file mode 100644
index 0000000000..2b31999e11
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -0,0 +1,297 @@
+/* p12_kiss.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
+                EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                       int passlen, EVP_PKEY **pkey, X509 **cert,
+                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+                       char *keymatch);
+
+static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                        EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                        ASN1_OCTET_STRING **keyid, char *keymatch);
+
+/* Parse and decrypt a PKCS#12 structure returning user key, user cert
+ * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
+ * or it should point to a valid STACK structure. pkey and cert can be
+ * passed unitialised.
+ */
+
+int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+             STACK_OF(X509) **ca)
+{
+
+        /* Check for NULL PKCS12 structure */
+
+        if(!p12) {
+                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+                return 0;
+        }
+
+        /* Allocate stack for ca certificates if needed */
+        if ((ca != NULL) && (*ca == NULL)) {
+                if (!(*ca = sk_X509_new_null())) {
+                        PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+        }
+
+        if(pkey) *pkey = NULL;
+        if(cert) *cert = NULL;
+
+        /* Check the mac */
+
+        /* If password is zero length or NULL then try verifying both cases
+         * to determine which password is correct. The reason for this is that
+         * under PKCS#12 password based encryption no password and a zero length
+         * password are two different things...
+         */
+
+        if(!pass || !*pass) {
+                if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
+                else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
+                else {
+                        PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
+                        goto err;
+                }
+        } else if (!PKCS12_verify_mac(p12, pass, -1)) {
+                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
+                goto err;
+        }
+
+        if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
+                {
+                PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
+                goto err;
+                }
+
+        return 1;
+
+ err:
+
+        if (pkey && *pkey) EVP_PKEY_free(*pkey);
+        if (cert && *cert) X509_free(*cert);
+        if (ca) sk_X509_pop_free(*ca, X509_free);
+        return 0;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
+             EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+        STACK_OF(PKCS7) *asafes;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
+        int i, bagnid;
+        PKCS7 *p7;
+        ASN1_OCTET_STRING *keyid = NULL;
+
+        char keymatch = 0;
+        if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
+        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+                p7 = sk_PKCS7_value (asafes, i);
+                bagnid = OBJ_obj2nid (p7->type);
+                if (bagnid == NID_pkcs7_data) {
+                        bags = PKCS12_unpack_p7data(p7);
+                } else if (bagnid == NID_pkcs7_encrypted) {
+                        bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+                } else continue;
+                if (!bags) {
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
+                        return 0;
+                }
+                if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
+                                                         &keyid, &keymatch)) {
+                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
+                        return 0;
+                }
+                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        }
+        sk_PKCS7_pop_free(asafes, PKCS7_free);
+        if (keyid) M_ASN1_OCTET_STRING_free(keyid);
+        return 1;
+}
+
+
+static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                       int passlen, EVP_PKEY **pkey, X509 **cert,
+                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+                       char *keymatch)
+{
+        int i;
+        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+                if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
+                         pass, passlen, pkey, cert, ca, keyid,
+                                                         keymatch)) return 0;
+        }
+        return 1;
+}
+
+#define MATCH_KEY  0x1
+#define MATCH_CERT 0x2
+#define MATCH_ALL  0x3
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                      ASN1_OCTET_STRING **keyid,
+             char *keymatch)
+{
+        PKCS8_PRIV_KEY_INFO *p8;
+        X509 *x509;
+        ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
+        ASN1_TYPE *attrib;
+        ASN1_BMPSTRING *fname = NULL;
+
+        if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
+                fname = attrib->value.bmpstring;
+
+        if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
+                lkey = attrib->value.octet_string;
+                ckid = lkey;
+        }
+
+        /* Check for any local key id matching (if needed) */
+        if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
+                if (*keyid) {
+                        if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
+                } else {
+                        if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
+                                PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
+                                return 0;
+                    }
+                }
+        }
+        
+        switch (M_PKCS12_bag_type(bag))
+        {
+        case NID_keyBag:
+                if (!lkey || !pkey) return 1;   
+                if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
+                *keymatch |= MATCH_KEY;
+        break;
+
+        case NID_pkcs8ShroudedKeyBag:
+                if (!lkey || !pkey) return 1;   
+                if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+                                return 0;
+                *pkey = EVP_PKCS82PKEY(p8);
+                PKCS8_PRIV_KEY_INFO_free(p8);
+                if (!(*pkey)) return 0;
+                *keymatch |= MATCH_KEY;
+        break;
+
+        case NID_certBag:
+                if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+                                                                 return 1;
+                if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+                if(ckid)
+                        {
+                        if (!X509_keyid_set1(x509, ckid->data, ckid->length))
+                                {
+                                X509_free(x509);
+                                return 0;
+                                }
+                        }
+                if(fname) {
+                        int len, r;
+                        unsigned char *data;
+                        len = ASN1_STRING_to_UTF8(&data, fname);
+                        if(len > 0) {
+                                r = X509_alias_set1(x509, data, len);
+                                OPENSSL_free(data);
+                                if (!r)
+                                        {
+                                        X509_free(x509);
+                                        return 0;
+                                        }
+                        }
+                }
+
+
+                if (lkey) {
+                        *keymatch |= MATCH_CERT;
+                        if (cert) *cert = x509;
+                        else X509_free(x509);
+                } else {
+                        if(ca) sk_X509_push (*ca, x509);
+                        else X509_free(x509);
+                }
+        break;
+
+        case NID_safeContentsBag:
+                return parse_bags(bag->value.safes, pass, passlen,
+                                        pkey, cert, ca, keyid, keymatch);
+        break;
+
+        default:
+                return 1;
+        break;
+        }
+        return 1;
+}
+
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
new file mode 100644
index 0000000000..4886b9b289
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -0,0 +1,176 @@
+/* p12_mutl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_HMAC
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+
+/* Generate a MAC */
+int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
+                    unsigned char *mac, unsigned int *maclen)
+{
+        const EVP_MD *md_type;
+        HMAC_CTX hmac;
+        unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
+        int saltlen, iter;
+
+        salt = p12->mac->salt->data;
+        saltlen = p12->mac->salt->length;
+        if (!p12->mac->iter) iter = 1;
+        else iter = ASN1_INTEGER_get (p12->mac->iter);
+        if(!(md_type =
+                 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
+                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+                return 0;
+        }
+        if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+                                 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
+                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
+                return 0;
+        }
+        HMAC_CTX_init(&hmac);
+        HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
+        HMAC_Update(&hmac, p12->authsafes->d.data->data,
+                                         p12->authsafes->d.data->length);
+        HMAC_Final(&hmac, mac, maclen);
+        HMAC_CTX_cleanup(&hmac);
+        return 1;
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
+{
+        unsigned char mac[EVP_MAX_MD_SIZE];
+        unsigned int maclen;
+        if(p12->mac == NULL) {
+                PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
+                return 0;
+        }
+        if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
+                PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+                return 0;
+        }
+        if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+        || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
+        return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
+             unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
+{
+        unsigned char mac[EVP_MAX_MD_SIZE];
+        unsigned int maclen;
+
+        if (!md_type) md_type = EVP_sha1();
+        if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
+                                        PKCS12_ERROR) {
+                PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
+                return 0;
+        }
+        if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
+                PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+                return 0;
+        }
+        if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
+                PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
+                                                return 0;
+        }
+        return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+             const EVP_MD *md_type)
+{
+        if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
+        if (iter > 1) {
+                if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
+                        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+                        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+        }
+        if (!saltlen) saltlen = PKCS12_SALT_LEN;
+        p12->mac->salt->length = saltlen;
+        if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
+                PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if (!salt) {
+                if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
+                        return 0;
+        }
+        else memcpy (p12->mac->salt->data, salt, saltlen);
+        p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+        if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+                PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
+        
+        return 1;
+}
+#endif
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
new file mode 100644
index 0000000000..af708a2743
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -0,0 +1,217 @@
+/* p12_npas.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+                        char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
+
+/* 
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
+{
+
+/* Check for NULL PKCS12 structure */
+
+if(!p12) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+}
+
+/* Check the mac */
+
+if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
+        return 0;
+}
+
+if (!newpass_p12(p12, oldpass, newpass)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
+        return 0;
+}
+
+return 1;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
+{
+        STACK_OF(PKCS7) *asafes, *newsafes;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
+        int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+        PKCS7 *p7, *p7new;
+        ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+        unsigned char mac[EVP_MAX_MD_SIZE];
+        unsigned int maclen;
+
+        if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
+        if(!(newsafes = sk_PKCS7_new_null())) return 0;
+        for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+                p7 = sk_PKCS7_value(asafes, i);
+                bagnid = OBJ_obj2nid(p7->type);
+                if (bagnid == NID_pkcs7_data) {
+                        bags = PKCS12_unpack_p7data(p7);
+                } else if (bagnid == NID_pkcs7_encrypted) {
+                        bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+                        alg_get(p7->d.encrypted->enc_data->algorithm,
+                                &pbe_nid, &pbe_iter, &pbe_saltlen);
+                } else continue;
+                if (!bags) {
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
+                        return 0;
+                }
+                if (!newpass_bags(bags, oldpass, newpass)) {
+                        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
+                        return 0;
+                }
+                /* Repack bag in same form with new password */
+                if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
+                else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+                                                 pbe_saltlen, pbe_iter, bags);
+                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+                if(!p7new) {
+                        sk_PKCS7_pop_free(asafes, PKCS7_free);
+                        return 0;
+                }
+                sk_PKCS7_push(newsafes, p7new);
+        }
+        sk_PKCS7_pop_free(asafes, PKCS7_free);
+
+        /* Repack safe: save old safe in case of error */
+
+        p12_data_tmp = p12->authsafes->d.data;
+        if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
+        if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
+
+        if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
+        if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
+        if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
+        ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
+        p12->mac->dinfo->digest = macnew;
+        ASN1_OCTET_STRING_free(p12_data_tmp);
+
+        return 1;
+
+        saferr:
+        /* Restore old safe */
+        ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+        ASN1_OCTET_STRING_free(macnew);
+        p12->authsafes->d.data = p12_data_tmp;
+        return 0;
+
+}
+
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+                        char *newpass)
+{
+        int i;
+        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+                if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+                                 oldpass, newpass))
+                    return 0;
+        }
+        return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
+{
+        PKCS8_PRIV_KEY_INFO *p8;
+        X509_SIG *p8new;
+        int p8_nid, p8_saltlen, p8_iter;
+
+        if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
+
+        if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
+        alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
+        if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+                                                     p8_iter, p8))) return 0;
+        X509_SIG_free(bag->value.shkeybag);
+        bag->value.shkeybag = p8new;
+        return 1;
+}
+
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
+{
+        PBEPARAM *pbe;
+        unsigned char *p;
+        p = alg->parameter->value.sequence->data;
+        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+        *pnid = OBJ_obj2nid(alg->algorithm);
+        *piter = ASN1_INTEGER_get(pbe->iter);
+        *psaltlen = pbe->salt->length;
+        PBEPARAM_free(pbe);
+        return 0;
+}
diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c
new file mode 100644
index 0000000000..3c6f377933
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_p8d.c
@@ -0,0 +1,68 @@
+/* p12_p8d.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
+{
+        return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+                                        passlen, p8->digest, 1);
+}
+
diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c
new file mode 100644
index 0000000000..3d47956652
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_p8e.c
@@ -0,0 +1,97 @@
+/* p12_p8e.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                         const char *pass, int passlen,
+                         unsigned char *salt, int saltlen, int iter,
+                                                PKCS8_PRIV_KEY_INFO *p8inf)
+{
+        X509_SIG *p8 = NULL;
+        X509_ALGOR *pbe;
+
+        if (!(p8 = X509_SIG_new())) {
+                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+
+        if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+        else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+        if(!pbe) {
+                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+                goto err;
+        }
+        X509_ALGOR_free(p8->algor);
+        p8->algor = pbe;
+        M_ASN1_OCTET_STRING_free(p8->digest);
+        p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+                                        pass, passlen, p8inf, 1);
+        if(!p8->digest) {
+                PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+                goto err;
+        }
+
+        return p8;
+
+        err:
+        X509_SIG_free(p8);
+        return NULL;
+}
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c
new file mode 100644
index 0000000000..243ec76be9
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_utl.c
@@ -0,0 +1,146 @@
+/* p12_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
+{
+        int ulen, i;
+        unsigned char *unitmp;
+        if (asclen == -1) asclen = strlen(asc);
+        ulen = asclen*2  + 2;
+        if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
+        for (i = 0; i < ulen - 2; i+=2) {
+                unitmp[i] = 0;
+                unitmp[i + 1] = asc[i>>1];
+        }
+        /* Make result double null terminated */
+        unitmp[ulen - 2] = 0;
+        unitmp[ulen - 1] = 0;
+        if (unilen) *unilen = ulen;
+        if (uni) *uni = unitmp;
+        return unitmp;
+}
+
+char *uni2asc(unsigned char *uni, int unilen)
+{
+        int asclen, i;
+        char *asctmp;
+        asclen = unilen / 2;
+        /* If no terminating zero allow for one */
+        if (!unilen || uni[unilen - 1]) asclen++;
+        uni++;
+        if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
+        for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
+        asctmp[asclen - 1] = 0;
+        return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+#ifndef OPENSSL_NO_FP_API
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
+{
+        return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+                        NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
+{
+        return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+                        NID_x509Crl, NID_crlBag);
+}
+
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
+{
+        if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
+        if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
+        return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
+{
+        if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
+        if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
+        return ASN1_item_unpack(bag->value.bag->value.octet,
+                                                        ASN1_ITEM_rptr(X509_CRL));
+}
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
new file mode 100644
index 0000000000..10ab80502c
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -0,0 +1,139 @@
+/* crypto/pkcs12/pk12err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA PKCS12_str_functs[]=
+        {
+{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0),     "PARSE_BAGS"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0),        "PKCS12_ADD_FRIENDLYNAME"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0),    "PKCS12_add_friendlyname_asc"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0),    "PKCS12_add_friendlyname_uni"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0),  "PKCS12_add_localkeyid"},
+{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0),  "PKCS12_create"},
+{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0),     "PKCS12_decrypt_d2i"},
+{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0),     "PKCS12_i2d_encrypt"},
+{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0),    "PKCS12_init"},
+{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0),     "PKCS12_key_gen_asc"},
+{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0),     "PKCS12_key_gen_uni"},
+{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0),     "PKCS12_MAKE_KEYBAG"},
+{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0),   "PKCS12_MAKE_SHKEYBAG"},
+{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0),     "PKCS12_pack_p7data"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0),  "PKCS12_pack_p7encdata"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0),    "PKCS12_pack_safebag"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0),   "PKCS12_parse"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0),       "PKCS12_pbe_crypt"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0),    "PKCS12_PBE_keyivgen"},
+{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0),       "PKCS12_setup_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0),     "PKCS8_add_keyusage"},
+{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0),  "PKCS8_encrypt"},
+{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0),     "VERIFY_MAC"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA PKCS12_str_reasons[]=
+        {
+{PKCS12_R_CANT_PACK_STRUCTURE            ,"cant pack structure"},
+{PKCS12_R_DECODE_ERROR                   ,"decode error"},
+{PKCS12_R_ENCODE_ERROR                   ,"encode error"},
+{PKCS12_R_ENCRYPT_ERROR                  ,"encrypt error"},
+{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
+{PKCS12_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{PKCS12_R_INVALID_NULL_PKCS12_POINTER    ,"invalid null pkcs12 pointer"},
+{PKCS12_R_IV_GEN_ERROR                   ,"iv gen error"},
+{PKCS12_R_KEY_GEN_ERROR                  ,"key gen error"},
+{PKCS12_R_MAC_ABSENT                     ,"mac absent"},
+{PKCS12_R_MAC_GENERATION_ERROR           ,"mac generation error"},
+{PKCS12_R_MAC_SETUP_ERROR                ,"mac setup error"},
+{PKCS12_R_MAC_STRING_SET_ERROR           ,"mac string set error"},
+{PKCS12_R_MAC_VERIFY_ERROR               ,"mac verify error"},
+{PKCS12_R_MAC_VERIFY_FAILURE             ,"mac verify failure"},
+{PKCS12_R_PARSE_ERROR                    ,"parse error"},
+{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR  ,"pkcs12 algor cipherinit error"},
+{PKCS12_R_PKCS12_CIPHERFINAL_ERROR       ,"pkcs12 cipherfinal error"},
+{PKCS12_R_PKCS12_PBE_CRYPT_ERROR         ,"pkcs12 pbe crypt error"},
+{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM       ,"unknown digest algorithm"},
+{PKCS12_R_UNSUPPORTED_PKCS12_MODE        ,"unsupported pkcs12 mode"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_PKCS12_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
+                ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
new file mode 100644
index 0000000000..dd338f266c
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -0,0 +1,320 @@
+/* pkcs12.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PKCS12_H
+#define HEADER_PKCS12_H
+
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define PKCS12_KEY_ID   1
+#define PKCS12_IV_ID    2
+#define PKCS12_MAC_ID   3
+
+/* Default iteration count */
+#ifndef PKCS12_DEFAULT_ITER
+#define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
+#endif
+
+#define PKCS12_MAC_KEY_LENGTH 20
+
+#define PKCS12_SALT_LEN 8
+
+/* Uncomment out next line for unicode password and names, otherwise ASCII */
+
+/*#define PBE_UNICODE*/
+
+#ifdef PBE_UNICODE
+#define PKCS12_key_gen PKCS12_key_gen_uni
+#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
+#else
+#define PKCS12_key_gen PKCS12_key_gen_asc
+#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
+#endif
+
+/* MS key usage constants */
+
+#define KEY_EX  0x10
+#define KEY_SIG 0x80
+
+typedef struct {
+X509_SIG *dinfo;
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;     /* defaults to 1 */
+} PKCS12_MAC_DATA;
+
+typedef struct {
+ASN1_INTEGER *version;
+PKCS12_MAC_DATA *mac;
+PKCS7 *authsafes;
+} PKCS12;
+
+PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct {
+ASN1_OBJECT *type;
+union {
+        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+        struct pkcs8_priv_key_info_st   *keybag; /* keybag */
+        X509_SIG *shkeybag; /* shrouded key bag */
+        STACK_OF(PKCS12_SAFEBAG) *safes;
+        ASN1_TYPE *other;
+}value;
+STACK_OF(X509_ATTRIBUTE) *attrib;
+} PKCS12_SAFEBAG;
+
+DECLARE_STACK_OF(PKCS12_SAFEBAG)
+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st {
+ASN1_OBJECT *type;
+union {
+        ASN1_OCTET_STRING *x509cert;
+        ASN1_OCTET_STRING *x509crl;
+        ASN1_OCTET_STRING *octet;
+        ASN1_IA5STRING *sdsicert;
+        ASN1_TYPE *other; /* Secret or other bag */
+}value;
+} PKCS12_BAGS;
+
+#define PKCS12_ERROR    0
+#define PKCS12_OK       1
+
+/* Compatibility macros */
+
+#define M_PKCS12_x5092certbag PKCS12_x5092certbag
+#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
+
+#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
+#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 
+
+#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
+#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
+#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
+#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
+
+#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
+#define M_PKCS8_decrypt PKCS8_decrypt
+
+#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
+#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
+#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+
+#define PKCS12_get_attr(bag, attr_nid) \
+                         PKCS12_get_attr_gen(bag->attrib, attr_nid)
+
+#define PKCS8_get_attr(p8, attr_nid) \
+                PKCS12_get_attr_gen(p8->attributes, attr_nid)
+
+#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
+
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
+             int nid2);
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
+                                                                int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 
+                        const char *pass, int passlen,
+                        unsigned char *salt, int saltlen, int iter,
+                        PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+                                     int passlen, unsigned char *salt,
+                                     int saltlen, int iter,
+                                     PKCS8_PRIV_KEY_INFO *p8);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
+                                int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+                                int passlen, unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen, int en_de);
+void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+             const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
+                                       const char *pass, int passlen,
+                                       void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
+                         int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                         unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+                                         int saltlen, const EVP_MD *md_type);
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
+char *uni2asc(unsigned char *uni, int unilen);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+                         STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+                                                 int mac_iter, int keytype);
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS12_strings(void);
+
+/* Error codes for the PKCS12 functions. */
+
+/* Function codes. */
+#define PKCS12_F_PARSE_BAGS                              103
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME                 100
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC             127
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI             102
+#define PKCS12_F_PKCS12_ADD_LOCALKEYID                   104
+#define PKCS12_F_PKCS12_CREATE                           105
+#define PKCS12_F_PKCS12_DECRYPT_D2I                      106
+#define PKCS12_F_PKCS12_GEN_MAC                          107
+#define PKCS12_F_PKCS12_I2D_ENCRYPT                      108
+#define PKCS12_F_PKCS12_INIT                             109
+#define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
+#define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
+#define PKCS12_F_PKCS12_MAKE_KEYBAG                      112
+#define PKCS12_F_PKCS12_MAKE_SHKEYBAG                    113
+#define PKCS12_F_PKCS12_NEWPASS                          128
+#define PKCS12_F_PKCS12_PACK_P7DATA                      114
+#define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
+#define PKCS12_F_PKCS12_PACK_SAFEBAG                     117
+#define PKCS12_F_PKCS12_PARSE                            118
+#define PKCS12_F_PKCS12_PBE_CRYPT                        119
+#define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
+#define PKCS12_F_PKCS12_SETUP_MAC                        122
+#define PKCS12_F_PKCS12_SET_MAC                          123
+#define PKCS12_F_PKCS8_ADD_KEYUSAGE                      124
+#define PKCS12_F_PKCS8_ENCRYPT                           125
+#define PKCS12_F_VERIFY_MAC                              126
+
+/* Reason codes. */
+#define PKCS12_R_CANT_PACK_STRUCTURE                     100
+#define PKCS12_R_DECODE_ERROR                            101
+#define PKCS12_R_ENCODE_ERROR                            102
+#define PKCS12_R_ENCRYPT_ERROR                           103
+#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
+#define PKCS12_R_INVALID_NULL_ARGUMENT                   104
+#define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
+#define PKCS12_R_IV_GEN_ERROR                            106
+#define PKCS12_R_KEY_GEN_ERROR                           107
+#define PKCS12_R_MAC_ABSENT                              108
+#define PKCS12_R_MAC_GENERATION_ERROR                    109
+#define PKCS12_R_MAC_SETUP_ERROR                         110
+#define PKCS12_R_MAC_STRING_SET_ERROR                    111
+#define PKCS12_R_MAC_VERIFY_ERROR                        112
+#define PKCS12_R_MAC_VERIFY_FAILURE                      113
+#define PKCS12_R_PARSE_ERROR                             114
+#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
+#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
+#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
+#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
+#define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl
new file mode 100644
index 0000000000..c3bfc7d560
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/Makefile.ssl
@@ -0,0 +1,243 @@
+#
+# SSLeay/crypto/pkcs7/Makefile
+#
+
+DIR=    pkcs7
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+        pk7_mime.c
+LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
+        pk7_mime.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs7.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:    lib
+
+testapps: enc dec sign verify
+
+enc: enc.o lib
+        $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+dec: dec.o lib
+        $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+sign: sign.o lib
+        $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+verify: verify.o example.o lib
+        $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pk7_asn1.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+pk7_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_asn1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_asn1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_asn1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_asn1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_asn1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_asn1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_asn1.o: ../cryptlib.h pk7_asn1.c
+pk7_attr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_attr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_attr.o: pk7_attr.c
+pk7_doit.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_doit.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_doit.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_doit.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_doit.o: ../cryptlib.h pk7_doit.c
+pk7_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
+pk7_mime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_mime.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_mime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_mime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_mime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_mime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_mime.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c
+pk7_smime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_smime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/opensslconf.h
+pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_smime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_smime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_smime.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pkcs7err.o: pkcs7err.c
diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c
new file mode 100644
index 0000000000..46f0fc9375
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_asn1.c
@@ -0,0 +1,213 @@
+/* pk7_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+/* PKCS#7 ASN1 module */
+
+/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
+
+ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS7) = {
+        ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS7) = {
+        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS7)
+}ASN1_SEQUENCE_END(PKCS7)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
+IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
+
+ASN1_SEQUENCE(PKCS7_SIGNED) = {
+        ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_SEQUENCE_END(PKCS7_SIGNED)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_FREE_POST) {
+                PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+                EVP_PKEY_free(si->pkey);
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+        /* NB this should be a SET OF but we use a SEQUENCE OF so the
+         * original order * is retained when the structure is reencoded.
+         * Since the attributes are implicitly tagged this will not affect
+         * the encoding.
+         */
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_SEQUENCE_END(PKCS7_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_FREE_POST) {
+                PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+                X509_free(ri->cert);
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+
+ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = {
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
+} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+
+ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+
+ASN1_SEQUENCE(PKCS7_ENCRYPT) = {
+        ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_SEQUENCE_END(PKCS7_ENCRYPT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+
+ASN1_SEQUENCE(PKCS7_DIGEST) = {
+        ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+        ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PKCS7_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
+
+/* Specials for authenticated attributes */
+
+/* When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
+
+/* When verifying attributes we need to use the received order. So 
+ * we use SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
new file mode 100644
index 0000000000..039141027a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -0,0 +1,140 @@
+/* pk7_attr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
+{
+        ASN1_STRING *seq;
+        unsigned char *p, *pp;
+        int len;
+        len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
+                                       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
+                                       IS_SEQUENCE);
+        if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
+                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        p=pp;
+        i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+                                   V_ASN1_UNIVERSAL, IS_SEQUENCE);
+        if(!(seq = ASN1_STRING_new())) {
+                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if(!ASN1_STRING_set (seq, pp, len)) {
+                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        OPENSSL_free (pp);
+        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+                                                        V_ASN1_SEQUENCE, seq);
+}
+
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+        {
+        ASN1_TYPE *cap;
+        unsigned char *p;
+        cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+        if (!cap || (cap->type != V_ASN1_SEQUENCE))
+                return NULL;
+        p = cap->value.sequence->data;
+        return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
+                                          cap->value.sequence->length,
+                                          d2i_X509_ALGOR, X509_ALGOR_free,
+                                          V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        }
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+        X509_ALGOR *alg;
+
+        if(!(alg = X509_ALGOR_new())) {
+                PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        ASN1_OBJECT_free(alg->algorithm);
+        alg->algorithm = OBJ_nid2obj (nid);
+        if (arg > 0) {
+                ASN1_INTEGER *nbit;
+                if(!(alg->parameter = ASN1_TYPE_new())) {
+                        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                if(!(nbit = ASN1_INTEGER_new())) {
+                        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                if(!ASN1_INTEGER_set (nbit, arg)) {
+                        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                alg->parameter->value.integer = nbit;
+                alg->parameter->type = V_ASN1_INTEGER;
+        }
+        sk_X509_ALGOR_push (sk, alg);
+        return 1;
+}
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
new file mode 100644
index 0000000000..4ac29ae14d
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -0,0 +1,1013 @@
+/* crypto/pkcs7/pk7_doit.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+static int PKCS7_type_is_other(PKCS7* p7)
+        {
+        int isOther=1;
+        
+        int nid=OBJ_obj2nid(p7->type);
+
+        switch( nid )
+                {
+        case NID_pkcs7_data:
+        case NID_pkcs7_signed:
+        case NID_pkcs7_enveloped:
+        case NID_pkcs7_signedAndEnveloped:
+        case NID_pkcs7_digest:
+        case NID_pkcs7_encrypted:
+                isOther=0;
+                break;
+        default:
+                isOther=1;
+                }
+
+        return isOther;
+
+        }
+
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
+        {
+        if ( PKCS7_type_is_data(p7))
+                return p7->d.data;
+        if ( PKCS7_type_is_other(p7) && p7->d.other
+                && (p7->d.other->type == V_ASN1_OCTET_STRING))
+                return p7->d.other->value.octet_string;
+        return NULL;
+        }
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+        {
+        int i;
+        BIO *out=NULL,*btmp=NULL;
+        X509_ALGOR *xa;
+        const EVP_MD *evp_md;
+        const EVP_CIPHER *evp_cipher=NULL;
+        STACK_OF(X509_ALGOR) *md_sk=NULL;
+        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+        X509_ALGOR *xalg=NULL;
+        PKCS7_RECIP_INFO *ri=NULL;
+        EVP_PKEY *pkey;
+
+        i=OBJ_obj2nid(p7->type);
+        p7->state=PKCS7_S_HEADER;
+
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                md_sk=p7->d.sign->md_algs;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                rsk=p7->d.signed_and_enveloped->recipientinfo;
+                md_sk=p7->d.signed_and_enveloped->md_algs;
+                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+                evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
+                if (evp_cipher == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+                                                PKCS7_R_CIPHER_NOT_INITIALIZED);
+                        goto err;
+                        }
+                break;
+        case NID_pkcs7_enveloped:
+                rsk=p7->d.enveloped->recipientinfo;
+                xalg=p7->d.enveloped->enc_data->algorithm;
+                evp_cipher=p7->d.enveloped->enc_data->cipher;
+                if (evp_cipher == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+                                                PKCS7_R_CIPHER_NOT_INITIALIZED);
+                        goto err;
+                        }
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+
+        if (md_sk != NULL)
+                {
+                for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+                        {
+                        xa=sk_X509_ALGOR_value(md_sk,i);
+                        if ((btmp=BIO_new(BIO_f_md())) == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+                                goto err;
+                                }
+
+                        evp_md=EVP_get_digestbyobj(xa->algorithm);
+                        if (evp_md == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                                goto err;
+                                }
+
+                        BIO_set_md(btmp,evp_md);
+                        if (out == NULL)
+                                out=btmp;
+                        else
+                                BIO_push(out,btmp);
+                        btmp=NULL;
+                        }
+                }
+
+        if (evp_cipher != NULL)
+                {
+                unsigned char key[EVP_MAX_KEY_LENGTH];
+                unsigned char iv[EVP_MAX_IV_LENGTH];
+                int keylen,ivlen;
+                int jj,max;
+                unsigned char *tmp;
+                EVP_CIPHER_CTX *ctx;
+
+                if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+                        goto err;
+                        }
+                BIO_get_cipher_ctx(btmp, &ctx);
+                keylen=EVP_CIPHER_key_length(evp_cipher);
+                ivlen=EVP_CIPHER_iv_length(evp_cipher);
+                if (RAND_bytes(key,keylen) <= 0)
+                        goto err;
+                xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+                if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
+                EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
+
+                if (ivlen > 0) {
+                        if (xalg->parameter == NULL) 
+                                                xalg->parameter=ASN1_TYPE_new();
+                        if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+                                                                       goto err;
+                }
+
+                /* Lets do the pub key stuff :-) */
+                max=0;
+                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+                        {
+                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                        if (ri->cert == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
+                                goto err;
+                                }
+                        pkey=X509_get_pubkey(ri->cert);
+                        jj=EVP_PKEY_size(pkey);
+                        EVP_PKEY_free(pkey);
+                        if (max < jj) max=jj;
+                        }
+                if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+                        {
+                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                        pkey=X509_get_pubkey(ri->cert);
+                        jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
+                        EVP_PKEY_free(pkey);
+                        if (jj <= 0)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
+                                OPENSSL_free(tmp);
+                                goto err;
+                                }
+                        if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+                                        ERR_R_MALLOC_FAILURE);
+                                OPENSSL_free(tmp);
+                                goto err;
+                                }
+                        }
+                OPENSSL_free(tmp);
+                OPENSSL_cleanse(key, keylen);
+
+                if (out == NULL)
+                        out=btmp;
+                else
+                        BIO_push(out,btmp);
+                btmp=NULL;
+                }
+
+        if (bio == NULL)
+                {
+                if (PKCS7_is_detached(p7))
+                        bio=BIO_new(BIO_s_null());
+                else
+                        {
+                        if (PKCS7_type_is_signed(p7))
+                                {
+                                ASN1_OCTET_STRING *os;
+                                os = PKCS7_get_octet_string(
+                                                        p7->d.sign->contents);
+                                if (os && os->length > 0)
+                                        bio = BIO_new_mem_buf(os->data,
+                                                                os->length);
+                                }
+                        if(bio == NULL)
+                                {
+                                bio=BIO_new(BIO_s_mem());
+                                BIO_set_mem_eof_return(bio,0);
+                                }
+                        }
+        }
+        BIO_push(out,bio);
+        bio=NULL;
+        if (0)
+                {
+err:
+                if (out != NULL)
+                        BIO_free_all(out);
+                if (btmp != NULL)
+                        BIO_free_all(btmp);
+                out=NULL;
+                }
+        return(out);
+        }
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+        {
+        int i,j;
+        BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
+        unsigned char *tmp=NULL;
+        X509_ALGOR *xa;
+        ASN1_OCTET_STRING *data_body=NULL;
+        const EVP_MD *evp_md;
+        const EVP_CIPHER *evp_cipher=NULL;
+        EVP_CIPHER_CTX *evp_ctx=NULL;
+        X509_ALGOR *enc_alg=NULL;
+        STACK_OF(X509_ALGOR) *md_sk=NULL;
+        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+        X509_ALGOR *xalg=NULL;
+        PKCS7_RECIP_INFO *ri=NULL;
+
+        i=OBJ_obj2nid(p7->type);
+        p7->state=PKCS7_S_HEADER;
+
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                data_body=PKCS7_get_octet_string(p7->d.sign->contents);
+                md_sk=p7->d.sign->md_algs;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                rsk=p7->d.signed_and_enveloped->recipientinfo;
+                md_sk=p7->d.signed_and_enveloped->md_algs;
+                data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
+                enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
+                evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
+                if (evp_cipher == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+                        goto err;
+                        }
+                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+                break;
+        case NID_pkcs7_enveloped:
+                rsk=p7->d.enveloped->recipientinfo;
+                enc_alg=p7->d.enveloped->enc_data->algorithm;
+                data_body=p7->d.enveloped->enc_data->enc_data;
+                evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
+                if (evp_cipher == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+                        goto err;
+                        }
+                xalg=p7->d.enveloped->enc_data->algorithm;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+
+        /* We will be checking the signature */
+        if (md_sk != NULL)
+                {
+                for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+                        {
+                        xa=sk_X509_ALGOR_value(md_sk,i);
+                        if ((btmp=BIO_new(BIO_f_md())) == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+                                goto err;
+                                }
+
+                        j=OBJ_obj2nid(xa->algorithm);
+                        evp_md=EVP_get_digestbynid(j);
+                        if (evp_md == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                                goto err;
+                                }
+
+                        BIO_set_md(btmp,evp_md);
+                        if (out == NULL)
+                                out=btmp;
+                        else
+                                BIO_push(out,btmp);
+                        btmp=NULL;
+                        }
+                }
+
+        if (evp_cipher != NULL)
+                {
+#if 0
+                unsigned char key[EVP_MAX_KEY_LENGTH];
+                unsigned char iv[EVP_MAX_IV_LENGTH];
+                unsigned char *p;
+                int keylen,ivlen;
+                int max;
+                X509_OBJECT ret;
+#endif
+                int jj;
+
+                if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+                        goto err;
+                        }
+
+                /* It was encrypted, we need to decrypt the secret key
+                 * with the private key */
+
+                /* Find the recipientInfo which matches the passed certificate
+                 * (if any)
+                 */
+
+                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                        if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                                        pcert->cert_info->issuer) &&
+                             !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+                                        ri->issuer_and_serial->serial)) break;
+                        ri=NULL;
+                }
+                if (ri == NULL) {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                                 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                        goto err;
+                }
+
+                jj=EVP_PKEY_size(pkey);
+                tmp=(unsigned char *)OPENSSL_malloc(jj+10);
+                if (tmp == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+
+                jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
+                        M_ASN1_STRING_length(ri->enc_key), pkey);
+                if (jj <= 0)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
+                        goto err;
+                        }
+
+                evp_ctx=NULL;
+                BIO_get_cipher_ctx(etmp,&evp_ctx);
+                EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
+                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+                        goto err;
+
+                if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+                        /* Some S/MIME clients don't use the same key
+                         * and effective key length. The key length is
+                         * determined by the size of the decrypted RSA key.
+                         */
+                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                                        PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+                                goto err;
+                                }
+                } 
+                EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
+
+                OPENSSL_cleanse(tmp,jj);
+
+                if (out == NULL)
+                        out=etmp;
+                else
+                        BIO_push(out,etmp);
+                etmp=NULL;
+                }
+
+#if 1
+        if (PKCS7_is_detached(p7) || (in_bio != NULL))
+                {
+                bio=in_bio;
+                }
+        else 
+                {
+#if 0
+                bio=BIO_new(BIO_s_mem());
+                /* We need to set this so that when we have read all
+                 * the data, the encrypt BIO, if present, will read
+                 * EOF and encode the last few bytes */
+                BIO_set_mem_eof_return(bio,0);
+
+                if (data_body->length > 0)
+                        BIO_write(bio,(char *)data_body->data,data_body->length);
+#else
+                if (data_body->length > 0)
+                      bio = BIO_new_mem_buf(data_body->data,data_body->length);
+                else {
+                        bio=BIO_new(BIO_s_mem());
+                        BIO_set_mem_eof_return(bio,0);
+                }
+#endif
+                }
+        BIO_push(out,bio);
+        bio=NULL;
+#endif
+        if (0)
+                {
+err:
+                if (out != NULL) BIO_free_all(out);
+                if (btmp != NULL) BIO_free_all(btmp);
+                if (etmp != NULL) BIO_free_all(etmp);
+                if (bio != NULL) BIO_free_all(bio);
+                out=NULL;
+                }
+        if (tmp != NULL)
+                OPENSSL_free(tmp);
+        return(out);
+        }
+
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+        {
+        int ret=0;
+        int i,j;
+        BIO *btmp;
+        BUF_MEM *buf_mem=NULL;
+        BUF_MEM *buf=NULL;
+        PKCS7_SIGNER_INFO *si;
+        EVP_MD_CTX *mdc,ctx_tmp;
+        STACK_OF(X509_ATTRIBUTE) *sk;
+        STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+        ASN1_OCTET_STRING *os=NULL;
+
+        EVP_MD_CTX_init(&ctx_tmp);
+        i=OBJ_obj2nid(p7->type);
+        p7->state=PKCS7_S_HEADER;
+
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                /* XXXXXXXXXXXXXXXX */
+                si_sk=p7->d.signed_and_enveloped->signer_info;
+                if (!(os=M_ASN1_OCTET_STRING_new()))
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                p7->d.signed_and_enveloped->enc_data->enc_data=os;
+                break;
+        case NID_pkcs7_enveloped:
+                /* XXXXXXXXXXXXXXXX */
+                if (!(os=M_ASN1_OCTET_STRING_new()))
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                p7->d.enveloped->enc_data->enc_data=os;
+                break;
+        case NID_pkcs7_signed:
+                si_sk=p7->d.sign->signer_info;
+                os=PKCS7_get_octet_string(p7->d.sign->contents);
+                /* If detached data then the content is excluded */
+                if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+                        M_ASN1_OCTET_STRING_free(os);
+                        p7->d.sign->contents->d.data = NULL;
+                }
+                break;
+                }
+
+        if (si_sk != NULL)
+                {
+                if ((buf=BUF_MEM_new()) == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
+                        goto err;
+                        }
+                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
+                        {
+                        si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
+                        if (si->pkey == NULL) continue;
+
+                        j=OBJ_obj2nid(si->digest_alg->algorithm);
+
+                        btmp=bio;
+                        for (;;)
+                                {
+                                if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
+                                        == NULL)
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                                        goto err;
+                                        }
+                                BIO_get_md_ctx(btmp,&mdc);
+                                if (mdc == NULL)
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
+                                        goto err;
+                                        }
+                                if (EVP_MD_CTX_type(mdc) == j)
+                                        break;
+                                else
+                                        btmp=BIO_next(btmp);
+                                }
+                        
+                        /* We now have the EVP_MD_CTX, lets do the
+                         * signing. */
+                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
+                        if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
+                                goto err;
+                                }
+
+                        sk=si->auth_attr;
+
+                        /* If there are attributes, we add the digest
+                         * attribute and only sign the attributes */
+                        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
+                                {
+                                unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
+                                unsigned int md_len, alen;
+                                ASN1_OCTET_STRING *digest;
+                                ASN1_UTCTIME *sign_time;
+                                const EVP_MD *md_tmp;
+
+                                /* Add signing time if not already present */
+                                if (!PKCS7_get_signed_attribute(si,
+                                                        NID_pkcs9_signingTime))
+                                        {
+                                        if (!(sign_time=X509_gmtime_adj(NULL,0)))
+                                                {
+                                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+                                                        ERR_R_MALLOC_FAILURE);
+                                                goto err;
+                                                }
+                                        PKCS7_add_signed_attribute(si,
+                                                NID_pkcs9_signingTime,
+                                                V_ASN1_UTCTIME,sign_time);
+                                        }
+
+                                /* Add digest */
+                                md_tmp=EVP_MD_CTX_md(&ctx_tmp);
+                                EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
+                                if (!(digest=M_ASN1_OCTET_STRING_new()))
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                if (!M_ASN1_OCTET_STRING_set(digest,md_data,
+                                                                md_len))
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                PKCS7_add_signed_attribute(si,
+                                        NID_pkcs9_messageDigest,
+                                        V_ASN1_OCTET_STRING,digest);
+
+                                /* Now sign the attributes */
+                                EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
+                                alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
+                                                        ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+                                if(!abuf) goto err;
+                                EVP_SignUpdate(&ctx_tmp,abuf,alen);
+                                OPENSSL_free(abuf);
+                                }
+
+#ifndef OPENSSL_NO_DSA
+                        if (si->pkey->type == EVP_PKEY_DSA)
+                                ctx_tmp.digest=EVP_dss1();
+#endif
+
+                        if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
+                                (unsigned int *)&buf->length,si->pkey))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
+                                goto err;
+                                }
+                        if (!ASN1_STRING_set(si->enc_digest,
+                                (unsigned char *)buf->data,buf->length))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
+                                goto err;
+                                }
+                        }
+                }
+
+        if (!PKCS7_is_detached(p7))
+                {
+                btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+                if (btmp == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                        goto err;
+                        }
+                BIO_get_mem_ptr(btmp,&buf_mem);
+                /* Mark the BIO read only then we can use its copy of the data
+                 * instead of making an extra copy.
+                 */
+                BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+                BIO_set_mem_eof_return(btmp, 0);
+                os->data = (unsigned char *)buf_mem->data;
+                os->length = buf_mem->length;
+#if 0
+                M_ASN1_OCTET_STRING_set(os,
+                        (unsigned char *)buf_mem->data,buf_mem->length);
+#endif
+                }
+        ret=1;
+err:
+        EVP_MD_CTX_cleanup(&ctx_tmp);
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(ret);
+        }
+
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+             PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+        {
+        PKCS7_ISSUER_AND_SERIAL *ias;
+        int ret=0,i;
+        STACK_OF(X509) *cert;
+        X509 *x509;
+
+        if (PKCS7_type_is_signed(p7))
+                {
+                cert=p7->d.sign->cert;
+                }
+        else if (PKCS7_type_is_signedAndEnveloped(p7))
+                {
+                cert=p7->d.signed_and_enveloped->cert;
+                }
+        else
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
+                goto err;
+                }
+        /* XXXXXXXXXXXXXXXXXXXXXXX */
+        ias=si->issuer_and_serial;
+
+        x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
+
+        /* were we able to find the cert in passed to us */
+        if (x509 == NULL)
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+                goto err;
+                }
+
+        /* Lets verify */
+        if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+                goto err;
+                }
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+        i=X509_verify_cert(ctx);
+        if (i <= 0) 
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+                X509_STORE_CTX_cleanup(ctx);
+                goto err;
+                }
+        X509_STORE_CTX_cleanup(ctx);
+
+        return PKCS7_signatureVerify(bio, p7, si, x509);
+        err:
+        return ret;
+        }
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                                                                X509 *x509)
+        {
+        ASN1_OCTET_STRING *os;
+        EVP_MD_CTX mdc_tmp,*mdc;
+        int ret=0,i;
+        int md_type;
+        STACK_OF(X509_ATTRIBUTE) *sk;
+        BIO *btmp;
+        EVP_PKEY *pkey;
+
+        EVP_MD_CTX_init(&mdc_tmp);
+
+        if (!PKCS7_type_is_signed(p7) && 
+                                !PKCS7_type_is_signedAndEnveloped(p7)) {
+                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                PKCS7_R_WRONG_PKCS7_TYPE);
+                goto err;
+        }
+
+        md_type=OBJ_obj2nid(si->digest_alg->algorithm);
+
+        btmp=bio;
+        for (;;)
+                {
+                if ((btmp == NULL) ||
+                        ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                        PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        goto err;
+                        }
+                BIO_get_md_ctx(btmp,&mdc);
+                if (mdc == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                        ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                if (EVP_MD_CTX_type(mdc) == md_type)
+                        break;
+                /* Workaround for some broken clients that put the signature
+                 * OID instead of the digest OID in digest_alg->algorithm
+                 */
+                if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+                        break;
+                btmp=BIO_next(btmp);
+                }
+
+        /* mdc is the digest ctx that we want, unless there are attributes,
+         * in which case the digest is the signed attributes */
+        EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
+
+        sk=si->auth_attr;
+        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
+                {
+                unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+                unsigned int md_len, alen;
+                ASN1_OCTET_STRING *message_digest;
+
+                EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
+                message_digest=PKCS7_digest_from_attributes(sk);
+                if (!message_digest)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                        PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        goto err;
+                        }
+                if ((message_digest->length != (int)md_len) ||
+                        (memcmp(message_digest->data,md_dat,md_len)))
+                        {
+#if 0
+{
+int ii;
+for (ii=0; ii<message_digest->length; ii++)
+        printf("%02X",message_digest->data[ii]); printf(" sent\n");
+for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
+}
+#endif
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                        PKCS7_R_DIGEST_FAILURE);
+                        ret= -1;
+                        goto err;
+                        }
+
+                EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
+
+                alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                                                ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+                EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
+
+                OPENSSL_free(abuf);
+                }
+
+        os=si->enc_digest;
+        pkey = X509_get_pubkey(x509);
+        if (!pkey)
+                {
+                ret = -1;
+                goto err;
+                }
+#ifndef OPENSSL_NO_DSA
+        if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
+#endif
+
+        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
+        EVP_PKEY_free(pkey);
+        if (i <= 0)
+                {
+                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                PKCS7_R_SIGNATURE_FAILURE);
+                ret= -1;
+                goto err;
+                }
+        else
+                ret=1;
+err:
+        EVP_MD_CTX_cleanup(&mdc_tmp);
+        return(ret);
+        }
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+        {
+        STACK_OF(PKCS7_RECIP_INFO) *rsk;
+        PKCS7_RECIP_INFO *ri;
+        int i;
+
+        i=OBJ_obj2nid(p7->type);
+        if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
+        rsk=p7->d.signed_and_enveloped->recipientinfo;
+        ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
+        if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
+        ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
+        return(ri->issuer_and_serial);
+        }
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+        {
+        return(get_attribute(si->auth_attr,nid));
+        }
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+        {
+        return(get_attribute(si->unauth_attr,nid));
+        }
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+        {
+        int i;
+        X509_ATTRIBUTE *xa;
+        ASN1_OBJECT *o;
+
+        o=OBJ_nid2obj(nid);
+        if (!o || !sk) return(NULL);
+        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                {
+                xa=sk_X509_ATTRIBUTE_value(sk,i);
+                if (OBJ_cmp(xa->object,o) == 0)
+                        {
+                        if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
+                                return(sk_ASN1_TYPE_value(xa->value.set,0));
+                        else
+                                return(NULL);
+                        }
+                }
+        return(NULL);
+        }
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+        ASN1_TYPE *astype;
+        if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+        return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk)
+        {
+        int i;
+
+        if (p7si->auth_attr != NULL)
+                sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
+        p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
+        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                {
+                if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
+                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+                    == NULL)
+                        return(0);
+                }
+        return(1);
+        }
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
+        {
+        int i;
+
+        if (p7si->unauth_attr != NULL)
+                sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
+                                           X509_ATTRIBUTE_free);
+        p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
+        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                {
+                if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
+                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+                    == NULL)
+                        return(0);
+                }
+        return(1);
+        }
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+             void *value)
+        {
+        return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
+        }
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+             void *value)
+        {
+        return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
+        }
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value)
+        {
+        X509_ATTRIBUTE *attr=NULL;
+
+        if (*sk == NULL)
+                {
+                *sk = sk_X509_ATTRIBUTE_new_null();
+new_attrib:
+                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+                sk_X509_ATTRIBUTE_push(*sk,attr);
+                }
+        else
+                {
+                int i;
+
+                for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
+                        {
+                        attr=sk_X509_ATTRIBUTE_value(*sk,i);
+                        if (OBJ_obj2nid(attr->object) == nid)
+                                {
+                                X509_ATTRIBUTE_free(attr);
+                                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+                                sk_X509_ATTRIBUTE_set(*sk,i,attr);
+                                goto end;
+                                }
+                        }
+                goto new_attrib;
+                }
+end:
+        return(1);
+        }
+
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
new file mode 100644
index 0000000000..ee1817c7af
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -0,0 +1,500 @@
+/* crypto/pkcs7/pk7_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+        {
+        int nid;
+        long ret;
+
+        nid=OBJ_obj2nid(p7->type);
+
+        switch (cmd)
+                {
+        case PKCS7_OP_SET_DETACHED_SIGNATURE:
+                if (nid == NID_pkcs7_signed)
+                        {
+                        ret=p7->detached=(int)larg;
+                        if (ret && PKCS7_type_is_data(p7->d.sign->contents))
+                                        {
+                                        ASN1_OCTET_STRING *os;
+                                        os=p7->d.sign->contents->d.data;
+                                        ASN1_OCTET_STRING_free(os);
+                                        p7->d.sign->contents->d.data = NULL;
+                                        }
+                        }
+                else
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        ret=0;
+                        }
+                break;
+        case PKCS7_OP_GET_DETACHED_SIGNATURE:
+                if (nid == NID_pkcs7_signed)
+                        {
+                        if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
+                                ret = 1;
+                        else ret = 0;
+                                
+                        p7->detached = ret;
+                        }
+                else
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        ret=0;
+                        }
+                        
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
+                ret=0;
+                }
+        return(ret);
+        }
+
+int PKCS7_content_new(PKCS7 *p7, int type)
+        {
+        PKCS7 *ret=NULL;
+
+        if ((ret=PKCS7_new()) == NULL) goto err;
+        if (!PKCS7_set_type(ret,type)) goto err;
+        if (!PKCS7_set_content(p7,ret)) goto err;
+
+        return(1);
+err:
+        if (ret != NULL) PKCS7_free(ret);
+        return(0);
+        }
+
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+        {
+        int i;
+
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                if (p7->d.sign->contents != NULL)
+                        PKCS7_free(p7->d.sign->contents);
+                p7->d.sign->contents=p7_data;
+                break;
+        case NID_pkcs7_digest:
+        case NID_pkcs7_data:
+        case NID_pkcs7_enveloped:
+        case NID_pkcs7_signedAndEnveloped:
+        case NID_pkcs7_encrypted:
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+
+int PKCS7_set_type(PKCS7 *p7, int type)
+        {
+        ASN1_OBJECT *obj;
+
+        /*PKCS7_content_free(p7);*/
+        obj=OBJ_nid2obj(type); /* will not fail */
+
+        switch (type)
+                {
+        case NID_pkcs7_signed:
+                p7->type=obj;
+                if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
+                        goto err;
+                if (!ASN1_INTEGER_set(p7->d.sign->version,1))
+                        {
+                        PKCS7_SIGNED_free(p7->d.sign);
+                        p7->d.sign=NULL;
+                        goto err;
+                        }
+                break;
+        case NID_pkcs7_data:
+                p7->type=obj;
+                if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
+                        goto err;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                p7->type=obj;
+                if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
+                        == NULL) goto err;
+                ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+                if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
+                        goto err;
+                p7->d.signed_and_enveloped->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
+        case NID_pkcs7_enveloped:
+                p7->type=obj;
+                if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
+                        == NULL) goto err;
+                if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
+                        goto err;
+                p7->d.enveloped->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
+        case NID_pkcs7_encrypted:
+                p7->type=obj;
+                if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+                        == NULL) goto err;
+                if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
+                        goto err;
+                p7->d.encrypted->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
+
+        case NID_pkcs7_digest:
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+        {
+        int i,j,nid;
+        X509_ALGOR *alg;
+        STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+        STACK_OF(X509_ALGOR) *md_sk;
+
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                signer_sk=      p7->d.sign->signer_info;
+                md_sk=          p7->d.sign->md_algs;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                signer_sk=      p7->d.signed_and_enveloped->signer_info;
+                md_sk=          p7->d.signed_and_enveloped->md_algs;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+
+        nid=OBJ_obj2nid(psi->digest_alg->algorithm);
+
+        /* If the digest is not currently listed, add it */
+        j=0;
+        for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+                {
+                alg=sk_X509_ALGOR_value(md_sk,i);
+                if (OBJ_obj2nid(alg->algorithm) == nid)
+                        {
+                        j=1;
+                        break;
+                        }
+                }
+        if (!j) /* we need to add another algorithm */
+                {
+                if(!(alg=X509_ALGOR_new())
+                        || !(alg->parameter = ASN1_TYPE_new())) {
+                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                }
+                alg->algorithm=OBJ_nid2obj(nid);
+                alg->parameter->type = V_ASN1_NULL;
+                sk_X509_ALGOR_push(md_sk,alg);
+                }
+
+        sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
+        return(1);
+        }
+
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+        {
+        int i;
+        STACK_OF(X509) **sk;
+
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                sk= &(p7->d.sign->cert);
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                sk= &(p7->d.signed_and_enveloped->cert);
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+
+        if (*sk == NULL)
+                *sk=sk_X509_new_null();
+        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+        sk_X509_push(*sk,x509);
+        return(1);
+        }
+
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+        {
+        int i;
+        STACK_OF(X509_CRL) **sk;
+
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                sk= &(p7->d.sign->crl);
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                sk= &(p7->d.signed_and_enveloped->crl);
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+
+        if (*sk == NULL)
+                *sk=sk_X509_CRL_new_null();
+
+        CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
+        sk_X509_CRL_push(*sk,crl);
+        return(1);
+        }
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+             const EVP_MD *dgst)
+        {
+        char is_dsa;
+        if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
+        else is_dsa = 0;
+        /* We now need to add another PKCS7_SIGNER_INFO entry */
+        if (!ASN1_INTEGER_set(p7i->version,1))
+                goto err;
+        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                        X509_get_issuer_name(x509)))
+                goto err;
+
+        /* because ASN1_INTEGER_set is used to set a 'long' we will do
+         * things the ugly way. */
+        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        if (!(p7i->issuer_and_serial->serial=
+                        M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+                goto err;
+
+        /* lets keep the pkey around for a while */
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        p7i->pkey=pkey;
+
+        /* Set the algorithms */
+        if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+        else    
+                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+
+        if (p7i->digest_alg->parameter != NULL)
+                ASN1_TYPE_free(p7i->digest_alg->parameter);
+        if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+                goto err;
+        p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
+        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
+
+        if (p7i->digest_enc_alg->parameter != NULL)
+                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
+        if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
+        else {
+                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+                        goto err;
+                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+        }
+
+        return(1);
+err:
+        return(0);
+        }
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+             const EVP_MD *dgst)
+        {
+        PKCS7_SIGNER_INFO *si;
+
+        if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
+        if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
+        if (!PKCS7_add_signer(p7,si)) goto err;
+        return(si);
+err:
+        return(NULL);
+        }
+
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+        {
+        if (PKCS7_type_is_signed(p7))
+                {
+                return(p7->d.sign->signer_info);
+                }
+        else if (PKCS7_type_is_signedAndEnveloped(p7))
+                {
+                return(p7->d.signed_and_enveloped->signer_info);
+                }
+        else
+                return(NULL);
+        }
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+        {
+        PKCS7_RECIP_INFO *ri;
+
+        if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
+        if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
+        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
+        return(ri);
+err:
+        return(NULL);
+        }
+
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+        {
+        int i;
+        STACK_OF(PKCS7_RECIP_INFO) *sk;
+
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                sk=     p7->d.signed_and_enveloped->recipientinfo;
+                break;
+        case NID_pkcs7_enveloped:
+                sk=     p7->d.enveloped->recipientinfo;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+
+        sk_PKCS7_RECIP_INFO_push(sk,ri);
+        return(1);
+        }
+
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+        {
+        if (!ASN1_INTEGER_set(p7i->version,0))
+                return 0;
+        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                X509_get_issuer_name(x509)))
+                return 0;
+
+        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        if (!(p7i->issuer_and_serial->serial=
+                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+                return 0;
+
+        X509_ALGOR_free(p7i->key_enc_algor);
+        if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
+                return 0;
+
+        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+        p7i->cert=x509;
+
+        return(1);
+        }
+
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+        {
+        if (PKCS7_type_is_signed(p7))
+                return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                        si->issuer_and_serial->issuer,
+                        si->issuer_and_serial->serial));
+        else
+                return(NULL);
+        }
+
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+        {
+        int i;
+        ASN1_OBJECT *objtmp;
+        PKCS7_ENC_CONTENT *ec;
+
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                ec=p7->d.signed_and_enveloped->enc_data;
+                break;
+        case NID_pkcs7_enveloped:
+                ec=p7->d.enveloped->enc_data;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+
+        /* Check cipher OID exists and has data in it*/
+        i = EVP_CIPHER_type(cipher);
+        if(i == NID_undef) {
+                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                return(0);
+        }
+        objtmp = OBJ_nid2obj(i);
+
+        ec->cipher = cipher;
+        return 1;
+        }
+
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
new file mode 100644
index 0000000000..5d2a97839d
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -0,0 +1,714 @@
+/* pk7_mime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+/* MIME and related routines */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name;                       /* Param name e.g. "micalg" */
+char *param_value;                      /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name;                             /* Name of line e.g. "content-type" */
+char *value;                            /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
+static PKCS7 *B64_read_PKCS7(BIO *bio);
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                        const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+
+typedef void (*stkfree)();
+
+/* Base 64 read and write of PKCS#7 structure */
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
+{
+        BIO *b64;
+        if(!(b64 = BIO_new(BIO_f_base64()))) {
+                PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        bio = BIO_push(b64, bio);
+        i2d_PKCS7_bio(bio, p7);
+        BIO_flush(bio);
+        bio = BIO_pop(bio);
+        BIO_free(b64);
+        return 1;
+}
+
+static PKCS7 *B64_read_PKCS7(BIO *bio)
+{
+        BIO *b64;
+        PKCS7 *p7;
+        if(!(b64 = BIO_new(BIO_f_base64()))) {
+                PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        bio = BIO_push(b64, bio);
+        if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 
+                PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
+        BIO_flush(bio);
+        bio = BIO_pop(bio);
+        BIO_free(b64);
+        return p7;
+}
+
+/* SMIME sender */
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+        char bound[33], c;
+        int i;
+        char *mime_prefix, *mime_eol;
+        if (flags & PKCS7_NOOLDMIMETYPE)
+                mime_prefix = "application/pkcs7-";
+        else
+                mime_prefix = "application/x-pkcs7-";
+        if (flags & PKCS7_CRLFEOL)
+                mime_eol = "\r\n";
+        else
+                mime_eol = "\n";
+        if((flags & PKCS7_DETACHED) && data) {
+        /* We want multipart/signed */
+                /* Generate a random boundary */
+                RAND_pseudo_bytes((unsigned char *)bound, 32);
+                for(i = 0; i < 32; i++) {
+                        c = bound[i] & 0xf;
+                        if(c < 10) c += '0';
+                        else c += 'A' - 10;
+                        bound[i] = c;
+                }
+                bound[32] = 0;
+                BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+                BIO_printf(bio, "Content-Type: multipart/signed;");
+                BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+                BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
+                                                bound, mime_eol, mime_eol);
+                BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                                                mime_eol, mime_eol);
+                /* Now write out the first part */
+                BIO_printf(bio, "------%s%s", bound, mime_eol);
+                SMIME_crlf_copy(data, bio, flags);
+                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+                /* Headers for signature */
+
+                BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
+                BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+                BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+                                                                mime_eol);
+                BIO_printf(bio, "Content-Disposition: attachment;");
+                BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+                                                        mime_eol, mime_eol);
+                B64_write_PKCS7(bio, p7);
+                BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+                                                mime_eol, mime_eol);
+                return 1;
+        }
+        /* MIME headers */
+        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+        BIO_printf(bio, "Content-Disposition: attachment;");
+        BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
+        BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+        BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
+        BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+                                                mime_eol, mime_eol);
+        B64_write_PKCS7(bio, p7);
+        BIO_printf(bio, "%s", mime_eol);
+        return 1;
+}
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+        BIO *p7in;
+        STACK_OF(MIME_HEADER) *headers = NULL;
+        STACK_OF(BIO) *parts = NULL;
+        MIME_HEADER *hdr;
+        MIME_PARAM *prm;
+        PKCS7 *p7;
+        int ret;
+
+        if(bcont) *bcont = NULL;
+
+        if (!(headers = mime_parse_hdr(bio))) {
+                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
+                return NULL;
+        }
+
+        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
+                return NULL;
+        }
+
+        /* Handle multipart/signed */
+
+        if(!strcmp(hdr->value, "multipart/signed")) {
+                /* Split into two parts */
+                prm = mime_param_find(hdr, "boundary");
+                if(!prm || !prm->param_value) {
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
+                        return NULL;
+                }
+                ret = multi_split(bio, prm->param_value, &parts);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                if(!ret || (sk_BIO_num(parts) != 2) ) {
+                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+
+                /* Parse the signature piece */
+                p7in = sk_BIO_value(parts, 1);
+
+                if (!(headers = mime_parse_hdr(p7in))) {
+                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+
+                /* Get content type */
+
+                if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+                                                                 !hdr->value) {
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
+                        return NULL;
+                }
+
+                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+                        strcmp(hdr->value, "application/pkcs7-signature")) {
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
+                        ERR_add_error_data(2, "type: ", hdr->value);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                /* Read in PKCS#7 */
+                if(!(p7 = B64_read_PKCS7(p7in))) {
+                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
+                        sk_BIO_pop_free(parts, BIO_vfree);
+                        return NULL;
+                }
+
+                if(bcont) {
+                        *bcont = sk_BIO_value(parts, 0);
+                        BIO_free(p7in);
+                        sk_BIO_free(parts);
+                } else sk_BIO_pop_free(parts, BIO_vfree);
+                return p7;
+        }
+                
+        /* OK, if not multipart/signed try opaque signature */
+
+        if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+            strcmp (hdr->value, "application/pkcs7-mime")) {
+                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
+                ERR_add_error_data(2, "type: ", hdr->value);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return NULL;
+        }
+
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        
+        if(!(p7 = B64_read_PKCS7(bio))) {
+                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
+                return NULL;
+        }
+        return p7;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+        char eol;
+        int len;
+        char linebuf[MAX_SMLEN];
+        if(flags & PKCS7_BINARY) {
+                while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+                                                BIO_write(out, linebuf, len);
+                return 1;
+        }
+        if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+                eol = strip_eol(linebuf, &len);
+                if (len)
+                        BIO_write(out, linebuf, len);
+                if(eol) BIO_write(out, "\r\n", 2);
+        }
+        return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+        char iobuf[4096];
+        int len;
+        STACK_OF(MIME_HEADER) *headers;
+        MIME_HEADER *hdr;
+
+        if (!(headers = mime_parse_hdr(in))) {
+                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
+                return 0;
+        }
+        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return 0;
+        }
+        if (strcmp (hdr->value, "text/plain")) {
+                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
+                ERR_add_error_data(2, "type: ", hdr->value);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return 0;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+                                                BIO_write(out, iobuf, len);
+        return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+        char linebuf[MAX_SMLEN];
+        int len, blen;
+        int eol = 0, next_eol = 0;
+        BIO *bpart = NULL;
+        STACK_OF(BIO) *parts;
+        char state, part, first;
+
+        blen = strlen(bound);
+        part = 0;
+        state = 0;
+        first = 1;
+        parts = sk_BIO_new_null();
+        *ret = parts;
+        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+                state = mime_bound_check(linebuf, len, bound, blen);
+                if(state == 1) {
+                        first = 1;
+                        part++;
+                } else if(state == 2) {
+                        sk_BIO_push(parts, bpart);
+                        return 1;
+                } else if(part) {
+                        /* Strip CR+LF from linebuf */
+                        next_eol = strip_eol(linebuf, &len);
+                        if(first) {
+                                first = 0;
+                                if(bpart) sk_BIO_push(parts, bpart);
+                                bpart = BIO_new(BIO_s_mem());
+                                BIO_set_mem_eof_return(bpart, 0);
+                        } else if (eol)
+                                BIO_write(bpart, "\r\n", 2);
+                        eol = next_eol;
+                        if (len)
+                                BIO_write(bpart, linebuf, len);
+                }
+        }
+        return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID    0
+#define MIME_START      1
+#define MIME_TYPE       2
+#define MIME_NAME       3
+#define MIME_VALUE      4
+#define MIME_QUOTE      5
+#define MIME_COMMENT    6
+
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+        char *p, *q, c;
+        char *ntmp;
+        char linebuf[MAX_SMLEN];
+        MIME_HEADER *mhdr = NULL;
+        STACK_OF(MIME_HEADER) *headers;
+        int len, state, save_state = 0;
+
+        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        /* If whitespace at line start then continuation line */
+        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+        else state = MIME_START;
+        ntmp = NULL;
+        /* Go through all characters */
+        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+        /* State machine to handle MIME headers
+         * if this looks horrible that's because it *is*
+         */
+
+                switch(state) {
+                        case MIME_START:
+                        if(c == ':') {
+                                state = MIME_TYPE;
+                                *p = 0;
+                                ntmp = strip_ends(q);
+                                q = p + 1;
+                        }
+                        break;
+
+                        case MIME_TYPE:
+                        if(c == ';') {
+                                mime_debug("Found End Value\n");
+                                *p = 0;
+                                mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                                sk_MIME_HEADER_push(headers, mhdr);
+                                ntmp = NULL;
+                                q = p + 1;
+                                state = MIME_NAME;
+                        } else if(c == '(') {
+                                save_state = state;
+                                state = MIME_COMMENT;
+                        }
+                        break;
+
+                        case MIME_COMMENT:
+                        if(c == ')') {
+                                state = save_state;
+                        }
+                        break;
+
+                        case MIME_NAME:
+                        if(c == '=') {
+                                state = MIME_VALUE;
+                                *p = 0;
+                                ntmp = strip_ends(q);
+                                q = p + 1;
+                        }
+                        break ;
+
+                        case MIME_VALUE:
+                        if(c == ';') {
+                                state = MIME_NAME;
+                                *p = 0;
+                                mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                                ntmp = NULL;
+                                q = p + 1;
+                        } else if (c == '"') {
+                                mime_debug("Found Quote\n");
+                                state = MIME_QUOTE;
+                        } else if(c == '(') {
+                                save_state = state;
+                                state = MIME_COMMENT;
+                        }
+                        break;
+
+                        case MIME_QUOTE:
+                        if(c == '"') {
+                                mime_debug("Found Match Quote\n");
+                                state = MIME_VALUE;
+                        }
+                        break;
+                }
+        }
+
+        if(state == MIME_TYPE) {
+                mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                sk_MIME_HEADER_push(headers, mhdr);
+        } else if(state == MIME_VALUE)
+                         mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+        return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+        char *p, c;
+        /* Look for first non white space or quote */
+        for(p = name; (c = *p) ;p++) {
+                if(c == '"') {
+                        /* Next char is start of string if non null */
+                        if(p[1]) return p + 1;
+                        /* Else null string */
+                        return NULL;
+                }
+                if(!isspace((unsigned char)c)) return p;
+        }
+        return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+        char *p, c;
+        if(!name) return NULL;
+        /* Look for first non white space or quote */
+        for(p = name + strlen(name) - 1; p >= name ;p--) {
+                c = *p;
+                if(c == '"') {
+                        if(p - 1 == name) return NULL;
+                        *p = 0;
+                        return name;
+                }
+                if(isspace((unsigned char)c)) *p = 0;   
+                else return name;
+        }
+        return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+        MIME_HEADER *mhdr;
+        char *tmpname, *tmpval, *p;
+        int c;
+        if(name) {
+                if(!(tmpname = BUF_strdup(name))) return NULL;
+                for(p = tmpname ; *p; p++) {
+                        c = *p;
+                        if(isupper(c)) {
+                                c = tolower(c);
+                                *p = c;
+                        }
+                }
+        } else tmpname = NULL;
+        if(value) {
+                if(!(tmpval = BUF_strdup(value))) return NULL;
+                for(p = tmpval ; *p; p++) {
+                        c = *p;
+                        if(isupper(c)) {
+                                c = tolower(c);
+                                *p = c;
+                        }
+                }
+        } else tmpval = NULL;
+        mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
+        if(!mhdr) return NULL;
+        mhdr->name = tmpname;
+        mhdr->value = tmpval;
+        if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
+        return mhdr;
+}
+                
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+        char *tmpname, *tmpval, *p;
+        int c;
+        MIME_PARAM *mparam;
+        if(name) {
+                tmpname = BUF_strdup(name);
+                if(!tmpname) return 0;
+                for(p = tmpname ; *p; p++) {
+                        c = *p;
+                        if(isupper(c)) {
+                                c = tolower(c);
+                                *p = c;
+                        }
+                }
+        } else tmpname = NULL;
+        if(value) {
+                tmpval = BUF_strdup(value);
+                if(!tmpval) return 0;
+        } else tmpval = NULL;
+        /* Parameter values are case sensitive so leave as is */
+        mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
+        if(!mparam) return 0;
+        mparam->param_name = tmpname;
+        mparam->param_value = tmpval;
+        sk_MIME_PARAM_push(mhdr->params, mparam);
+        return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                        const MIME_HEADER * const *b)
+{
+        return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b)
+{
+        return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+        MIME_HEADER htmp;
+        int idx;
+        htmp.name = name;
+        idx = sk_MIME_HEADER_find(hdrs, &htmp);
+        if(idx < 0) return NULL;
+        return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+        MIME_PARAM param;
+        int idx;
+        param.param_name = name;
+        idx = sk_MIME_PARAM_find(hdr->params, &param);
+        if(idx < 0) return NULL;
+        return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+        if(hdr->name) OPENSSL_free(hdr->name);
+        if(hdr->value) OPENSSL_free(hdr->value);
+        if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+        OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+        if(param->param_name) OPENSSL_free(param->param_name);
+        if(param->param_value) OPENSSL_free(param->param_value);
+        OPENSSL_free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+        if(linelen == -1) linelen = strlen(line);
+        if(blen == -1) blen = strlen(bound);
+        /* Quickly eliminate if line length too short */
+        if(blen + 2 > linelen) return 0;
+        /* Check for part boundary */
+        if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+                if(!strncmp(line + blen + 2, "--", 2)) return 2;
+                else return 1;
+        }
+        return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+        {
+        int len = *plen;
+        char *p, c;
+        int is_eol = 0;
+        p = linebuf + len - 1;
+        for (p = linebuf + len - 1; len > 0; len--, p--)
+                {
+                c = *p;
+                if (c == '\n')
+                        is_eol = 1;
+                else if (c != '\r')
+                        break;
+                }
+        *plen = len;
+        return is_eol;
+        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
new file mode 100644
index 0000000000..a852b49235
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -0,0 +1,471 @@
+/* pk7_smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags)
+{
+        PKCS7 *p7;
+        PKCS7_SIGNER_INFO *si;
+        BIO *p7bio;
+        STACK_OF(X509_ALGOR) *smcap;
+        int i;
+
+        if(!X509_check_private_key(signcert, pkey)) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return NULL;
+        }
+
+        if(!(p7 = PKCS7_new())) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        PKCS7_set_type(p7, NID_pkcs7_signed);
+
+        PKCS7_content_new(p7, NID_pkcs7_data);
+
+        if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+                return NULL;
+        }
+
+        if(!(flags & PKCS7_NOCERTS)) {
+                PKCS7_add_certificate(p7, signcert);
+                if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+                        PKCS7_add_certificate(p7, sk_X509_value(certs, i));
+        }
+
+        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+
+        SMIME_crlf_copy(data, p7bio, flags);
+
+        if(!(flags & PKCS7_NOATTR)) {
+                PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
+                /* Add SMIMECapabilities */
+                if(!(flags & PKCS7_NOSMIMECAP))
+                {
+                if(!(smcap = sk_X509_ALGOR_new_null())) {
+                        PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                }
+#ifndef OPENSSL_NO_DES
+                PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
+#endif
+#ifndef OPENSSL_NO_RC2
+                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
+                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
+#endif
+#ifndef OPENSSL_NO_DES
+                PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
+#endif
+#ifndef OPENSSL_NO_RC2
+                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
+#endif
+                PKCS7_add_attrib_smimecap (si, smcap);
+                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+                }
+        }
+
+        if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+
+        if (!PKCS7_dataFinal(p7,p7bio)) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+                return NULL;
+        }
+
+        BIO_free_all(p7bio);
+        return p7;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                                        BIO *indata, BIO *out, int flags)
+{
+        STACK_OF(X509) *signers;
+        X509 *signer;
+        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+        PKCS7_SIGNER_INFO *si;
+        X509_STORE_CTX cert_ctx;
+        char buf[4096];
+        int i, j=0, k, ret = 0;
+        BIO *p7bio;
+        BIO *tmpin, *tmpout;
+
+        if(!p7) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
+                return 0;
+        }
+
+        if(!PKCS7_type_is_signed(p7)) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+                return 0;
+        }
+
+        /* Check for no data and no content: no data to verify signature */
+        if(PKCS7_get_detached(p7) && !indata) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+                return 0;
+        }
+#if 0
+        /* NB: this test commented out because some versions of Netscape
+         * illegally include zero length content when signing data.
+         */
+
+        /* Check for data and content: two sets of data */
+        if(!PKCS7_get_detached(p7) && indata) {
+                                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
+                return 0;
+        }
+#endif
+
+        sinfos = PKCS7_get_signer_info(p7);
+
+        if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+                return 0;
+        }
+
+
+        signers = PKCS7_get0_signers(p7, certs, flags);
+
+        if(!signers) return 0;
+
+        /* Now verify the certificates */
+
+        if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
+                signer = sk_X509_value (signers, k);
+                if (!(flags & PKCS7_NOCHAIN)) {
+                        if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
+                                                        p7->d.sign->cert))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+                                sk_X509_free(signers);
+                                return 0;
+                                }
+                        X509_STORE_CTX_set_purpose(&cert_ctx,
+                                                X509_PURPOSE_SMIME_SIGN);
+                } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+                        sk_X509_free(signers);
+                        return 0;
+                }
+                i = X509_verify_cert(&cert_ctx);
+                if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
+                X509_STORE_CTX_cleanup(&cert_ctx);
+                if (i <= 0) {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+                        ERR_add_error_data(2, "Verify error:",
+                                         X509_verify_cert_error_string(j));
+                        sk_X509_free(signers);
+                        return 0;
+                }
+                /* Check for revocation status here */
+        }
+
+        /* Performance optimization: if the content is a memory BIO then
+         * store its contents in a temporary read only memory BIO. This
+         * avoids potentially large numbers of slow copies of data which will
+         * occur when reading from a read write memory BIO when signatures
+         * are calculated.
+         */
+
+        if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
+                {
+                char *ptr;
+                long len;
+                len = BIO_get_mem_data(indata, &ptr);
+                tmpin = BIO_new_mem_buf(ptr, len);
+                if (tmpin == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        else
+                tmpin = indata;
+                
+
+        p7bio=PKCS7_dataInit(p7,tmpin);
+
+        if(flags & PKCS7_TEXT) {
+                if(!(tmpout = BIO_new(BIO_s_mem()))) {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+        } else tmpout = out;
+
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        for (;;)
+        {
+                i=BIO_read(p7bio,buf,sizeof(buf));
+                if (i <= 0) break;
+                if (tmpout) BIO_write(tmpout, buf, i);
+        }
+
+        if(flags & PKCS7_TEXT) {
+                if(!SMIME_text(tmpout, out)) {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
+                        BIO_free(tmpout);
+                        goto err;
+                }
+                BIO_free(tmpout);
+        }
+
+        /* Now Verify All Signatures */
+        if (!(flags & PKCS7_NOSIGS))
+            for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+                {
+                si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
+                signer = sk_X509_value (signers, i);
+                j=PKCS7_signatureVerify(p7bio,p7,si, signer);
+                if (j <= 0) {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
+                        goto err;
+                }
+        }
+
+        ret = 1;
+
+        err:
+        
+        if (tmpin == indata)
+                {
+                if(indata) BIO_pop(p7bio);
+                BIO_free_all(p7bio);
+                }
+        else
+                BIO_free_all(tmpin);
+
+        sk_X509_free(signers);
+
+        return ret;
+}
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
+{
+        STACK_OF(X509) *signers;
+        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+        PKCS7_SIGNER_INFO *si;
+        PKCS7_ISSUER_AND_SERIAL *ias;
+        X509 *signer;
+        int i;
+
+        if(!p7) {
+                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
+                return NULL;
+        }
+
+        if(!PKCS7_type_is_signed(p7)) {
+                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
+                return NULL;
+        }
+
+        /* Collect all the signers together */
+
+        sinfos = PKCS7_get_signer_info(p7);
+
+        if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
+                return 0;
+        }
+
+        if(!(signers = sk_X509_new_null())) {
+                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+        {
+            si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+            ias = si->issuer_and_serial;
+            signer = NULL;
+                /* If any certificates passed they take priority */
+            if (certs) signer = X509_find_by_issuer_and_serial (certs,
+                                                ias->issuer, ias->serial);
+            if (!signer && !(flags & PKCS7_NOINTERN)
+                        && p7->d.sign->cert) signer =
+                              X509_find_by_issuer_and_serial (p7->d.sign->cert,
+                                                ias->issuer, ias->serial);
+            if (!signer) {
+                        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+                        sk_X509_free(signers);
+                        return 0;
+            }
+
+            sk_X509_push(signers, signer);
+        }
+        return signers;
+}
+
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                                                                int flags)
+{
+        PKCS7 *p7;
+        BIO *p7bio = NULL;
+        int i;
+        X509 *x509;
+        if(!(p7 = PKCS7_new())) {
+                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        PKCS7_set_type(p7, NID_pkcs7_enveloped);
+        if(!PKCS7_set_cipher(p7, cipher)) {
+                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
+                goto err;
+        }
+
+        for(i = 0; i < sk_X509_num(certs); i++) {
+                x509 = sk_X509_value(certs, i);
+                if(!PKCS7_add_recipient(p7, x509)) {
+                        PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
+                                        PKCS7_R_ERROR_ADDING_RECIPIENT);
+                        goto err;
+                }
+        }
+
+        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+
+        SMIME_crlf_copy(in, p7bio, flags);
+
+        BIO_flush(p7bio);
+
+        if (!PKCS7_dataFinal(p7,p7bio)) {
+                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
+                goto err;
+        }
+        BIO_free_all(p7bio);
+
+        return p7;
+
+        err:
+
+        BIO_free(p7bio);
+        PKCS7_free(p7);
+        return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+        BIO *tmpmem;
+        int ret, i;
+        char buf[4096];
+
+        if(!p7) {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
+                return 0;
+        }
+
+        if(!PKCS7_type_is_enveloped(p7)) {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
+                return 0;
+        }
+
+        if(!X509_check_private_key(cert, pkey)) {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+                                PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return 0;
+        }
+
+        if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+                PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+                return 0;
+        }
+
+        if (flags & PKCS7_TEXT) {
+                BIO *tmpbuf, *bread;
+                /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+                if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                if(!(bread = BIO_push(tmpbuf, tmpmem))) {
+                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                ret = SMIME_text(bread, data);
+                BIO_free_all(bread);
+                return ret;
+        } else {
+                for(;;) {
+                        i = BIO_read(tmpmem, buf, sizeof(buf));
+                        if(i <= 0) break;
+                        BIO_write(data, buf, i);
+                }
+                BIO_free_all(tmpmem);
+                return 1;
+        }
+}
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
new file mode 100644
index 0000000000..15372e18f8
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -0,0 +1,451 @@
+/* crypto/pkcs7/pkcs7.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_PKCS7_H
+#define HEADER_PKCS7_H
+
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+#include <openssl/e_os2.h>
+
+#include <openssl/symhacks.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_SYS_WIN32
+/* Under Win32 thes are defined in wincrypt.h */
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
+
+/*
+Encryption_ID           DES-CBC
+Digest_ID               MD5
+Digest_Encryption_ID    rsaEncryption
+Key_Encryption_ID       rsaEncryption
+*/
+
+typedef struct pkcs7_issuer_and_serial_st
+        {
+        X509_NAME *issuer;
+        ASN1_INTEGER *serial;
+        } PKCS7_ISSUER_AND_SERIAL;
+
+typedef struct pkcs7_signer_info_st
+        {
+        ASN1_INTEGER                    *version;       /* version 1 */
+        PKCS7_ISSUER_AND_SERIAL         *issuer_and_serial;
+        X509_ALGOR                      *digest_alg;
+        STACK_OF(X509_ATTRIBUTE)        *auth_attr;     /* [ 0 ] */
+        X509_ALGOR                      *digest_enc_alg;
+        ASN1_OCTET_STRING               *enc_digest;
+        STACK_OF(X509_ATTRIBUTE)        *unauth_attr;   /* [ 1 ] */
+
+        /* The private key to sign with */
+        EVP_PKEY                        *pkey;
+        } PKCS7_SIGNER_INFO;
+
+DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
+
+typedef struct pkcs7_recip_info_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        PKCS7_ISSUER_AND_SERIAL         *issuer_and_serial;
+        X509_ALGOR                      *key_enc_algor;
+        ASN1_OCTET_STRING               *enc_key;
+        X509                            *cert; /* get the pub-key from this */
+        } PKCS7_RECIP_INFO;
+
+DECLARE_STACK_OF(PKCS7_RECIP_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
+
+typedef struct pkcs7_signed_st
+        {
+        ASN1_INTEGER                    *version;       /* version 1 */
+        STACK_OF(X509_ALGOR)            *md_algs;       /* md used */
+        STACK_OF(X509)                  *cert;          /* [ 0 ] */
+        STACK_OF(X509_CRL)              *crl;           /* [ 1 ] */
+        STACK_OF(PKCS7_SIGNER_INFO)     *signer_info;
+
+        struct pkcs7_st                 *contents;
+        } PKCS7_SIGNED;
+/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
+ * How about merging the two */
+
+typedef struct pkcs7_enc_content_st
+        {
+        ASN1_OBJECT                     *content_type;
+        X509_ALGOR                      *algorithm;
+        ASN1_OCTET_STRING               *enc_data;      /* [ 0 ] */
+        const EVP_CIPHER                *cipher;
+        } PKCS7_ENC_CONTENT;
+
+typedef struct pkcs7_enveloped_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        STACK_OF(PKCS7_RECIP_INFO)      *recipientinfo;
+        PKCS7_ENC_CONTENT               *enc_data;
+        } PKCS7_ENVELOPE;
+
+typedef struct pkcs7_signedandenveloped_st
+        {
+        ASN1_INTEGER                    *version;       /* version 1 */
+        STACK_OF(X509_ALGOR)            *md_algs;       /* md used */
+        STACK_OF(X509)                  *cert;          /* [ 0 ] */
+        STACK_OF(X509_CRL)              *crl;           /* [ 1 ] */
+        STACK_OF(PKCS7_SIGNER_INFO)     *signer_info;
+
+        PKCS7_ENC_CONTENT               *enc_data;
+        STACK_OF(PKCS7_RECIP_INFO)      *recipientinfo;
+        } PKCS7_SIGN_ENVELOPE;
+
+typedef struct pkcs7_digest_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        X509_ALGOR                      *md;            /* md used */
+        struct pkcs7_st                 *contents;
+        ASN1_OCTET_STRING               *digest;
+        } PKCS7_DIGEST;
+
+typedef struct pkcs7_encrypted_st
+        {
+        ASN1_INTEGER                    *version;       /* version 0 */
+        PKCS7_ENC_CONTENT               *enc_data;
+        } PKCS7_ENCRYPT;
+
+typedef struct pkcs7_st
+        {
+        /* The following is non NULL if it contains ASN1 encoding of
+         * this structure */
+        unsigned char *asn1;
+        long length;
+
+#define PKCS7_S_HEADER  0
+#define PKCS7_S_BODY    1
+#define PKCS7_S_TAIL    2
+        int state; /* used during processing */
+
+        int detached;
+
+        ASN1_OBJECT *type;
+        /* content as defined by the type */
+        /* all encryption/message digests are applied to the 'contents',
+         * leaving out the 'type' field. */
+        union   {
+                char *ptr;
+
+                /* NID_pkcs7_data */
+                ASN1_OCTET_STRING *data;
+
+                /* NID_pkcs7_signed */
+                PKCS7_SIGNED *sign;
+
+                /* NID_pkcs7_enveloped */
+                PKCS7_ENVELOPE *enveloped;
+
+                /* NID_pkcs7_signedAndEnveloped */
+                PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
+
+                /* NID_pkcs7_digest */
+                PKCS7_DIGEST *digest;
+
+                /* NID_pkcs7_encrypted */
+                PKCS7_ENCRYPT *encrypted;
+
+                /* Anything else */
+                ASN1_TYPE *other;
+                } d;
+        } PKCS7;
+
+DECLARE_STACK_OF(PKCS7)
+DECLARE_ASN1_SET_OF(PKCS7)
+DECLARE_PKCS12_STACK_OF(PKCS7)
+
+#define PKCS7_OP_SET_DETACHED_SIGNATURE 1
+#define PKCS7_OP_GET_DETACHED_SIGNATURE 2
+
+#define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
+#define PKCS7_get_attributes(si)        ((si)->unauth_attr)
+
+#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
+#define PKCS7_type_is_signedAndEnveloped(a) \
+                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
+#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+
+#define PKCS7_set_detached(p,v) \
+                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
+#define PKCS7_get_detached(p) \
+                PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
+
+#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+
+#ifdef SSLEAY_MACROS
+#ifndef PKCS7_ISSUER_AND_SERIAL_digest
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+                        (char *)data,md,len)
+#endif
+#endif
+
+/* S/MIME related flags */
+
+#define PKCS7_TEXT              0x1
+#define PKCS7_NOCERTS           0x2
+#define PKCS7_NOSIGS            0x4
+#define PKCS7_NOCHAIN           0x8
+#define PKCS7_NOINTERN          0x10
+#define PKCS7_NOVERIFY          0x20
+#define PKCS7_DETACHED          0x40
+#define PKCS7_BINARY            0x80
+#define PKCS7_NOATTR            0x100
+#define PKCS7_NOSMIMECAP        0x200
+#define PKCS7_NOOLDMIMETYPE     0x400
+#define PKCS7_CRLFEOL           0x800
+
+/* Flags: for compatibility with older code */
+
+#define SMIME_TEXT      PKCS7_TEXT
+#define SMIME_NOCERTS   PKCS7_NOCERTS
+#define SMIME_NOSIGS    PKCS7_NOSIGS
+#define SMIME_NOCHAIN   PKCS7_NOCHAIN
+#define SMIME_NOINTERN  PKCS7_NOINTERN
+#define SMIME_NOVERIFY  PKCS7_NOVERIFY
+#define SMIME_DETACHED  PKCS7_DETACHED
+#define SMIME_BINARY    PKCS7_BINARY
+#define SMIME_NOATTR    PKCS7_NOATTR
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+#ifndef SSLEAY_MACROS
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
+        unsigned char *md,unsigned int *len);
+#ifndef OPENSSL_NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
+int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
+#endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
+int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
+#endif
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+DECLARE_ASN1_FUNCTIONS(PKCS7)
+
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
+
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+
+int PKCS7_set_type(PKCS7 *p7, int type);
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+        const EVP_MD *dgst);
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_content_new(PKCS7 *p7, int nid);
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
+        BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                                                                X509 *x509);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
+
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
+        EVP_PKEY *pkey, const EVP_MD *dgst);
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
+        void *data);
+int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+        void *value);
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
+
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                                        BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                                        BIO *indata, BIO *out, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                                                                int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap);
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS7_strings(void);
+
+/* Error codes for the PKCS7 functions. */
+
+/* Function codes. */
+#define PKCS7_F_B64_READ_PKCS7                           120
+#define PKCS7_F_B64_WRITE_PKCS7                          121
+#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
+#define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
+#define PKCS7_F_PKCS7_ADD_CRL                            101
+#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+#define PKCS7_F_PKCS7_ADD_SIGNER                         103
+#define PKCS7_F_PKCS7_CTRL                               104
+#define PKCS7_F_PKCS7_DATADECODE                         112
+#define PKCS7_F_PKCS7_DATAINIT                           105
+#define PKCS7_F_PKCS7_DATASIGN                           106
+#define PKCS7_F_PKCS7_DATAVERIFY                         107
+#define PKCS7_F_PKCS7_DECRYPT                            114
+#define PKCS7_F_PKCS7_ENCRYPT                            115
+#define PKCS7_F_PKCS7_GET0_SIGNERS                       124
+#define PKCS7_F_PKCS7_SET_CIPHER                         108
+#define PKCS7_F_PKCS7_SET_CONTENT                        109
+#define PKCS7_F_PKCS7_SET_TYPE                           110
+#define PKCS7_F_PKCS7_SIGN                               116
+#define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
+#define PKCS7_F_PKCS7_VERIFY                             117
+#define PKCS7_F_SMIME_READ_PKCS7                         122
+#define PKCS7_F_SMIME_TEXT                               123
+
+/* Reason codes. */
+#define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
+#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
+#define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
+#define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
+#define PKCS7_R_DECODE_ERROR                             130
+#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH            100
+#define PKCS7_R_DECRYPT_ERROR                            119
+#define PKCS7_R_DIGEST_FAILURE                           101
+#define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
+#define PKCS7_R_ERROR_SETTING_CIPHER                     121
+#define PKCS7_R_INVALID_MIME_TYPE                        131
+#define PKCS7_R_INVALID_NULL_POINTER                     143
+#define PKCS7_R_MIME_NO_CONTENT_TYPE                     132
+#define PKCS7_R_MIME_PARSE_ERROR                         133
+#define PKCS7_R_MIME_SIG_PARSE_ERROR                     134
+#define PKCS7_R_MISSING_CERIPEND_INFO                    103
+#define PKCS7_R_NO_CONTENT                               122
+#define PKCS7_R_NO_CONTENT_TYPE                          135
+#define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
+#define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
+#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
+#define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
+#define PKCS7_R_NO_SIGNERS                               142
+#define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
+#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
+#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+#define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
+#define PKCS7_R_PKCS7_DATASIGN                           126
+#define PKCS7_R_PKCS7_PARSE_ERROR                        139
+#define PKCS7_R_PKCS7_SIG_PARSE_ERROR                    140
+#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
+#define PKCS7_R_SIGNATURE_FAILURE                        105
+#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+#define PKCS7_R_SIG_INVALID_MIME_TYPE                    141
+#define PKCS7_R_SMIME_TEXT_ERROR                         129
+#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
+#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
+#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
+#define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
+#define PKCS7_R_UNKNOWN_OPERATION                        110
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
+#define PKCS7_R_WRONG_CONTENT_TYPE                       113
+#define PKCS7_R_WRONG_PKCS7_TYPE                         114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
new file mode 100644
index 0000000000..5e51527a40
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -0,0 +1,160 @@
+/* crypto/pkcs7/pkcs7err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA PKCS7_str_functs[]=
+        {
+{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0),  "B64_READ_PKCS7"},
+{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0),       "PKCS7_add_attrib_smimecap"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),   "PKCS7_add_certificate"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),   "PKCS7_add_crl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),        "PKCS7_add_recipient_info"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),        "PKCS7_add_signer"},
+{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),      "PKCS7_ctrl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0),        "PKCS7_dataDecode"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),  "PKCS7_dataInit"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),  "PKCS7_DATASIGN"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),        "PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0),   "PKCS7_decrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0),   "PKCS7_encrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0),      "PKCS7_get0_signers"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),        "PKCS7_set_cipher"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),       "PKCS7_set_content"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),  "PKCS7_set_type"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0),      "PKCS7_sign"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0),   "PKCS7_signatureVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0),   "PKCS7_simple_smimecap"},
+{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0),    "PKCS7_verify"},
+{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0),        "SMIME_read_PKCS7"},
+{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0),      "SMIME_text"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA PKCS7_str_reasons[]=
+        {
+{PKCS7_R_CERTIFICATE_VERIFY_ERROR        ,"certificate verify error"},
+{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
+{PKCS7_R_CIPHER_NOT_INITIALIZED          ,"cipher not initialized"},
+{PKCS7_R_CONTENT_AND_DATA_PRESENT        ,"content and data present"},
+{PKCS7_R_DECODE_ERROR                    ,"decode error"},
+{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH   ,"decrypted key is wrong length"},
+{PKCS7_R_DECRYPT_ERROR                   ,"decrypt error"},
+{PKCS7_R_DIGEST_FAILURE                  ,"digest failure"},
+{PKCS7_R_ERROR_ADDING_RECIPIENT          ,"error adding recipient"},
+{PKCS7_R_ERROR_SETTING_CIPHER            ,"error setting cipher"},
+{PKCS7_R_INVALID_MIME_TYPE               ,"invalid mime type"},
+{PKCS7_R_INVALID_NULL_POINTER            ,"invalid null pointer"},
+{PKCS7_R_MIME_NO_CONTENT_TYPE            ,"mime no content type"},
+{PKCS7_R_MIME_PARSE_ERROR                ,"mime parse error"},
+{PKCS7_R_MIME_SIG_PARSE_ERROR            ,"mime sig parse error"},
+{PKCS7_R_MISSING_CERIPEND_INFO           ,"missing ceripend info"},
+{PKCS7_R_NO_CONTENT                      ,"no content"},
+{PKCS7_R_NO_CONTENT_TYPE                 ,"no content type"},
+{PKCS7_R_NO_MULTIPART_BODY_FAILURE       ,"no multipart body failure"},
+{PKCS7_R_NO_MULTIPART_BOUNDARY           ,"no multipart boundary"},
+{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
+{PKCS7_R_NO_SIGNATURES_ON_DATA           ,"no signatures on data"},
+{PKCS7_R_NO_SIGNERS                      ,"no signers"},
+{PKCS7_R_NO_SIG_CONTENT_TYPE             ,"no sig content type"},
+{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
+{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR       ,"pkcs7 add signature error"},
+{PKCS7_R_PKCS7_DATAFINAL_ERROR           ,"pkcs7 datafinal error"},
+{PKCS7_R_PKCS7_DATASIGN                  ,"pkcs7 datasign"},
+{PKCS7_R_PKCS7_PARSE_ERROR               ,"pkcs7 parse error"},
+{PKCS7_R_PKCS7_SIG_PARSE_ERROR           ,"pkcs7 sig parse error"},
+{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
+{PKCS7_R_SIGNATURE_FAILURE               ,"signature failure"},
+{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND    ,"signer certificate not found"},
+{PKCS7_R_SIG_INVALID_MIME_TYPE           ,"sig invalid mime type"},
+{PKCS7_R_SMIME_TEXT_ERROR                ,"smime text error"},
+{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE      ,"unable to find certificate"},
+{PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
+{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
+{PKCS7_R_UNKNOWN_DIGEST_TYPE             ,"unknown digest type"},
+{PKCS7_R_UNKNOWN_OPERATION               ,"unknown operation"},
+{PKCS7_R_UNSUPPORTED_CIPHER_TYPE         ,"unsupported cipher type"},
+{PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
+{PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
+{PKCS7_R_WRONG_PKCS7_TYPE                ,"wrong pkcs7 type"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_PKCS7_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
+                ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl
new file mode 100644
index 0000000000..e5cbe5319c
--- /dev/null
+++ b/src/lib/libcrypto/rand/Makefile.ssl
@@ -0,0 +1,196 @@
+#
+# SSLeay/crypto/rand/Makefile
+#
+
+DIR=    rand
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_os2.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+        rand_win.o rand_unix.o rand_os2.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rand.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md_rand.o: ../../e_os.h ../../include/openssl/aes.h
+md_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+md_rand.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+md_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+md_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+md_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+md_rand.o: md_rand.c rand_lcl.h
+rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
+rand_egd.o: ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_egd.o: rand_egd.c
+rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_err.o: rand_err.c
+rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rand_lib.o: ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rand_lib.o: ../cryptlib.h rand_lib.c
+rand_os2.o: ../../e_os.h ../../include/openssl/aes.h
+rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_os2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_os2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_os2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_os2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_os2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_os2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_os2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c
+rand_unix.o: ../../e_os.h ../../include/openssl/aes.h
+rand_unix.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_unix.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_unix.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_unix.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_unix.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_unix.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/opensslconf.h
+rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_unix.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_unix.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_unix.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c
+rand_win.o: ../../e_os.h ../../include/openssl/aes.h
+rand_win.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_win.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_win.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_win.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_win.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_win.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_win.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_win.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_win.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
+randfile.o: ../../e_os.h ../../include/openssl/buffer.h
+randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h
+randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+randfile.o: randfile.c
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
new file mode 100644
index 0000000000..604df9be6c
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand.h
@@ -0,0 +1,143 @@
+/* crypto/rand/rand.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RAND_H
+#define HEADER_RAND_H
+
+#include <stdlib.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_WINDOWS)
+#include <windows.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#if defined(OPENSSL_FIPS)
+#define FIPS_RAND_SIZE_T int
+#endif
+
+typedef struct rand_meth_st
+        {
+        void (*seed)(const void *buf, int num);
+        int (*bytes)(unsigned char *buf, int num);
+        void (*cleanup)(void);
+        void (*add)(const void *buf, int num, double entropy);
+        int (*pseudorand)(unsigned char *buf, int num);
+        int (*status)(void);
+        } RAND_METHOD;
+
+#ifdef BN_DEBUG
+extern int rand_predictable;
+#endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+#ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine);
+#endif
+RAND_METHOD *RAND_SSLeay(void);
+void RAND_cleanup(void );
+int  RAND_bytes(unsigned char *buf,int num);
+int  RAND_pseudo_bytes(unsigned char *buf,int num);
+void RAND_seed(const void *buf,int num);
+void RAND_add(const void *buf,int num,double entropy);
+int  RAND_load_file(const char *file,long max_bytes);
+int  RAND_write_file(const char *file);
+const char *RAND_file_name(char *file,size_t num);
+int RAND_status(void);
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path,int bytes);
+int RAND_poll(void);
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+
+void RAND_screen(void);
+int RAND_event(UINT, WPARAM, LPARAM);
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_RAND_strings(void);
+
+/* Error codes for the RAND functions. */
+
+/* Function codes. */
+#define RAND_F_FIPS_RAND_BYTES                           102
+#define RAND_F_RAND_GET_RAND_METHOD                      101
+#define RAND_F_SSLEAY_RAND_BYTES                         100
+
+/* Reason codes. */
+#define RAND_R_NON_FIPS_METHOD                           101
+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH                  105
+#define RAND_R_PRNG_NOT_REKEYED                          103
+#define RAND_R_PRNG_NOT_RESEEDED                         104
+#define RAND_R_PRNG_NOT_SEEDED                           100
+#define RAND_R_PRNG_STUCK                                102
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
new file mode 100644
index 0000000000..95574659ac
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -0,0 +1,101 @@
+/* crypto/rand/rand_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA RAND_str_functs[]=
+        {
+{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0),  "FIPS_RAND_BYTES"},
+{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0),     "RAND_get_rand_method"},
+{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0),        "SSLEAY_RAND_BYTES"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA RAND_str_reasons[]=
+        {
+{RAND_R_NON_FIPS_METHOD                  ,"non fips method"},
+{RAND_R_PRNG_ASKING_FOR_TOO_MUCH         ,"prng asking for too much"},
+{RAND_R_PRNG_NOT_REKEYED                 ,"prng not rekeyed"},
+{RAND_R_PRNG_NOT_RESEEDED                ,"prng not reseeded"},
+{RAND_R_PRNG_NOT_SEEDED                  ,"PRNG not seeded"},
+{RAND_R_PRNG_STUCK                       ,"prng stuck"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_RAND_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_RAND,RAND_str_functs);
+                ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
new file mode 100644
index 0000000000..88f1b56d91
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -0,0 +1,188 @@
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+
+#ifndef OPENSSL_NO_ENGINE
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+#endif
+static const RAND_METHOD *default_RAND_meth = NULL;
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+        {
+#ifndef OPENSSL_NO_ENGINE
+        if(funct_ref)
+                {
+                ENGINE_finish(funct_ref);
+                funct_ref = NULL;
+                }
+#endif
+        default_RAND_meth = meth;
+        return 1;
+        }
+
+const RAND_METHOD *RAND_get_rand_method(void)
+        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode()
+                && default_RAND_meth != FIPS_rand_check())
+            {
+            RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+            return 0;
+            }
+#endif
+
+
+        if (!default_RAND_meth)
+                {
+#ifndef OPENSSL_NO_ENGINE
+                ENGINE *e = ENGINE_get_default_RAND();
+                if(e)
+                        {
+                        default_RAND_meth = ENGINE_get_RAND(e);
+                        if(!default_RAND_meth)
+                                {
+                                ENGINE_finish(e);
+                                e = NULL;
+                                }
+                        }
+                if(e)
+                        funct_ref = e;
+                else
+#endif
+                        default_RAND_meth = RAND_SSLeay();
+                }
+        return default_RAND_meth;
+        }
+
+#ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine)
+        {
+        const RAND_METHOD *tmp_meth = NULL;
+        if(engine)
+                {
+                if(!ENGINE_init(engine))
+                        return 0;
+                tmp_meth = ENGINE_get_RAND(engine);
+                if(!tmp_meth)
+                        {
+                        ENGINE_finish(engine);
+                        return 0;
+                        }
+                }
+        /* This function releases any prior ENGINE so call it first */
+        RAND_set_rand_method(tmp_meth);
+        funct_ref = engine;
+        return 1;
+        }
+#endif
+
+void RAND_cleanup(void)
+        {
+        const RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->cleanup)
+                meth->cleanup();
+        RAND_set_rand_method(NULL);
+        }
+
+void RAND_seed(const void *buf, int num)
+        {
+        const RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->seed)
+                meth->seed(buf,num);
+        }
+
+void RAND_add(const void *buf, int num, double entropy)
+        {
+        const RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->add)
+                meth->add(buf,num,entropy);
+        }
+
+int RAND_bytes(unsigned char *buf, int num)
+        {
+        const RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->bytes)
+                return meth->bytes(buf,num);
+        return(-1);
+        }
+
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+        {
+        const RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->pseudorand)
+                return meth->pseudorand(buf,num);
+        return(-1);
+        }
+
+int RAND_status(void)
+        {
+        const RAND_METHOD *meth = RAND_get_rand_method();
+        if (meth && meth->status)
+                return meth->status();
+        return 0;
+        }
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
new file mode 100644
index 0000000000..9bd89ba495
--- /dev/null
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -0,0 +1,285 @@
+/* crypto/rand/randfile.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#define _XOPEN_SOURCE 1
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+
+#ifdef OPENSSL_SYS_VMS
+#include <unixio.h>
+#endif
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef MAC_OS_pre_X
+# include <stat.h>
+#else
+# include <sys/stat.h>
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE 1024
+#define RAND_DATA 1024
+
+/* #define RFILE ".rnd" - defined in ../../e_os.h */
+
+/* Note that these functions are intended for seed files only.
+ * Entropy devices and EGD sockets are handled in rand_unix.c */
+
+int RAND_load_file(const char *file, long bytes)
+        {
+        /* If bytes >= 0, read up to 'bytes' bytes.
+         * if bytes == -1, read complete file. */
+
+        MS_STATIC unsigned char buf[BUFSIZE];
+        struct stat sb;
+        int i,ret=0,n;
+        FILE *in;
+
+        if (file == NULL) return(0);
+
+        i=stat(file,&sb);
+        /* If the state fails, put some crap in anyway */
+        RAND_add(&sb,sizeof(sb),0);
+        if (i < 0) return(0);
+        if (bytes == 0) return(ret);
+
+        in=fopen(file,"rb");
+        if (in == NULL) goto err;
+#if defined(S_IFBLK) && defined(S_IFCHR)
+        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+          /* this file is a device. we don't want read an infinite number
+           * of bytes from a random device, nor do we want to use buffered
+           * I/O because we will waste system entropy. 
+           */
+          bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+          setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+        }
+#endif
+        for (;;)
+                {
+                if (bytes > 0)
+                        n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+                else
+                        n = BUFSIZE;
+                i=fread(buf,1,n,in);
+                if (i <= 0) break;
+                /* even if n != i, use the full array */
+                RAND_add(buf,n,i);
+                ret+=i;
+                if (bytes > 0)
+                        {
+                        bytes-=n;
+                        if (bytes <= 0) break;
+                        }
+                }
+        fclose(in);
+        OPENSSL_cleanse(buf,BUFSIZE);
+err:
+        return(ret);
+        }
+
+int RAND_write_file(const char *file)
+        {
+        unsigned char buf[BUFSIZE];
+        int i,ret=0,rand_err=0;
+        FILE *out = NULL;
+        int n;
+        struct stat sb;
+        
+        i=stat(file,&sb);
+        if (i != -1) { 
+#if defined(S_IFBLK) && defined(S_IFCHR)
+          if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+            /* this file is a device. we don't write back to it. 
+             * we "succeed" on the assumption this is some sort 
+             * of random device. Otherwise attempting to write to 
+             * and chmod the device causes problems.
+             */
+            return(1); 
+          }
+#endif
+        }
+
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
+        {
+        /* For some reason Win32 can't write to files created this way */
+        
+        /* chmod(..., 0600) is too late to protect the file,
+         * permissions should be restrictive from the start */
+        int fd = open(file, O_CREAT, 0600);
+        if (fd != -1)
+                out = fdopen(fd, "wb");
+        }
+#endif
+        if (out == NULL)
+                out = fopen(file,"wb");
+        if (out == NULL) goto err;
+
+#ifndef NO_CHMOD
+        chmod(file,0600);
+#endif
+        n=RAND_DATA;
+        for (;;)
+                {
+                i=(n > BUFSIZE)?BUFSIZE:n;
+                n-=BUFSIZE;
+                if (RAND_bytes(buf,i) <= 0)
+                        rand_err=1;
+                i=fwrite(buf,1,i,out);
+                if (i <= 0)
+                        {
+                        ret=0;
+                        break;
+                        }
+                ret+=i;
+                if (n <= 0) break;
+                }
+#ifdef OPENSSL_SYS_VMS
+        /* Try to delete older versions of the file, until there aren't
+           any */
+        {
+        char *tmpf;
+
+        tmpf = OPENSSL_malloc(strlen(file) + 4);  /* to add ";-1" and a nul */
+        if (tmpf)
+                {
+                strcpy(tmpf, file);
+                strcat(tmpf, ";-1");
+                while(delete(tmpf) == 0)
+                        ;
+                rename(file,";1"); /* Make sure it's version 1, or we
+                                      will reach the limit (32767) at
+                                      some point... */
+                }
+        }
+#endif /* OPENSSL_SYS_VMS */
+
+        fclose(out);
+        OPENSSL_cleanse(buf,BUFSIZE);
+err:
+        return (rand_err ? -1 : ret);
+        }
+
+const char *RAND_file_name(char *buf, size_t size)
+        {
+        char *s=NULL;
+        int ok = 0;
+#ifdef __OpenBSD__
+        struct stat sb;
+#endif
+
+        if (issetugid() == 0)
+                s=getenv("RANDFILE");
+        if (s != NULL && *s && strlen(s) + 1 < size)
+                {
+                if (BUF_strlcpy(buf,s,size) >= size)
+                        return NULL;
+                }
+        else
+                {
+                if (issetugid() == 0)
+                        s=getenv("HOME");
+#ifdef DEFAULT_HOME
+                if (s == NULL)
+                        {
+                        s = DEFAULT_HOME;
+                        }
+#endif
+                if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
+                        {
+                        BUF_strlcpy(buf,s,size);
+#ifndef OPENSSL_SYS_VMS
+                        BUF_strlcat(buf,"/",size);
+#endif
+                        BUF_strlcat(buf,RFILE,size);
+                        ok = 1;
+                        }
+                else
+                        buf[0] = '\0'; /* no file name */
+                }
+
+#ifdef __OpenBSD__
+        /* given that all random loads just fail if the file can't be 
+         * seen on a stat, we stat the file we're returning, if it
+         * fails, use /dev/arandom instead. this allows the user to 
+         * use their own source for good random data, but defaults
+         * to something hopefully decent if that isn't available. 
+         */
+
+        if (!ok)
+                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+                        return(NULL);
+                }       
+        if (stat(buf,&sb) == -1)
+                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+                        return(NULL);
+                }       
+
+#endif
+        return(buf);
+        }
diff --git a/src/lib/libcrypto/rc2/Makefile.ssl b/src/lib/libcrypto/rc2/Makefile.ssl
new file mode 100644
index 0000000000..98d5960d5d
--- /dev/null
+++ b/src/lib/libcrypto/rc2/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/rc2/Makefile
+#
+
+DIR=    rc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_cbc.c rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h rc2cfb64.c
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h rc2ofb64.c
diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h
new file mode 100644
index 0000000000..71788158d8
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2.h
@@ -0,0 +1,104 @@
+/* crypto/rc2/rc2.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC2_H
+#define HEADER_RC2_H
+
+#ifdef OPENSSL_NO_RC2
+#error RC2 is disabled.
+#endif
+
+#define RC2_ENCRYPT     1
+#define RC2_DECRYPT     0
+
+#include <openssl/opensslconf.h> /* RC2_INT */
+#define RC2_BLOCK       8
+#define RC2_KEY_LENGTH  16
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc2_key_st
+        {
+        RC2_INT data[64];
+        } RC2_KEY;
+
+#ifdef OPENSSL_FIPS 
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+                                                                int bits);
+#endif
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
+                     int enc);
+void RC2_encrypt(unsigned long *data,RC2_KEY *key);
+void RC2_decrypt(unsigned long *data,RC2_KEY *key);
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+        RC2_KEY *ks, unsigned char *iv, int enc);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/rc2/rc2_cbc.c b/src/lib/libcrypto/rc2/rc2_cbc.c
new file mode 100644
index 0000000000..74f48d3d87
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_cbc.c
@@ -0,0 +1,226 @@
+/* crypto/rc2/rc2_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+             RC2_KEY *ks, unsigned char *iv, int encrypt)
+        {
+        register unsigned long tin0,tin1;
+        register unsigned long tout0,tout1,xor0,xor1;
+        register long l=length;
+        unsigned long tin[2];
+
+        if (encrypt)
+                {
+                c2l(iv,tout0);
+                c2l(iv,tout1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0);
+                        c2l(in,tin1);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC2_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                if (l != -8)
+                        {
+                        c2ln(in,tin0,tin1,l+8);
+                        tin0^=tout0;
+                        tin1^=tout1;
+                        tin[0]=tin0;
+                        tin[1]=tin1;
+                        RC2_encrypt(tin,ks);
+                        tout0=tin[0]; l2c(tout0,out);
+                        tout1=tin[1]; l2c(tout1,out);
+                        }
+                l2c(tout0,iv);
+                l2c(tout1,iv);
+                }
+        else
+                {
+                c2l(iv,xor0);
+                c2l(iv,xor1);
+                iv-=8;
+                for (l-=8; l>=0; l-=8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC2_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2c(tout0,out);
+                        l2c(tout1,out);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                if (l != -8)
+                        {
+                        c2l(in,tin0); tin[0]=tin0;
+                        c2l(in,tin1); tin[1]=tin1;
+                        RC2_decrypt(tin,ks);
+                        tout0=tin[0]^xor0;
+                        tout1=tin[1]^xor1;
+                        l2cn(tout0,tout1,out,l+8);
+                        xor0=tin0;
+                        xor1=tin1;
+                        }
+                l2c(xor0,iv);
+                l2c(xor1,iv);
+                }
+        tin0=tin1=tout0=tout1=xor0=xor1=0;
+        tin[0]=tin[1]=0;
+        }
+
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
+        {
+        int i,n;
+        register RC2_INT *p0,*p1;
+        register RC2_INT x0,x1,x2,x3,t;
+        unsigned long l;
+
+        l=d[0];
+        x0=(RC2_INT)l&0xffff;
+        x1=(RC2_INT)(l>>16L);
+        l=d[1];
+        x2=(RC2_INT)l&0xffff;
+        x3=(RC2_INT)(l>>16L);
+
+        n=3;
+        i=5;
+
+        p0=p1= &(key->data[0]);
+        for (;;)
+                {
+                t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
+                x0=(t<<1)|(t>>15);
+                t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
+                x1=(t<<2)|(t>>14);
+                t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
+                x2=(t<<3)|(t>>13);
+                t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
+                x3=(t<<5)|(t>>11);
+
+                if (--i == 0)
+                        {
+                        if (--n == 0) break;
+                        i=(n == 2)?6:5;
+
+                        x0+=p1[x3&0x3f];
+                        x1+=p1[x0&0x3f];
+                        x2+=p1[x1&0x3f];
+                        x3+=p1[x2&0x3f];
+                        }
+                }
+
+        d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+        d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+        }
+
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
+        {
+        int i,n;
+        register RC2_INT *p0,*p1;
+        register RC2_INT x0,x1,x2,x3,t;
+        unsigned long l;
+
+        l=d[0];
+        x0=(RC2_INT)l&0xffff;
+        x1=(RC2_INT)(l>>16L);
+        l=d[1];
+        x2=(RC2_INT)l&0xffff;
+        x3=(RC2_INT)(l>>16L);
+
+        n=3;
+        i=5;
+
+        p0= &(key->data[63]);
+        p1= &(key->data[0]);
+        for (;;)
+                {
+                t=((x3<<11)|(x3>>5))&0xffff;
+                x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
+                t=((x2<<13)|(x2>>3))&0xffff;
+                x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
+                t=((x1<<14)|(x1>>2))&0xffff;
+                x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
+                t=((x0<<15)|(x0>>1))&0xffff;
+                x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
+
+                if (--i == 0)
+                        {
+                        if (--n == 0) break;
+                        i=(n == 2)?6:5;
+
+                        x3=(x3-p1[x2&0x3f])&0xffff;
+                        x2=(x2-p1[x1&0x3f])&0xffff;
+                        x1=(x1-p1[x0&0x3f])&0xffff;
+                        x0=(x0-p1[x3&0x3f])&0xffff;
+                        }
+                }
+
+        d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
+        d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
+        }
+
diff --git a/src/lib/libcrypto/rc2/rc2_ecb.c b/src/lib/libcrypto/rc2/rc2_ecb.c
new file mode 100644
index 0000000000..d3e8c2718a
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_ecb.c
@@ -0,0 +1,88 @@
+/* crypto/rc2/rc2_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+#include <openssl/opensslv.h>
+
+const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
+
+/* RC2 as implemented frm a posting from
+ * Newsgroups: sci.crypt
+ * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+ * Subject: Specification for Ron Rivests Cipher No.2
+ * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+ * Date: 11 Feb 1996 06:45:03 GMT
+ */
+
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+                     int encrypt)
+        {
+        unsigned long l,d[2];
+
+        c2l(in,l); d[0]=l;
+        c2l(in,l); d[1]=l;
+        if (encrypt)
+                RC2_encrypt(d,ks);
+        else
+                RC2_decrypt(d,ks);
+        l=d[0]; l2c(l,out);
+        l=d[1]; l2c(l,out);
+        l=d[0]=d[1]=0;
+        }
+
diff --git a/src/lib/libcrypto/rc2/rc2_locl.h b/src/lib/libcrypto/rc2/rc2_locl.h
new file mode 100644
index 0000000000..565cd17619
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_locl.h
@@ -0,0 +1,156 @@
+/* crypto/rc2/rc2_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#define C_RC2(n) \
+        t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+        x0=(t<<1)|(t>>15); \
+        t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+        x1=(t<<2)|(t>>14); \
+        t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+        x2=(t<<3)|(t>>13); \
+        t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+        x3=(t<<5)|(t>>11);
+
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
new file mode 100644
index 0000000000..22f372f85c
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2_skey.c
@@ -0,0 +1,151 @@
+/* crypto/rc2/rc2_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include <openssl/crypto.h>
+#include "rc2_locl.h"
+
+static unsigned char key_table[256]={
+        0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
+        0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
+        0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
+        0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
+        0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
+        0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
+        0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
+        0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
+        0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
+        0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
+        0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
+        0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
+        0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
+        0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
+        0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
+        0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
+        0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
+        0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
+        0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
+        0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
+        0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
+        0xfe,0x7f,0xc1,0xad,
+        };
+
+/* It has come to my attention that there are 2 versions of the RC2
+ * key schedule.  One which is normal, and anther which has a hook to
+ * use a reduced key length.
+ * BSAFE uses the 'retarded' version.  What I previously shipped is
+ * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
+ * a version where the bits parameter is the same as len*8 */
+
+#ifdef OPENSSL_FIPS
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+        {
+        if (FIPS_mode())
+                FIPS_BAD_ABORT(RC2)
+        private_RC2_set_key(key, len, data, bits);
+        }
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+                                                                int bits)
+#else
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+#endif
+        {
+        int i,j;
+        unsigned char *k;
+        RC2_INT *ki;
+        unsigned int c,d;
+
+        k= (unsigned char *)&(key->data[0]);
+        *k=0; /* for if there is a zero length key */
+
+        if (len > 128) len=128;
+        if (bits <= 0) bits=1024;
+        if (bits > 1024) bits=1024;
+
+        for (i=0; i<len; i++)
+                k[i]=data[i];
+
+        /* expand table */
+        d=k[len-1];
+        j=0;
+        for (i=len; i < 128; i++,j++)
+                {
+                d=key_table[(k[j]+d)&0xff];
+                k[i]=d;
+                }
+
+        /* hmm.... key reduction to 'bits' bits */
+
+        j=(bits+7)>>3;
+        i=128-j;
+        c= (0xff>>(-bits & 0x07));
+
+        d=key_table[k[i]&c];
+        k[i]=d;
+        while (i--)
+                {
+                d=key_table[k[i+j]^d];
+                k[i]=d;
+                }
+
+        /* copy from bytes into RC2_INT's */
+        ki= &(key->data[63]);
+        for (i=127; i>=0; i-=2)
+                *(ki--)=((k[i]<<8)|k[i-1])&0xffff;
+        }
+
diff --git a/src/lib/libcrypto/rc2/rc2cfb64.c b/src/lib/libcrypto/rc2/rc2cfb64.c
new file mode 100644
index 0000000000..b3a0158a6e
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2cfb64.c
@@ -0,0 +1,122 @@
+/* crypto/rc2/rc2cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/* The input and output encrypted as though 64bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int encrypt)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned long ti[2];
+        unsigned char *iv,c,cc;
+
+        iv=(unsigned char *)ivec;
+        if (encrypt)
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC2_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        c= *(in++)^iv[n];
+                        *(out++)=c;
+                        iv[n]=c;
+                        n=(n+1)&0x07;
+                        }
+                }
+        else
+                {
+                while (l--)
+                        {
+                        if (n == 0)
+                                {
+                                c2l(iv,v0); ti[0]=v0;
+                                c2l(iv,v1); ti[1]=v1;
+                                RC2_encrypt((unsigned long *)ti,schedule);
+                                iv=(unsigned char *)ivec;
+                                t=ti[0]; l2c(t,iv);
+                                t=ti[1]; l2c(t,iv);
+                                iv=(unsigned char *)ivec;
+                                }
+                        cc= *(in++);
+                        c=iv[n];
+                        iv[n]=cc;
+                        *(out++)=c^cc;
+                        n=(n+1)&0x07;
+                        }
+                }
+        v0=v1=ti[0]=ti[1]=t=c=cc=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/rc2/rc2ofb64.c b/src/lib/libcrypto/rc2/rc2ofb64.c
new file mode 100644
index 0000000000..9e297867ed
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2ofb64.c
@@ -0,0 +1,111 @@
+/* crypto/rc2/rc2ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/* The input and output encrypted as though 64bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 64bit block we have used is contained in *num;
+ */
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num)
+        {
+        register unsigned long v0,v1,t;
+        register int n= *num;
+        register long l=length;
+        unsigned char d[8];
+        register char *dp;
+        unsigned long ti[2];
+        unsigned char *iv;
+        int save=0;
+
+        iv=(unsigned char *)ivec;
+        c2l(iv,v0);
+        c2l(iv,v1);
+        ti[0]=v0;
+        ti[1]=v1;
+        dp=(char *)d;
+        l2c(v0,dp);
+        l2c(v1,dp);
+        while (l--)
+                {
+                if (n == 0)
+                        {
+                        RC2_encrypt((unsigned long *)ti,schedule);
+                        dp=(char *)d;
+                        t=ti[0]; l2c(t,dp);
+                        t=ti[1]; l2c(t,dp);
+                        save++;
+                        }
+                *(out++)= *(in++)^d[n];
+                n=(n+1)&0x07;
+                }
+        if (save)
+                {
+                v0=ti[0];
+                v1=ti[1];
+                iv=(unsigned char *)ivec;
+                l2c(v0,iv);
+                l2c(v1,iv);
+                }
+        t=v0=v1=ti[0]=ti[1]=0;
+        *num=n;
+        }
+
diff --git a/src/lib/libcrypto/rc2/rc2speed.c b/src/lib/libcrypto/rc2/rc2speed.c
index 4d0e1242ea..47d34b444e 100644
--- a/src/lib/libcrypto/rc2/rc2speed.c
+++ b/src/lib/libcrypto/rc2/rc2speed.c
@@ -102,10 +102,10 @@ OPENSSL_DECLARE_EXIT
 #ifndef HZ
 #ifndef CLK_TCK
 #define HZ      100.0
-#else   /* CLK_TCK */
+#endif
+#else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
-#endif  /* CLK_TCK */
-#endif  /* HZ */
+#endif
 
 #define BUFSIZE ((long)1024)
 long run=0;
diff --git a/src/lib/libcrypto/rc2/rrc2.doc b/src/lib/libcrypto/rc2/rrc2.doc
new file mode 100644
index 0000000000..f93ee003d2
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rrc2.doc
@@ -0,0 +1,219 @@
+>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
+Article 23601 of sci.crypt:
+Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
+>From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+Newsgroups: sci.crypt
+Subject: Specification for Ron Rivests Cipher No.2
+Date: 11 Feb 1996 06:45:03 GMT
+Organization: University of Auckland
+Lines: 203
+Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+NNTP-Posting-Host: cs26.cs.auckland.ac.nz
+X-Newsreader: NN version 6.5.0 #3 (NOV)
+
+
+
+
+                           Ron Rivest's Cipher No.2
+                           ------------------------
+ 
+Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
+refer to it by other names) is word oriented, operating on a block of 64 bits
+divided into four 16-bit words, with a key table of 64 words.  All data units
+are little-endian.  This functional description of the algorithm is based in
+the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
+the same general layout, terminology, and pseudocode style.
+ 
+ 
+Notation and RRC.2 Primitive Operations
+ 
+RRC.2 uses the following primitive operations:
+ 
+1. Two's-complement addition of words, denoted by "+".  The inverse operation,
+   subtraction, is denoted by "-".
+2. Bitwise exclusive OR, denoted by "^".
+3. Bitwise AND, denoted by "&".
+4. Bitwise NOT, denoted by "~".
+5. A left-rotation of words; the rotation of word x left by y is denoted
+   x <<< y.  The inverse operation, right-rotation, is denoted x >>> y.
+ 
+These operations are directly and efficiently supported by most processors.
+ 
+ 
+The RRC.2 Algorithm
+ 
+RRC.2 consists of three components, a *key expansion* algorithm, an
+*encryption* algorithm, and a *decryption* algorithm.
+ 
+ 
+Key Expansion
+ 
+The purpose of the key-expansion routine is to expand the user's key K to fill
+the expanded key array S, so S resembles an array of random binary words
+determined by the user's secret key K.
+ 
+Initialising the S-box
+ 
+RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
+Beale Cipher No.1 XOR'd with a one-time pad.  The Beale Ciphers predate modern
+cryptography by enough time that there should be no concerns about trapdoors
+hidden in the data.  They have been published widely, and the S-box can be
+easily recreated from the one-time pad values and the Beale Cipher data taken
+from a standard source.  To initialise the S-box:
+ 
+  for i = 0 to 255 do
+    sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
+ 
+The contents of Beale Cipher No.1 and the necessary one-time pad are given as
+an appendix at the end of this document.  For efficiency, implementors may wish
+to skip the Beale Cipher expansion and store the sBox table directly.
+ 
+Expanding the Secret Key to 128 Bytes
+ 
+The secret key is first expanded to fill 128 bytes (64 words).  The expansion
+consists of taking the sum of the first and last bytes in the user key, looking
+up the sum (modulo 256) in the S-box, and appending the result to the key.  The
+operation is repeated with the second byte and new last byte of the key until
+all 128 bytes have been generated.  Note that the following pseudocode treats
+the S array as an array of 128 bytes rather than 64 words.
+ 
+  for j = 0 to length-1 do
+    S[ j ] = K[ j ]
+  for j = length to 127 do
+    s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
+ 
+At this point it is possible to perform a truncation of the effective key
+length to ease the creation of espionage-enabled software products.  However
+since the author cannot conceive why anyone would want to do this, it will not
+be considered further.
+ 
+The final phase of the key expansion involves replacing the first byte of S
+with the entry selected from the S-box:
+ 
+  S[ 0 ] = sBox[ S[ 0 ] ]
+ 
+ 
+Encryption
+ 
+The cipher has 16 full rounds, each divided into 4 subrounds.  Two of the full
+rounds perform an additional transformation on the data.  Note that the
+following pseudocode treats the S array as an array of 64 words rather than 128
+bytes.
+ 
+  for i = 0 to 15 do
+    j = i * 4;
+    word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
+    word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
+    word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
+    word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
+ 
+In addition the fifth and eleventh rounds add the contents of the S-box indexed
+by one of the data words to another of the data words following the four
+subrounds as follows:
+ 
+    word0 = word0 + S[ word3 & 63 ];
+    word1 = word1 + S[ word0 & 63 ];
+    word2 = word2 + S[ word1 & 63 ];
+    word3 = word3 + S[ word2 & 63 ];
+ 
+ 
+Decryption
+ 
+The decryption operation is simply the inverse of the encryption operation.
+Note that the following pseudocode treats the S array as an array of 64 words
+rather than 128 bytes.
+ 
+  for i = 15 downto 0 do
+    j = i * 4;
+    word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
+    word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
+    word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
+    word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
+ 
+In addition the fifth and eleventh rounds subtract the contents of the S-box
+indexed by one of the data words from another one of the data words following
+the four subrounds as follows:
+ 
+    word3 = word3 - S[ word2 & 63 ]
+    word2 = word2 - S[ word1 & 63 ]
+    word1 = word1 - S[ word0 & 63 ]
+    word0 = word0 - S[ word3 & 63 ]
+ 
+ 
+Test Vectors
+ 
+The following test vectors may be used to test the correctness of an RRC.2
+implementation:
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
+ 
+  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Plain:    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+  Cipher:   0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
+ 
+  Key:      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+  Cipher:   0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
+ 
+ 
+Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
+          Creating the S-Box
+ 
+Beale Cipher No.1.
+ 
+  71, 194,  38,1701,  89,  76,  11,  83,1629,  48,  94,  63, 132,  16, 111,  95,
+  84, 341, 975,  14,  40,  64,  27,  81, 139, 213,  63,  90,1120,   8,  15,   3,
+ 126,2018,  40,  74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
+ 124, 211, 486, 225, 401, 370,  11, 101, 305, 139, 189,  17,  33,  88, 208, 193,
+ 145,   1,  94,  73, 416, 918, 263,  28, 500, 538, 356, 117, 136, 219,  27, 176,
+ 130,  10, 460,  25, 485,  18, 436,  65,  84, 200, 283, 118, 320, 138,  36, 416,
+ 280,  15,  71, 224, 961,  44,  16, 401,  39,  88,  61, 304,  12,  21,  24, 283,
+ 134,  92,  63, 246, 486, 682,   7, 219, 184, 360, 780,  18,  64, 463, 474, 131,
+ 160,  79,  73, 440,  95,  18,  64, 581,  34,  69, 128, 367, 460,  17,  81,  12,
+ 103, 820,  62, 110,  97, 103, 862,  70,  60,1317, 471, 540, 208, 121, 890, 346,
+  36, 150,  59, 568, 614,  13, 120,  63, 219, 812,2160,1780,  99,  35,  18,  21,
+ 136, 872,  15,  28, 170,  88,   4,  30,  44, 112,  18, 147, 436, 195, 320,  37,
+ 122, 113,   6, 140,   8, 120, 305,  42,  58, 461,  44, 106, 301,  13, 408, 680,
+  93,  86, 116, 530,  82, 568,   9, 102,  38, 416,  89,  71, 216, 728, 965, 818,
+   2,  38, 121, 195,  14, 326, 148, 234,  18,  55, 131, 234, 361, 824,   5,  81,
+ 623,  48, 961,  19,  26,  33,  10,1101, 365,  92,  88, 181, 275, 346, 201, 206
+ 
+One-time Pad.
+ 
+ 158, 186, 223,  97,  64, 145, 190, 190, 117, 217, 163,  70, 206, 176, 183, 194,
+ 146,  43, 248, 141,   3,  54,  72, 223, 233, 153,  91, 210,  36, 131, 244, 161,
+ 105, 120, 113, 191, 113,  86,  19, 245, 213, 221,  43,  27, 242, 157,  73, 213,
+ 193,  92, 166,  10,  23, 197, 112, 110, 193,  30, 156,  51, 125,  51, 158,  67,
+ 197, 215,  59, 218, 110, 246, 181,   0, 135,  76, 164,  97,  47,  87, 234, 108,
+ 144, 127,   6,   6, 222, 172,  80, 144,  22, 245, 207,  70, 227, 182, 146, 134,
+ 119, 176,  73,  58, 135,  69,  23, 198,   0, 170,  32, 171, 176, 129,  91,  24,
+ 126,  77, 248,   0, 118,  69,  57,  60, 190, 171, 217,  61, 136, 169, 196,  84,
+ 168, 167, 163, 102, 223,  64, 174, 178, 166, 239, 242, 195, 249,  92,  59,  38,
+ 241,  46, 236,  31,  59, 114,  23,  50, 119, 186,   7,  66, 212,  97, 222, 182,
+ 230, 118, 122,  86, 105,  92, 179, 243, 255, 189, 223, 164, 194, 215,  98,  44,
+  17,  20,  53, 153, 137, 224, 176, 100, 208, 114,  36, 200, 145, 150, 215,  20,
+  87,  44, 252,  20, 235, 242, 163, 132,  63,  18,   5, 122,  74,  97,  34,  97,
+ 142,  86, 146, 221, 179, 166, 161,  74,  69, 182,  88, 120, 128,  58,  76, 155,
+  15,  30,  77, 216, 165, 117, 107,  90, 169, 127, 143, 181, 208, 137, 200, 127,
+ 170, 195,  26,  84, 255, 132, 150,  58, 103, 250, 120, 221, 237,  37,   8,  99
+ 
+ 
+Implementation
+ 
+A non-US based programmer who has never seen any encryption code before will
+shortly be implementing RRC.2 based solely on this specification and not on
+knowledge of any other encryption algorithms.  Stand by.
+
+
+
diff --git a/src/lib/libcrypto/rc2/version b/src/lib/libcrypto/rc2/version
new file mode 100644
index 0000000000..6f89d595f1
--- /dev/null
+++ b/src/lib/libcrypto/rc2/version
@@ -0,0 +1,22 @@
+1.1 23/08/96 - eay
+        Changed RC2_set_key() so it now takes another argument.  Many
+        thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
+        clarification and origional specification of RC2.  BSAFE uses
+        this last parameter, 'bits'.  It the key is 128 bits, BSAFE
+        also sets this parameter to 128.  The old behaviour can be
+        duplicated by setting this parameter to 1024.
+
+1.0 08/04/96 - eay
+        First version of SSLeay with rc2.  This has been written from the spec
+        posted sci.crypt.  It is in this directory under rrc2.doc
+        I have no test values for any mode other than ecb, my wrappers for the
+        other modes should be ok since they are basically the same as
+        the ones taken from idea and des :-).  I have implemented them as
+        little-endian operators.
+        While rc2 is included because it is used with SSL, I don't know how
+        far I trust it.  It is about the same speed as IDEA and DES.
+        So if you are paranoid, used Tripple DES, else IDEA.  If RC2
+        does get used more, perhaps more people will look for weaknesses in
+        it.
+        
+
diff --git a/src/lib/libcrypto/rc4/Makefile.ssl b/src/lib/libcrypto/rc4/Makefile.ssl
new file mode 100644
index 0000000000..3e602662be
--- /dev/null
+++ b/src/lib/libcrypto/rc4/Makefile.ssl
@@ -0,0 +1,110 @@
+#
+# SSLeay/crypto/rc4/Makefile
+#
+
+DIR=    rc4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
+
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+        $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+        $(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
+
+asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+rc4_enc.o: rc4_enc.c rc4_locl.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+rc4_skey.o: rc4_locl.h rc4_skey.c
diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl
new file mode 100644
index 0000000000..d6e98f0811
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl
@@ -0,0 +1,229 @@
+#!/usr/local/bin/perl
+
+# At some point it became apparent that the original SSLeay RC4
+# assembler implementation performs suboptimaly on latest IA-32
+# microarchitectures. After re-tuning performance has changed as
+# following:
+#
+# Pentium       +0%
+# Pentium III   +17%
+# AMD           +52%(*)
+# P4            +180%(**)
+#
+# (*)   This number is actually a trade-off:-) It's possible to
+#       achieve +72%, but at the cost of -48% off PIII performance.
+#       In other words code performing further 13% faster on AMD
+#       would perform almost 2 times slower on Intel PIII...
+#       For reference! This code delivers ~80% of rc4-amd64.pl
+#       performance on the same Opteron machine.
+# (**)  This number requires compressed key schedule set up by
+#       RC4_set_key and therefore doesn't apply to 0.9.7 [option for
+#       compressed key schedule is implemented in 0.9.8 and later,
+#       see commentary section in rc4_skey.c for further details].
+#
+#                                       <appro@fy.chalmers.se>
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"rc4-586.pl");
+
+$x="eax";
+$y="ebx";
+$tx="ecx";
+$ty="edx";
+$in="esi";
+$out="edi";
+$d="ebp";
+
+&RC4("RC4");
+
+&asm_finish();
+
+sub RC4_loop
+        {
+        local($n,$p,$char)=@_;
+
+        &comment("Round $n");
+
+        if ($char)
+                {
+                if ($p >= 0)
+                        {
+                         &mov($ty,      &swtmp(2));
+                        &cmp($ty,       $in);
+                         &jbe(&label("finished"));
+                        &inc($in);
+                        }
+                else
+                        {
+                        &add($ty,       8);
+                         &inc($in);
+                        &cmp($ty,       $in);
+                         &jb(&label("finished"));
+                        &mov(&swtmp(2), $ty);
+                        }
+                }
+        # Moved out
+        # &mov( $tx,            &DWP(0,$d,$x,4)) if $p < 0;
+
+        &add(   &LB($y),        &LB($tx));
+        &mov(   $ty,            &DWP(0,$d,$y,4));
+         # XXX
+        &mov(   &DWP(0,$d,$x,4),$ty);
+         &add(  $ty,            $tx);
+        &mov(   &DWP(0,$d,$y,4),$tx);
+         &and(  $ty,            0xff);
+         &inc(  &LB($x));                       # NEXT ROUND
+        &mov(   $tx,            &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND
+         &mov(  $ty,            &DWP(0,$d,$ty,4));
+
+        if (!$char)
+                {
+                #moved up into last round
+                if ($p >= 1)
+                        {
+                        &add(   $out,   8)
+                        }
+                &movb(  &BP($n,"esp","",0),     &LB($ty));
+                }
+        else
+                {
+                # Note in+=8 has occured
+                &movb(  &HB($ty),       &BP(-1,$in,"",0));
+                 # XXX
+                &xorb(&LB($ty),         &HB($ty));
+                 # XXX
+                &movb(&BP($n,$out,"",0),&LB($ty));
+                }
+        }
+
+
+sub RC4
+        {
+        local($name)=@_;
+
+        &function_begin_B($name,"");
+
+        &mov($ty,&wparam(1));           # len
+        &cmp($ty,0);
+        &jne(&label("proceed"));
+        &ret();
+        &set_label("proceed");
+
+        &comment("");
+
+        &push("ebp");
+         &push("ebx");
+        &push("esi");
+         &xor(  $x,     $x);            # avoid partial register stalls
+        &push("edi");
+         &xor(  $y,     $y);            # avoid partial register stalls
+        &mov(   $d,     &wparam(0));    # key
+         &mov(  $in,    &wparam(2));
+
+        &movb(  &LB($x),        &BP(0,$d,"",1));
+         &movb( &LB($y),        &BP(4,$d,"",1));
+
+        &mov(   $out,   &wparam(3));
+         &inc(  &LB($x));
+
+        &stack_push(3); # 3 temp variables
+         &add(  $d,     8);
+
+        # detect compressed schedule, see commentary section in rc4_skey.c...
+        # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant,
+        # as compressed key schedule is set up in 0.9.8 and later.
+        &cmp(&DWP(256,$d),-1);
+        &je(&label("RC4_CHAR"));
+
+         &lea(  $ty,    &DWP(-8,$ty,$in));
+
+        # check for 0 length input
+
+         &mov(  &swtmp(2),      $ty);   # this is now address to exit at
+        &mov(   $tx,    &DWP(0,$d,$x,4));
+
+         &cmp(  $ty,    $in);
+        &jb(    &label("end")); # less than 8 bytes
+
+        &set_label("start");
+
+        # filling DELAY SLOT
+        &add(   $in,    8);
+
+        &RC4_loop(0,-1,0);
+        &RC4_loop(1,0,0);
+        &RC4_loop(2,0,0);
+        &RC4_loop(3,0,0);
+        &RC4_loop(4,0,0);
+        &RC4_loop(5,0,0);
+        &RC4_loop(6,0,0);
+        &RC4_loop(7,1,0);
+        
+        &comment("apply the cipher text");
+        # xor the cipher data with input
+
+        #&add(  $out,   8); #moved up into last round
+
+        &mov(   $tx,    &swtmp(0));
+         &mov(  $ty,    &DWP(-8,$in,"",0));
+        &xor(   $tx,    $ty);
+         &mov(  $ty,    &DWP(-4,$in,"",0)); 
+        &mov(   &DWP(-8,$out,"",0),     $tx);
+         &mov(  $tx,    &swtmp(1));
+        &xor(   $tx,    $ty);
+         &mov(  $ty,    &swtmp(2));     # load end ptr;
+        &mov(   &DWP(-4,$out,"",0),     $tx);
+         &mov(  $tx,            &DWP(0,$d,$x,4));
+        &cmp($in,       $ty);
+         &jbe(&label("start"));
+
+        &set_label("end");
+
+        # There is quite a bit of extra crap in RC4_loop() for this
+        # first round
+        &RC4_loop(0,-1,1);
+        &RC4_loop(1,0,1);
+        &RC4_loop(2,0,1);
+        &RC4_loop(3,0,1);
+        &RC4_loop(4,0,1);
+        &RC4_loop(5,0,1);
+        &RC4_loop(6,1,1);
+
+        &jmp(&label("finished"));
+
+        &align(16);
+        # this is essentially Intel P4 specific codepath, see rc4_skey.c,
+        # and is engaged in 0.9.8 and later context...
+        &set_label("RC4_CHAR");
+
+        &lea    ($ty,&DWP(0,$in,$ty));
+        &mov    (&swtmp(2),$ty);
+
+        # strangely enough unrolled loop performs over 20% slower...
+        &set_label("RC4_CHAR_loop");
+                &movz   ($tx,&BP(0,$d,$x));
+                &add    (&LB($y),&LB($tx));
+                &movz   ($ty,&BP(0,$d,$y));
+                &movb   (&BP(0,$d,$y),&LB($tx));
+                &movb   (&BP(0,$d,$x),&LB($ty));
+                &add    (&LB($ty),&LB($tx));
+                &movz   ($ty,&BP(0,$d,$ty));
+                &xorb   (&LB($ty),&BP(0,$in));
+                &movb   (&BP(0,$out),&LB($ty));
+                &inc    (&LB($x));
+                &inc    ($in);
+                &inc    ($out);
+                &cmp    ($in,&swtmp(2));
+        &jb     (&label("RC4_CHAR_loop"));
+
+        &set_label("finished");
+        &dec(   $x);
+         &stack_pop(3);
+        &movb(  &BP(-4,$d,"",0),&LB($y));
+         &movb( &BP(-8,$d,"",0),&LB($x));
+
+        &function_end($name);
+        }
+
diff --git a/src/lib/libcrypto/rc4/asm/rc4-amd64.pl b/src/lib/libcrypto/rc4/asm/rc4-amd64.pl
new file mode 100755
index 0000000000..9e0da8af99
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-amd64.pl
@@ -0,0 +1,227 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
+# "hand-coded assembler"] doesn't stand for the whole improvement
+# coefficient. It turned out that eliminating RC4_CHAR from config
+# line results in ~40% improvement (yes, even for C implementation).
+# Presumably it has everything to do with AMD cache architecture and
+# RAW or whatever penalties. Once again! The module *requires* config
+# line *without* RC4_CHAR! As for coding "secret," I bet on partial
+# register arithmetics. For example instead of 'inc %r8; and $255,%r8'
+# I simply 'inc %r8b'. Even though optimization manual discourages
+# to operate on partial registers, it turned out to be the best bet.
+# At least for AMD... How IA32E would perform remains to be seen...
+
+# As was shown by Marc Bevand reordering of couple of load operations
+# results in even higher performance gain of 3.3x:-) At least on
+# Opteron... For reference, 1x in this case is RC4_CHAR C-code
+# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock.
+# Latter means that if you want to *estimate* what to expect from
+# *your* CPU, then multiply 54 by 3.3 and clock frequency in GHz.
+
+# Intel P4 EM64T core was found to run the AMD64 code really slow...
+# The only way to achieve comparable performance on P4 is to keep
+# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to
+# compose blended code, which would perform even within 30% marginal
+# on either AMD and Intel platforms, I implement both cases. See
+# rc4_skey.c for further details... This applies to 0.9.8 and later.
+# In 0.9.7 context RC4_CHAR codepath is never engaged and ~70 bytes
+# of code remain redundant.
+
+$output=shift;
+
+$win64a=1 if ($output =~ /win64a.[s|asm]/);
+
+open STDOUT,">$output" || die "can't open $output: $!";
+
+if (defined($win64a)) {
+    $dat="%rcx";        # arg1
+    $len="%rdx";        # arg2
+    $inp="%rsi";        # r8, arg3 moves here
+    $out="%rdi";        # r9, arg4 moves here
+} else {
+    $dat="%rdi";        # arg1
+    $len="%rsi";        # arg2
+    $inp="%rdx";        # arg3
+    $out="%rcx";        # arg4
+}
+
+$XX="%r10";
+$TX="%r8";
+$YY="%r11";
+$TY="%r9";
+
+sub PTR() {
+    my $ret=shift;
+    if (defined($win64a)) {
+        $ret =~ s/\[([\S]+)\+([\S]+)\]/[$2+$1]/g;   # [%rN+%rM*4]->[%rM*4+%rN]
+        $ret =~ s/:([^\[]+)\[([^\]]+)\]/:[$2+$1]/g; # :off[ea]->:[ea+off]
+    } else {
+        $ret =~ s/[\+\*]/,/g;           # [%rN+%rM*4]->[%rN,%rM,4]
+        $ret =~ s/\[([^\]]+)\]/($1)/g;  # [%rN]->(%rN)
+    }
+    $ret;
+}
+
+$code=<<___ if (!defined($win64a));
+.text
+
+.globl  RC4
+.type   RC4,\@function
+.align  16
+RC4:    or      $len,$len
+        jne     .Lentry
+        repret
+.Lentry:
+___
+$code=<<___ if (defined($win64a));
+_TEXT   SEGMENT
+PUBLIC  RC4
+ALIGN   16
+RC4     PROC
+        or      $len,$len
+        jne     .Lentry
+        repret
+.Lentry:
+        push    %rdi
+        push    %rsi
+        sub     \$40,%rsp
+        mov     %r8,$inp
+        mov     %r9,$out
+___
+$code.=<<___;
+        add     \$8,$dat
+        movl    `&PTR("DWORD:-8[$dat]")`,$XX#d
+        movl    `&PTR("DWORD:-4[$dat]")`,$YY#d
+        cmpl    \$-1,`&PTR("DWORD:256[$dat]")`
+        je      .LRC4_CHAR
+        test    \$-8,$len
+        jz      .Lloop1
+.align  16
+.Lloop8:
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        add     $TX#b,$YY#b
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        add     $TX#b,$TY#b
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        movb    `&PTR("BYTE:[$dat+$TY*4]")`,%al
+___
+for ($i=1;$i<=6;$i++) {
+$code.=<<___;
+        add     $TX#b,$YY#b
+        ror     \$8,%rax
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        add     $TX#b,$TY#b
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        movb    `&PTR("BYTE:[$dat+$TY*4]")`,%al
+___
+}
+$code.=<<___;
+        add     $TX#b,$YY#b
+        ror     \$8,%rax
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        sub     \$8,$len
+        add     $TY#b,$TX#b
+        movb    `&PTR("BYTE:[$dat+$TX*4]")`,%al
+        ror     \$8,%rax
+        add     \$8,$inp
+        add     \$8,$out
+
+        xor     `&PTR("QWORD:-8[$inp]")`,%rax
+        mov     %rax,`&PTR("QWORD:-8[$out]")`
+
+        test    \$-8,$len
+        jnz     .Lloop8
+        cmp     \$0,$len
+        jne     .Lloop1
+.Lexit:
+        movl    $XX#d,`&PTR("DWORD:-8[$dat]")`
+        movl    $YY#d,`&PTR("DWORD:-4[$dat]")`
+___
+$code.=<<___ if (defined($win64a));
+        add     \$40,%rsp
+        pop     %rsi
+        pop     %rdi
+___
+$code.=<<___;
+        repret
+.align  16
+.Lloop1:
+        movzb   `&PTR("BYTE:[$inp]")`,%eax
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        add     $TX#b,$YY#b
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        add     $TY#b,$TX#b
+        movl    `&PTR("DWORD:[$dat+$TX*4]")`,$TY#d
+        xor     $TY,%rax
+        inc     $inp
+        movb    %al,`&PTR("BYTE:[$out]")`
+        inc     $out
+        dec     $len
+        jnz     .Lloop1
+        jmp     .Lexit
+
+.align  16
+.LRC4_CHAR:
+        inc     $XX#b
+        movzb   `&PTR("BYTE:[$dat+$XX]")`,$TX#d
+        add     $TX#b,$YY#b
+        movzb   `&PTR("BYTE:[$dat+$YY]")`,$TY#d
+        movb    $TX#b,`&PTR("BYTE:[$dat+$YY]")`
+        movb    $TY#b,`&PTR("BYTE:[$dat+$XX]")`
+        add     $TX#b,$TY#b
+        movzb   `&PTR("BYTE:[$dat+$TY]")`,$TY#d
+        xorb    `&PTR("BYTE:[$inp]")`,$TY#b
+        movb    $TY#b,`&PTR("BYTE:[$out]")`
+        inc     $inp
+        inc     $out
+        dec     $len
+        jnz     .LRC4_CHAR
+        jmp     .Lexit
+___
+$code.=<<___ if (defined($win64a));
+RC4     ENDP
+_TEXT   ENDS
+END
+___
+$code.=<<___ if (!defined($win64a));
+.size   RC4,.-RC4
+___
+
+$code =~ s/#([bwd])/$1/gm;
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+
+if (defined($win64a)) {
+    $code =~ s/\.align/ALIGN/gm;
+    $code =~ s/[\$%]//gm;
+    $code =~ s/\.L/\$L/gm;
+    $code =~ s/([\w]+)([\s]+)([\S]+),([\S]+)/$1$2$4,$3/gm;
+    $code =~ s/([QD]*WORD|BYTE):/$1 PTR/gm;
+    $code =~ s/mov[bwlq]/mov/gm;
+    $code =~ s/movzb/movzx/gm;
+    $code =~ s/repret/DB\t0F3h,0C3h/gm;
+    $code =~ s/cmpl/cmp/gm;
+    $code =~ s/xorb/xor/gm;
+} else {
+    $code =~ s/([QD]*WORD|BYTE)://gm;
+    $code =~ s/repret/.byte\t0xF3,0xC3/gm;
+}
+print $code;
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h
new file mode 100644
index 0000000000..dd90d9fde0
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4.h
@@ -0,0 +1,95 @@
+/* crypto/rc4/rc4.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC4_H
+#define HEADER_RC4_H
+
+#ifdef OPENSSL_NO_RC4
+#error RC4 is disabled.
+#endif
+
+#include <openssl/opensslconf.h> /* RC4_INT */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc4_key_st
+        {
+        RC4_INT x,y;
+        RC4_INT data[256];
+#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+        /* see crypto/rc4/asm/rc4-ia64.S for further details... */
+        RC4_INT pad[512-256-2];
+#endif
+        } RC4_KEY;
+
+ 
+const char *RC4_options(void);
+#ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+#endif
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+                unsigned char *outdata);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c
new file mode 100644
index 0000000000..81a97ea3b7
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4_enc.c
@@ -0,0 +1,319 @@
+/* crypto/rc4/rc4_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+
+/* RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+             unsigned char *outdata)
+        {
+        register RC4_INT *d;
+        register RC4_INT x,y,tx,ty;
+        int i;
+        
+        x=key->x;     
+        y=key->y;     
+        d=key->data; 
+#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+        /* see crypto/rc4/asm/rc4-ia64.S for further details... */
+        d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
+#endif
+
+#if defined(RC4_CHUNK)
+        /*
+         * The original reason for implementing this(*) was the fact that
+         * pre-21164a Alpha CPUs don't have byte load/store instructions
+         * and e.g. a byte store has to be done with 64-bit load, shift,
+         * and, or and finally 64-bit store. Peaking data and operating
+         * at natural word size made it possible to reduce amount of
+         * instructions as well as to perform early read-ahead without
+         * suffering from RAW (read-after-write) hazard. This resulted
+         * in ~40%(**) performance improvement on 21064 box with gcc.
+         * But it's not only Alpha users who win here:-) Thanks to the
+         * early-n-wide read-ahead this implementation also exhibits
+         * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
+         * on sizeof(RC4_INT)).
+         *
+         * (*)  "this" means code which recognizes the case when input
+         *      and output pointers appear to be aligned at natural CPU
+         *      word boundary
+         * (**) i.e. according to 'apps/openssl speed rc4' benchmark,
+         *      crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
+         *
+         * Cavets.
+         *
+         * - RC4_CHUNK="unsigned long long" should be a #1 choice for
+         *   UltraSPARC. Unfortunately gcc generates very slow code
+         *   (2.5-3 times slower than one generated by Sun's WorkShop
+         *   C) and therefore gcc (at least 2.95 and earlier) should
+         *   always be told that RC4_CHUNK="unsigned long".
+         *
+         *                                      <appro@fy.chalmers.se>
+         */
+
+# define RC4_STEP       ( \
+                        x=(x+1) &0xff,  \
+                        tx=d[x],        \
+                        y=(tx+y)&0xff,  \
+                        ty=d[y],        \
+                        d[y]=tx,        \
+                        d[x]=ty,        \
+                        (RC4_CHUNK)d[(tx+ty)&0xff]\
+                        )
+
+        if ( ( ((unsigned long)indata  & (sizeof(RC4_CHUNK)-1)) | 
+               ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
+                {
+                RC4_CHUNK ichunk,otp;
+                const union { long one; char little; } is_endian = {1};
+
+                /*
+                 * I reckon we can afford to implement both endian
+                 * cases and to decide which way to take at run-time
+                 * because the machine code appears to be very compact
+                 * and redundant 1-2KB is perfectly tolerable (i.e.
+                 * in case the compiler fails to eliminate it:-). By
+                 * suggestion from Terrel Larson <terr@terralogic.net>
+                 * who also stands for the is_endian union:-)
+                 *
+                 * Special notes.
+                 *
+                 * - is_endian is declared automatic as doing otherwise
+                 *   (declaring static) prevents gcc from eliminating
+                 *   the redundant code;
+                 * - compilers (those I've tried) don't seem to have
+                 *   problems eliminating either the operators guarded
+                 *   by "if (sizeof(RC4_CHUNK)==8)" or the condition
+                 *   expressions themselves so I've got 'em to replace
+                 *   corresponding #ifdefs from the previous version;
+                 * - I chose to let the redundant switch cases when
+                 *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
+                 *   before);
+                 * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
+                 *   [LB]ESHFT guards against "shift is out of range"
+                 *   warnings when sizeof(RC4_CHUNK)!=8 
+                 *
+                 *                      <appro@fy.chalmers.se>
+                 */
+                if (!is_endian.little)
+                        {       /* BIG-ENDIAN CASE */
+# define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
+                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
+                                {
+                                ichunk  = *(RC4_CHUNK *)indata;
+                                otp  = RC4_STEP<<BESHFT(0);
+                                otp |= RC4_STEP<<BESHFT(1);
+                                otp |= RC4_STEP<<BESHFT(2);
+                                otp |= RC4_STEP<<BESHFT(3);
+                                if (sizeof(RC4_CHUNK)==8)
+                                        {
+                                        otp |= RC4_STEP<<BESHFT(4);
+                                        otp |= RC4_STEP<<BESHFT(5);
+                                        otp |= RC4_STEP<<BESHFT(6);
+                                        otp |= RC4_STEP<<BESHFT(7);
+                                        }
+                                *(RC4_CHUNK *)outdata = otp^ichunk;
+                                indata  += sizeof(RC4_CHUNK);
+                                outdata += sizeof(RC4_CHUNK);
+                                }
+                        if (len)
+                                {
+                                RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
+
+                                ichunk = *(RC4_CHUNK *)indata;
+                                ochunk = *(RC4_CHUNK *)outdata;
+                                otp = 0;
+                                i = BESHFT(0);
+                                mask <<= (sizeof(RC4_CHUNK)-len)<<3;
+                                switch (len&(sizeof(RC4_CHUNK)-1))
+                                        {
+                                        case 7: otp  = RC4_STEP<<i, i-=8;
+                                        case 6: otp |= RC4_STEP<<i, i-=8;
+                                        case 5: otp |= RC4_STEP<<i, i-=8;
+                                        case 4: otp |= RC4_STEP<<i, i-=8;
+                                        case 3: otp |= RC4_STEP<<i, i-=8;
+                                        case 2: otp |= RC4_STEP<<i, i-=8;
+                                        case 1: otp |= RC4_STEP<<i, i-=8;
+                                        case 0: ; /*
+                                                   * it's never the case,
+                                                   * but it has to be here
+                                                   * for ultrix?
+                                                   */
+                                        }
+                                ochunk &= ~mask;
+                                ochunk |= (otp^ichunk) & mask;
+                                *(RC4_CHUNK *)outdata = ochunk;
+                                }
+                        key->x=x;     
+                        key->y=y;
+                        return;
+                        }
+                else
+                        {       /* LITTLE-ENDIAN CASE */
+# define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
+                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
+                                {
+                                ichunk  = *(RC4_CHUNK *)indata;
+                                otp  = RC4_STEP;
+                                otp |= RC4_STEP<<8;
+                                otp |= RC4_STEP<<16;
+                                otp |= RC4_STEP<<24;
+                                if (sizeof(RC4_CHUNK)==8)
+                                        {
+                                        otp |= RC4_STEP<<LESHFT(4);
+                                        otp |= RC4_STEP<<LESHFT(5);
+                                        otp |= RC4_STEP<<LESHFT(6);
+                                        otp |= RC4_STEP<<LESHFT(7);
+                                        }
+                                *(RC4_CHUNK *)outdata = otp^ichunk;
+                                indata  += sizeof(RC4_CHUNK);
+                                outdata += sizeof(RC4_CHUNK);
+                                }
+                        if (len)
+                                {
+                                RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
+
+                                ichunk = *(RC4_CHUNK *)indata;
+                                ochunk = *(RC4_CHUNK *)outdata;
+                                otp = 0;
+                                i   = 0;
+                                mask >>= (sizeof(RC4_CHUNK)-len)<<3;
+                                switch (len&(sizeof(RC4_CHUNK)-1))
+                                        {
+                                        case 7: otp  = RC4_STEP,    i+=8;
+                                        case 6: otp |= RC4_STEP<<i, i+=8;
+                                        case 5: otp |= RC4_STEP<<i, i+=8;
+                                        case 4: otp |= RC4_STEP<<i, i+=8;
+                                        case 3: otp |= RC4_STEP<<i, i+=8;
+                                        case 2: otp |= RC4_STEP<<i, i+=8;
+                                        case 1: otp |= RC4_STEP<<i, i+=8;
+                                        case 0: ; /*
+                                                   * it's never the case,
+                                                   * but it has to be here
+                                                   * for ultrix?
+                                                   */
+                                        }
+                                ochunk &= ~mask;
+                                ochunk |= (otp^ichunk) & mask;
+                                *(RC4_CHUNK *)outdata = ochunk;
+                                }
+                        key->x=x;     
+                        key->y=y;
+                        return;
+                        }
+                }
+#endif
+#define LOOP(in,out) \
+                x=((x+1)&0xff); \
+                tx=d[x]; \
+                y=(tx+y)&0xff; \
+                d[x]=ty=d[y]; \
+                d[y]=tx; \
+                (out) = d[(tx+ty)&0xff]^ (in);
+
+#ifndef RC4_INDEX
+#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
+#else
+#define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
+#endif
+
+        i=(int)(len>>3L);
+        if (i)
+                {
+                for (;;)
+                        {
+                        RC4_LOOP(indata,outdata,0);
+                        RC4_LOOP(indata,outdata,1);
+                        RC4_LOOP(indata,outdata,2);
+                        RC4_LOOP(indata,outdata,3);
+                        RC4_LOOP(indata,outdata,4);
+                        RC4_LOOP(indata,outdata,5);
+                        RC4_LOOP(indata,outdata,6);
+                        RC4_LOOP(indata,outdata,7);
+#ifdef RC4_INDEX
+                        indata+=8;
+                        outdata+=8;
+#endif
+                        if (--i == 0) break;
+                        }
+                }
+        i=(int)len&0x07;
+        if (i)
+                {
+                for (;;)
+                        {
+                        RC4_LOOP(indata,outdata,0); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,1); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,2); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,3); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,4); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,5); if (--i == 0) break;
+                        RC4_LOOP(indata,outdata,6); if (--i == 0) break;
+                        }
+                }               
+        key->x=x;     
+        key->y=y;
+        }
diff --git a/src/lib/libcrypto/rc4/rc4_locl.h b/src/lib/libcrypto/rc4/rc4_locl.h
new file mode 100644
index 0000000000..c712e1632e
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4_locl.h
@@ -0,0 +1,5 @@
+#ifndef HEADER_RC4_LOCL_H
+#define HEADER_RC4_LOCL_H
+#include <openssl/opensslconf.h>
+#include <cryptlib.h>
+#endif
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c
new file mode 100644
index 0000000000..07234f061a
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4_skey.c
@@ -0,0 +1,123 @@
+/* crypto/rc4/rc4_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc4.h>
+#include <openssl/crypto.h>
+#include "rc4_locl.h"
+#include <openssl/opensslv.h>
+
+const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT;
+
+const char *RC4_options(void)
+        {
+#ifdef RC4_INDEX
+        if (sizeof(RC4_INT) == 1)
+                return("rc4(idx,char)");
+        else
+                return("rc4(idx,int)");
+#else
+        if (sizeof(RC4_INT) == 1)
+                return("rc4(ptr,char)");
+        else
+                return("rc4(ptr,int)");
+#endif
+        }
+
+/* RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark@netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+FIPS_NON_FIPS_VCIPHER_Init(RC4)
+        {
+        register RC4_INT tmp;
+        register int id1,id2;
+        register RC4_INT *d;
+        unsigned int i;
+        
+        d= &(key->data[0]);
+#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+        /* see crypto/rc4/asm/rc4-ia64.S for further details... */
+        d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
+#endif
+
+        for (i=0; i<256; i++)
+                d[i]=i;
+        key->x = 0;     
+        key->y = 0;     
+        id1=id2=0;     
+
+#define SK_LOOP(n) { \
+                tmp=d[(n)]; \
+                id2 = (data[id1] + tmp + id2) & 0xff; \
+                if (++id1 == len) id1=0; \
+                d[(n)]=d[id2]; \
+                d[id2]=tmp; }
+
+        for (i=0; i < 256; i+=4)
+                {
+                SK_LOOP(i+0);
+                SK_LOOP(i+1);
+                SK_LOOP(i+2);
+                SK_LOOP(i+3);
+                }
+        }
+    
diff --git a/src/lib/libcrypto/rc5/Makefile.ssl b/src/lib/libcrypto/rc5/Makefile.ssl
new file mode 100644
index 0000000000..3f9632f8f7
--- /dev/null
+++ b/src/lib/libcrypto/rc5/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/rc5/Makefile
+#
+
+DIR=    rc5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RC5_ENC=                rc5_enc.o
+# or use
+#DES_ENC=       r586-elf.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rc5.h
+HEADER= rc5_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s)
+
+# a.out
+asm/r586-out.o: asm/r586unix.cpp
+        $(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+
+# bsdi
+asm/r586bsdi.o: asm/r586unix.cpp
+        $(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
+
+asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+rc5_ecb.o: rc5_ecb.c rc5_locl.h
+rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c
+rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c
+rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c
diff --git a/src/lib/libcrypto/ripemd/Makefile.ssl b/src/lib/libcrypto/ripemd/Makefile.ssl
new file mode 100644
index 0000000000..f22ac790ae
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/ripemd/Makefile
+#
+
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+RIP_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s)
+
+# a.out
+asm/rm86-out.o: asm/rm86unix.cpp
+        $(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+
+# bsdi
+asm/rm86bsdi.o: asm/rm86unix.cpp
+        $(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
+
+asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rmd_one.o: rmd_one.c
diff --git a/src/lib/libcrypto/ripemd/README b/src/lib/libcrypto/ripemd/README
new file mode 100644
index 0000000000..f1ffc8b134
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/README
@@ -0,0 +1,15 @@
+RIPEMD-160
+http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+
+This is my implementation of RIPEMD-160.  The pentium assember is a little
+off the pace since I only get 1050 cycles, while the best is 1013.
+I have a few ideas for how to get another 20 or so cycles, but at
+this point I will not bother right now.  I believe the trick will be
+to remove my 'copy X array onto stack' until inside the RIP1() finctions the
+first time round.  To do this I need another register and will only have one
+temporary one.  A bit tricky....  I can also cleanup the saving of the 5 words
+after the first half of the calculation.  I should read the origional
+value, add then write.  Currently I just save the new and read the origioal.
+I then read both at the end.  Bad.
+
+eric (20-Jan-1998)
diff --git a/src/lib/libcrypto/ripemd/asm/rmd-586.pl b/src/lib/libcrypto/ripemd/asm/rmd-586.pl
new file mode 100644
index 0000000000..0ab6f76bff
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/asm/rmd-586.pl
@@ -0,0 +1,590 @@
+#!/usr/local/bin/perl
+
+# Normal is the
+# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
+
+$normal=0;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$A="ecx";
+$B="esi";
+$C="edi";
+$D="ebx";
+$E="ebp";
+$tmp1="eax";
+$tmp2="edx";
+
+$KL1=0x5A827999;
+$KL2=0x6ED9EBA1;
+$KL3=0x8F1BBCDC;
+$KL4=0xA953FD4E;
+$KR0=0x50A28BE6;
+$KR1=0x5C4DD124; 
+$KR2=0x6D703EF3;
+$KR3=0x7A6D76E9;
+
+
+@wl=(    0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,
+         7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8,
+         3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12,
+         1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2,
+         4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13,
+         );
+
+@wr=(    5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12,
+         6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2,
+        15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13,
+         8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14,
+        12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11,
+        );
+
+@sl=(   11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8,
+         7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12,
+        11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5,
+        11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12,
+         9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6,
+         );
+
+@sr=(    8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6,
+         9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11,
+         9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5,
+        15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8,
+         8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
+        );
+
+&ripemd160_block("ripemd160_block_asm_host_order");
+&asm_finish();
+
+sub Xv
+        {
+        local($n)=@_;
+        return(&swtmp($n));
+        # tmp on stack
+        }
+
+sub Np
+        {
+        local($p)=@_;
+        local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D);
+        return($n{$p});
+        }
+
+sub RIP1
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_;
+
+        &comment($p++);
+        if ($p & 1)
+                {
+         #&mov($tmp1,   $c) if $o == -1;
+        &xor($tmp1,     $d) if $o == -1;
+         &mov($tmp2,    &Xv($pos));
+        &xor($tmp1,     $b);
+         &add($a,       $tmp2);
+        &rotl($c,       10);
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($c));       # NEXT
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &xor($tmp1,    $d);
+        &mov($tmp2,     &Xv($pos));
+         &xor($tmp1,    $b);
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($c)) if $o <= 0;
+         &mov($tmp1,    -1) if $o == 1;
+         # XXX if $o == 2;
+        &rotl($c,       10);
+        &add($a,        $tmp2);
+         &xor($tmp1,    &Np($d)) if $o <= 0;
+         &mov($tmp2,    &Xv($pos2)) if $o == 1;
+         &mov($tmp2,    &wparam(0)) if $o == 2;
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+
+sub RIP2
+        {
+        local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_;
+
+# XXXXXX
+        &comment($p++);
+        if ($p & 1)
+                {
+#        &mov($tmp2,    &Xv($pos)) if $o < -1;
+#       &mov($tmp1,     -1) if $o < -1;
+
+         &add($a,       $tmp2);
+        &mov($tmp2,     $c);
+         &sub($tmp1,    $b);
+        &and($tmp2,     $b);
+         &and($tmp1,    $d);
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX
+         # XXX
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &mov($tmp2,    -1) if $o <= 0;
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         # XXX
+         &add($a,       $tmp1);
+        &mov($tmp1,     $c);
+         &sub($tmp2,    $b);
+        &and($tmp1,     $b);
+         &and($tmp2,    $d);
+        if ($o != 2)
+                {
+        &or($tmp1,      $tmp2);
+         &mov($tmp2,    &Xv($pos2)) if $o <= 0;
+         &mov($tmp2,    -1) if $o == 1;
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp1,1));
+         &mov($tmp1,    -1) if $o <= 0;
+         &sub($tmp2,    &Np($c)) if $o == 1;
+                } else {
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Np($c));
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &xor($tmp1,    &Np($d));
+                }
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+
+sub RIP3
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_;
+
+        &comment($p++);
+        if ($p & 1)
+                {
+#        &mov($tmp2,    -1) if $o < -1;
+#       &sub($tmp2,     $c) if $o < -1;
+         &mov($tmp1,    &Xv($pos));
+        &or($tmp2,      $b);
+         &add($a,       $tmp1);
+        &xor($tmp2,     $d);
+         &mov($tmp1,    -1) if $o <= 0;         # NEXT
+         # XXX
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &sub($tmp1,    &Np($c)) if $o <= 0;    # NEXT
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &mov($tmp2,    &Xv($pos));
+        &or($tmp1,      $b);
+         &add($a,       $tmp2);
+        &xor($tmp1,     $d);
+         &mov($tmp2,    -1) if $o <= 0;         # NEXT
+         &mov($tmp2,    -1) if $o == 1;
+         &mov($tmp2,    &Xv($pos2)) if $o == 2;
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp1,1));
+         &sub($tmp2,    &Np($c)) if $o <= 0;    # NEXT
+         &mov($tmp1,    &Np($d)) if $o == 1;
+         &mov($tmp1,    -1) if $o == 2;
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+
+sub RIP4
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+        &comment($p++);
+        if ($p & 1)
+                {
+#        &mov($tmp2,    -1) if $o == -2;
+#       &mov($tmp1,     $d) if $o == -2;
+         &sub($tmp2,    $d);
+        &and($tmp1,     $b);
+         &and($tmp2,    $c);
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Xv($pos));
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2));
+         &mov($tmp2,    -1) unless $o > 0;      # NEXT
+         # XXX
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($d)) unless $o > 0; # NEXT
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &sub($tmp2,    $d);
+        &and($tmp1,     $b);
+         &and($tmp2,    $c);
+        &or($tmp2,      $tmp1);
+         &mov($tmp1,    &Xv($pos));
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2));
+         &mov($tmp2,    -1) if $o == 0; # NEXT
+         &mov($tmp2,    -1) if $o == 1;
+         &mov($tmp2,    -1) if $o == 2;
+         # XXX
+        &add($a,        $tmp1);
+         &mov($tmp1,    &Np($d)) if $o == 0;    # NEXT
+         &sub($tmp2,    &Np($d)) if $o == 1;
+         &sub($tmp2,    &Np($c)) if $o == 2;
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+
+sub RIP5
+        {
+        local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_;
+
+        &comment($p++);
+        if ($p & 1)
+                {
+         &mov($tmp2,    -1) if $o == -2;
+        &sub($tmp2,     $d) if $o == -2;
+         &mov($tmp1,    &Xv($pos));
+        &or($tmp2,      $c);
+         &add($a,       $tmp1);
+        &xor($tmp2,     $b);
+         &mov($tmp1,    -1) if $o <= 0;
+         # XXX
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp2,1));
+         &sub($tmp1,    &Np($d)) if $o <= 0;
+         # XXX
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        else
+                {
+         &mov($tmp2,    &Xv($pos));
+        &or($tmp1,      $c);
+         &add($a,       $tmp2);
+        &xor($tmp1,     $b);
+         &mov($tmp2,    -1) if $o <= 0;
+         &mov($tmp2,    &wparam(0)) if $o == 1; # Middle code
+         &mov($tmp2,    -1) if $o == 2;
+        &rotl($c,       10);
+        &lea($a,        &DWP($K,$a,$tmp1,1));
+         &sub($tmp2,    &Np($d)) if $o <= 0;
+         &mov(&swtmp(16),       $A) if $o == 1;
+         &mov($tmp1,    &Np($d)) if $o == 2;
+        &rotl($a,       $s);
+        &add($a,        $e);
+                }
+        }
+
+sub ripemd160_block
+        {
+        local($name)=@_;
+
+        &function_begin_B($name,"",3);
+
+        # parameter 1 is the RIPEMD160_CTX structure.
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+        # E     16
+
+        &mov($tmp2,     &wparam(0));
+         &mov($tmp1,    &wparam(1));
+        &push("esi");
+         &mov($A,       &DWP( 0,$tmp2,"",0));
+        &push("edi");
+         &mov($B,       &DWP( 4,$tmp2,"",0));
+        &push("ebp");
+         &mov($C,       &DWP( 8,$tmp2,"",0));
+        &push("ebx");
+         &stack_push(16+5+6);
+                          # Special comment about the figure of 6.
+                          # Idea is to pad the current frame so
+                          # that the top of the stack gets fairly
+                          # aligned. Well, as you realize it would
+                          # always depend on how the frame below is
+                          # aligned. The good news are that gcc-2.95
+                          # and later does keep first argument at
+                          # least double-wise aligned.
+                          #                     <appro@fy.chalmers.se>
+
+        &set_label("start") unless $normal;
+        &comment("");
+
+        # &mov($tmp1,   &wparam(1)); # Done at end of loop
+        # &mov($tmp2,   &wparam(0)); # Done at end of loop
+
+        for ($z=0; $z<16; $z+=2)
+                {
+                &mov($D,                &DWP( $z*4,$tmp1,"",0));
+                 &mov($E,               &DWP( ($z+1)*4,$tmp1,"",0));
+                &mov(&swtmp($z),        $D);
+                 &mov(&swtmp($z+1),     $E);
+                }
+        &mov($tmp1,     $C);
+         &mov($D,       &DWP(12,$tmp2,"",0));
+        &mov($E,        &DWP(16,$tmp2,"",0));
+
+        &RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1);
+        &RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0);
+        &RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0);
+        &RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0);
+        &RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0);
+        &RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0);
+        &RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0);
+        &RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0);
+        &RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0);
+        &RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0);
+        &RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0);
+        &RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0);
+        &RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0);
+        &RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0);
+        &RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0);
+        &RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]);
+
+        &RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1);
+        &RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0);
+        &RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0);
+        &RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0);
+        &RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0);
+        &RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0);
+        &RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0);
+        &RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0);
+        &RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0);
+        &RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0);
+        &RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0);
+        &RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0);
+        &RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0);
+        &RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0);
+        &RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0);
+        &RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1);
+
+        &RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1);
+        &RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0);
+        &RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0);
+        &RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0);
+        &RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0);
+        &RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0);
+        &RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0);
+        &RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0);
+        &RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0);
+        &RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0);
+        &RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0);
+        &RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0);
+        &RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0);
+        &RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0);
+        &RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0);
+        &RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1);
+
+        &RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1);
+        &RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0);
+        &RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0);
+        &RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0);
+        &RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0);
+        &RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0);
+        &RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0);
+        &RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0);
+        &RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0);
+        &RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0);
+        &RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0);
+        &RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0);
+        &RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0);
+        &RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0);
+        &RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0);
+        &RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1);
+
+        &RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1);
+        &RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0);
+        &RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0);
+        &RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0);
+        &RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0);
+        &RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0);
+        &RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0);
+        &RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0);
+        &RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0);
+        &RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0);
+        &RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0);
+        &RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0);
+        &RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0);
+        &RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0);
+        &RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0);
+        &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
+
+        # &mov($tmp2,   &wparam(0)); # moved into last RIP5
+        # &mov(&swtmp(16),      $A);
+         &mov($A,       &DWP( 0,$tmp2,"",0));
+        &mov(&swtmp(16+1),      $B);
+         &mov(&swtmp(16+2),     $C);
+        &mov($B,        &DWP( 4,$tmp2,"",0));
+         &mov(&swtmp(16+3),     $D);
+        &mov($C,        &DWP( 8,$tmp2,"",0));
+         &mov(&swtmp(16+4),     $E);
+        &mov($D,        &DWP(12,$tmp2,"",0));
+         &mov($E,       &DWP(16,$tmp2,"",0));
+
+        &RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2);
+        &RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0);
+        &RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0);
+        &RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0);
+        &RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0);
+        &RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0);
+        &RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0);
+        &RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0);
+        &RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0);
+        &RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0);
+        &RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0);
+        &RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0);
+        &RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0);
+        &RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0);
+        &RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0);
+        &RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2);
+
+        &RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2);
+        &RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0);
+        &RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0);
+        &RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0);
+        &RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0);
+        &RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0);
+        &RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0);
+        &RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0);
+        &RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0);
+        &RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0);
+        &RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0);
+        &RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0);
+        &RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0);
+        &RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0);
+        &RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0);
+        &RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2);
+
+        &RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2);
+        &RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0);
+        &RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0);
+        &RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0);
+        &RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0);
+        &RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0);
+        &RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0);
+        &RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0);
+        &RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0);
+        &RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0);
+        &RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0);
+        &RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0);
+        &RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0);
+        &RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0);
+        &RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0);
+        &RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]);
+
+        &RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2);
+        &RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0);
+        &RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0);
+        &RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0);
+        &RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0);
+        &RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0);
+        &RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0);
+        &RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0);
+        &RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0);
+        &RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0);
+        &RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0);
+        &RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0);
+        &RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0);
+        &RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0);
+        &RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0);
+        &RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2);
+
+        &RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2);
+        &RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0);
+        &RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0);
+        &RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0);
+        &RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0);
+        &RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0);
+        &RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0);
+        &RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0);
+        &RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0);
+        &RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0);
+        &RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0);
+        &RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0);
+        &RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0);
+        &RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0);
+        &RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0);
+        &RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2);
+
+        # &mov($tmp2,   &wparam(0)); # Moved into last round
+
+         &mov($tmp1,    &DWP( 4,$tmp2,"",0));   # ctx->B
+        &add($D,        $tmp1); 
+         &mov($tmp1,    &swtmp(16+2));          # $c
+        &add($D,        $tmp1);
+
+         &mov($tmp1,    &DWP( 8,$tmp2,"",0));   # ctx->C
+        &add($E,        $tmp1); 
+         &mov($tmp1,    &swtmp(16+3));          # $d
+        &add($E,        $tmp1);
+
+         &mov($tmp1,    &DWP(12,$tmp2,"",0));   # ctx->D
+        &add($A,        $tmp1); 
+         &mov($tmp1,    &swtmp(16+4));          # $e
+        &add($A,        $tmp1);
+
+
+         &mov($tmp1,    &DWP(16,$tmp2,"",0));   # ctx->E
+        &add($B,        $tmp1); 
+         &mov($tmp1,    &swtmp(16+0));          # $a
+        &add($B,        $tmp1);
+
+         &mov($tmp1,    &DWP( 0,$tmp2,"",0));   # ctx->A
+        &add($C,        $tmp1); 
+         &mov($tmp1,    &swtmp(16+1));          # $b
+        &add($C,        $tmp1);
+
+         &mov($tmp1,    &wparam(2));
+
+        &mov(&DWP( 0,$tmp2,"",0),       $D);
+         &mov(&DWP( 4,$tmp2,"",0),      $E);
+        &mov(&DWP( 8,$tmp2,"",0),       $A);
+         &sub($tmp1,1);
+        &mov(&DWP(12,$tmp2,"",0),       $B);
+         &mov(&DWP(16,$tmp2,"",0),      $C);
+
+        &jle(&label("get_out"));
+
+        &mov(&wparam(2),$tmp1);
+         &mov($C,       $A);
+        &mov($tmp1,     &wparam(1));
+         &mov($A,       $D);
+        &add($tmp1,     64);
+         &mov($B,       $E);
+        &mov(&wparam(1),$tmp1);
+
+        &jmp(&label("start"));
+
+        &set_label("get_out");
+
+        &stack_pop(16+5+6);
+
+        &pop("ebx");
+        &pop("ebp");
+        &pop("edi");
+        &pop("esi");
+        &ret();
+        &function_end_B($name);
+        }
+
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h
new file mode 100644
index 0000000000..7d0d998189
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/ripemd.h
@@ -0,0 +1,106 @@
+/* crypto/ripemd/ripemd.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RIPEMD_H
+#define HEADER_RIPEMD_H
+
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_NO_RIPEMD
+#error RIPEMD is disabled.
+#endif
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define RIPEMD160_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define RIPEMD160_LONG unsigned long
+#define RIPEMD160_LONG_LOG2 3
+#else
+#define RIPEMD160_LONG unsigned int
+#endif
+
+#define RIPEMD160_CBLOCK        64
+#define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
+#define RIPEMD160_DIGEST_LENGTH 20
+
+typedef struct RIPEMD160state_st
+        {
+        RIPEMD160_LONG A,B,C,D,E;
+        RIPEMD160_LONG Nl,Nh;
+        RIPEMD160_LONG data[RIPEMD160_LBLOCK];
+        int num;
+        } RIPEMD160_CTX;
+
+#ifdef OPENSSL_FIPS
+int private_RIPEMD160_Init(RIPEMD160_CTX *c);
+#endif
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+        unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c
new file mode 100644
index 0000000000..58ff010d11
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmd_dgst.c
@@ -0,0 +1,495 @@
+/* crypto/ripemd/rmd_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "rmd_locl.h"
+#include <openssl/fips.h>
+#include <openssl/opensslv.h>
+
+const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
+
+#  ifdef RMD160_ASM
+     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num);
+#    define ripemd160_block ripemd160_block_x86
+#  else
+     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
+#  endif
+
+FIPS_NON_FIPS_MD_Init(RIPEMD160)
+        {
+        c->A=RIPEMD160_A;
+        c->B=RIPEMD160_B;
+        c->C=RIPEMD160_C;
+        c->D=RIPEMD160_D;
+        c->E=RIPEMD160_E;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        return 1;
+        }
+
+#ifndef ripemd160_block_host_order
+#ifdef X
+#undef X
+#endif
+#define X(i)    XX[i]
+void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num)
+        {
+        const RIPEMD160_LONG *XX=p;
+        register volatile unsigned MD32_REG_T A,B,C,D,E;
+        register unsigned MD32_REG_T a,b,c,d,e;
+
+        for (;num--;XX+=HASH_LBLOCK)
+                {
+
+        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+        RIP1(A,B,C,D,E,WL00,SL00);
+        RIP1(E,A,B,C,D,WL01,SL01);
+        RIP1(D,E,A,B,C,WL02,SL02);
+        RIP1(C,D,E,A,B,WL03,SL03);
+        RIP1(B,C,D,E,A,WL04,SL04);
+        RIP1(A,B,C,D,E,WL05,SL05);
+        RIP1(E,A,B,C,D,WL06,SL06);
+        RIP1(D,E,A,B,C,WL07,SL07);
+        RIP1(C,D,E,A,B,WL08,SL08);
+        RIP1(B,C,D,E,A,WL09,SL09);
+        RIP1(A,B,C,D,E,WL10,SL10);
+        RIP1(E,A,B,C,D,WL11,SL11);
+        RIP1(D,E,A,B,C,WL12,SL12);
+        RIP1(C,D,E,A,B,WL13,SL13);
+        RIP1(B,C,D,E,A,WL14,SL14);
+        RIP1(A,B,C,D,E,WL15,SL15);
+
+        RIP2(E,A,B,C,D,WL16,SL16,KL1);
+        RIP2(D,E,A,B,C,WL17,SL17,KL1);
+        RIP2(C,D,E,A,B,WL18,SL18,KL1);
+        RIP2(B,C,D,E,A,WL19,SL19,KL1);
+        RIP2(A,B,C,D,E,WL20,SL20,KL1);
+        RIP2(E,A,B,C,D,WL21,SL21,KL1);
+        RIP2(D,E,A,B,C,WL22,SL22,KL1);
+        RIP2(C,D,E,A,B,WL23,SL23,KL1);
+        RIP2(B,C,D,E,A,WL24,SL24,KL1);
+        RIP2(A,B,C,D,E,WL25,SL25,KL1);
+        RIP2(E,A,B,C,D,WL26,SL26,KL1);
+        RIP2(D,E,A,B,C,WL27,SL27,KL1);
+        RIP2(C,D,E,A,B,WL28,SL28,KL1);
+        RIP2(B,C,D,E,A,WL29,SL29,KL1);
+        RIP2(A,B,C,D,E,WL30,SL30,KL1);
+        RIP2(E,A,B,C,D,WL31,SL31,KL1);
+
+        RIP3(D,E,A,B,C,WL32,SL32,KL2);
+        RIP3(C,D,E,A,B,WL33,SL33,KL2);
+        RIP3(B,C,D,E,A,WL34,SL34,KL2);
+        RIP3(A,B,C,D,E,WL35,SL35,KL2);
+        RIP3(E,A,B,C,D,WL36,SL36,KL2);
+        RIP3(D,E,A,B,C,WL37,SL37,KL2);
+        RIP3(C,D,E,A,B,WL38,SL38,KL2);
+        RIP3(B,C,D,E,A,WL39,SL39,KL2);
+        RIP3(A,B,C,D,E,WL40,SL40,KL2);
+        RIP3(E,A,B,C,D,WL41,SL41,KL2);
+        RIP3(D,E,A,B,C,WL42,SL42,KL2);
+        RIP3(C,D,E,A,B,WL43,SL43,KL2);
+        RIP3(B,C,D,E,A,WL44,SL44,KL2);
+        RIP3(A,B,C,D,E,WL45,SL45,KL2);
+        RIP3(E,A,B,C,D,WL46,SL46,KL2);
+        RIP3(D,E,A,B,C,WL47,SL47,KL2);
+
+        RIP4(C,D,E,A,B,WL48,SL48,KL3);
+        RIP4(B,C,D,E,A,WL49,SL49,KL3);
+        RIP4(A,B,C,D,E,WL50,SL50,KL3);
+        RIP4(E,A,B,C,D,WL51,SL51,KL3);
+        RIP4(D,E,A,B,C,WL52,SL52,KL3);
+        RIP4(C,D,E,A,B,WL53,SL53,KL3);
+        RIP4(B,C,D,E,A,WL54,SL54,KL3);
+        RIP4(A,B,C,D,E,WL55,SL55,KL3);
+        RIP4(E,A,B,C,D,WL56,SL56,KL3);
+        RIP4(D,E,A,B,C,WL57,SL57,KL3);
+        RIP4(C,D,E,A,B,WL58,SL58,KL3);
+        RIP4(B,C,D,E,A,WL59,SL59,KL3);
+        RIP4(A,B,C,D,E,WL60,SL60,KL3);
+        RIP4(E,A,B,C,D,WL61,SL61,KL3);
+        RIP4(D,E,A,B,C,WL62,SL62,KL3);
+        RIP4(C,D,E,A,B,WL63,SL63,KL3);
+
+        RIP5(B,C,D,E,A,WL64,SL64,KL4);
+        RIP5(A,B,C,D,E,WL65,SL65,KL4);
+        RIP5(E,A,B,C,D,WL66,SL66,KL4);
+        RIP5(D,E,A,B,C,WL67,SL67,KL4);
+        RIP5(C,D,E,A,B,WL68,SL68,KL4);
+        RIP5(B,C,D,E,A,WL69,SL69,KL4);
+        RIP5(A,B,C,D,E,WL70,SL70,KL4);
+        RIP5(E,A,B,C,D,WL71,SL71,KL4);
+        RIP5(D,E,A,B,C,WL72,SL72,KL4);
+        RIP5(C,D,E,A,B,WL73,SL73,KL4);
+        RIP5(B,C,D,E,A,WL74,SL74,KL4);
+        RIP5(A,B,C,D,E,WL75,SL75,KL4);
+        RIP5(E,A,B,C,D,WL76,SL76,KL4);
+        RIP5(D,E,A,B,C,WL77,SL77,KL4);
+        RIP5(C,D,E,A,B,WL78,SL78,KL4);
+        RIP5(B,C,D,E,A,WL79,SL79,KL4);
+
+        a=A; b=B; c=C; d=D; e=E;
+        /* Do other half */
+        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+        RIP5(A,B,C,D,E,WR00,SR00,KR0);
+        RIP5(E,A,B,C,D,WR01,SR01,KR0);
+        RIP5(D,E,A,B,C,WR02,SR02,KR0);
+        RIP5(C,D,E,A,B,WR03,SR03,KR0);
+        RIP5(B,C,D,E,A,WR04,SR04,KR0);
+        RIP5(A,B,C,D,E,WR05,SR05,KR0);
+        RIP5(E,A,B,C,D,WR06,SR06,KR0);
+        RIP5(D,E,A,B,C,WR07,SR07,KR0);
+        RIP5(C,D,E,A,B,WR08,SR08,KR0);
+        RIP5(B,C,D,E,A,WR09,SR09,KR0);
+        RIP5(A,B,C,D,E,WR10,SR10,KR0);
+        RIP5(E,A,B,C,D,WR11,SR11,KR0);
+        RIP5(D,E,A,B,C,WR12,SR12,KR0);
+        RIP5(C,D,E,A,B,WR13,SR13,KR0);
+        RIP5(B,C,D,E,A,WR14,SR14,KR0);
+        RIP5(A,B,C,D,E,WR15,SR15,KR0);
+
+        RIP4(E,A,B,C,D,WR16,SR16,KR1);
+        RIP4(D,E,A,B,C,WR17,SR17,KR1);
+        RIP4(C,D,E,A,B,WR18,SR18,KR1);
+        RIP4(B,C,D,E,A,WR19,SR19,KR1);
+        RIP4(A,B,C,D,E,WR20,SR20,KR1);
+        RIP4(E,A,B,C,D,WR21,SR21,KR1);
+        RIP4(D,E,A,B,C,WR22,SR22,KR1);
+        RIP4(C,D,E,A,B,WR23,SR23,KR1);
+        RIP4(B,C,D,E,A,WR24,SR24,KR1);
+        RIP4(A,B,C,D,E,WR25,SR25,KR1);
+        RIP4(E,A,B,C,D,WR26,SR26,KR1);
+        RIP4(D,E,A,B,C,WR27,SR27,KR1);
+        RIP4(C,D,E,A,B,WR28,SR28,KR1);
+        RIP4(B,C,D,E,A,WR29,SR29,KR1);
+        RIP4(A,B,C,D,E,WR30,SR30,KR1);
+        RIP4(E,A,B,C,D,WR31,SR31,KR1);
+
+        RIP3(D,E,A,B,C,WR32,SR32,KR2);
+        RIP3(C,D,E,A,B,WR33,SR33,KR2);
+        RIP3(B,C,D,E,A,WR34,SR34,KR2);
+        RIP3(A,B,C,D,E,WR35,SR35,KR2);
+        RIP3(E,A,B,C,D,WR36,SR36,KR2);
+        RIP3(D,E,A,B,C,WR37,SR37,KR2);
+        RIP3(C,D,E,A,B,WR38,SR38,KR2);
+        RIP3(B,C,D,E,A,WR39,SR39,KR2);
+        RIP3(A,B,C,D,E,WR40,SR40,KR2);
+        RIP3(E,A,B,C,D,WR41,SR41,KR2);
+        RIP3(D,E,A,B,C,WR42,SR42,KR2);
+        RIP3(C,D,E,A,B,WR43,SR43,KR2);
+        RIP3(B,C,D,E,A,WR44,SR44,KR2);
+        RIP3(A,B,C,D,E,WR45,SR45,KR2);
+        RIP3(E,A,B,C,D,WR46,SR46,KR2);
+        RIP3(D,E,A,B,C,WR47,SR47,KR2);
+
+        RIP2(C,D,E,A,B,WR48,SR48,KR3);
+        RIP2(B,C,D,E,A,WR49,SR49,KR3);
+        RIP2(A,B,C,D,E,WR50,SR50,KR3);
+        RIP2(E,A,B,C,D,WR51,SR51,KR3);
+        RIP2(D,E,A,B,C,WR52,SR52,KR3);
+        RIP2(C,D,E,A,B,WR53,SR53,KR3);
+        RIP2(B,C,D,E,A,WR54,SR54,KR3);
+        RIP2(A,B,C,D,E,WR55,SR55,KR3);
+        RIP2(E,A,B,C,D,WR56,SR56,KR3);
+        RIP2(D,E,A,B,C,WR57,SR57,KR3);
+        RIP2(C,D,E,A,B,WR58,SR58,KR3);
+        RIP2(B,C,D,E,A,WR59,SR59,KR3);
+        RIP2(A,B,C,D,E,WR60,SR60,KR3);
+        RIP2(E,A,B,C,D,WR61,SR61,KR3);
+        RIP2(D,E,A,B,C,WR62,SR62,KR3);
+        RIP2(C,D,E,A,B,WR63,SR63,KR3);
+
+        RIP1(B,C,D,E,A,WR64,SR64);
+        RIP1(A,B,C,D,E,WR65,SR65);
+        RIP1(E,A,B,C,D,WR66,SR66);
+        RIP1(D,E,A,B,C,WR67,SR67);
+        RIP1(C,D,E,A,B,WR68,SR68);
+        RIP1(B,C,D,E,A,WR69,SR69);
+        RIP1(A,B,C,D,E,WR70,SR70);
+        RIP1(E,A,B,C,D,WR71,SR71);
+        RIP1(D,E,A,B,C,WR72,SR72);
+        RIP1(C,D,E,A,B,WR73,SR73);
+        RIP1(B,C,D,E,A,WR74,SR74);
+        RIP1(A,B,C,D,E,WR75,SR75);
+        RIP1(E,A,B,C,D,WR76,SR76);
+        RIP1(D,E,A,B,C,WR77,SR77);
+        RIP1(C,D,E,A,B,WR78,SR78);
+        RIP1(B,C,D,E,A,WR79,SR79);
+
+        D     =ctx->B+c+D;
+        ctx->B=ctx->C+d+E;
+        ctx->C=ctx->D+e+A;
+        ctx->D=ctx->E+a+B;
+        ctx->E=ctx->A+b+C;
+        ctx->A=D;
+
+                }
+        }
+#endif
+
+#ifndef ripemd160_block_data_order
+#ifdef X
+#undef X
+#endif
+void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num)
+        {
+        const unsigned char *data=p;
+        register volatile unsigned MD32_REG_T A,B,C,D,E;
+        unsigned MD32_REG_T a,b,c,d,e,l;
+#ifndef MD32_XARRAY
+        /* See comment in crypto/sha/sha_locl.h for details. */
+        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+# define X(i)   XX##i
+#else
+        RIPEMD160_LONG  XX[16];
+# define X(i)   XX[i]
+#endif
+
+        for (;num--;)
+                {
+
+        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+        HOST_c2l(data,l); X( 0)=l;      HOST_c2l(data,l); X( 1)=l;
+        RIP1(A,B,C,D,E,WL00,SL00);      HOST_c2l(data,l); X( 2)=l;
+        RIP1(E,A,B,C,D,WL01,SL01);      HOST_c2l(data,l); X( 3)=l;
+        RIP1(D,E,A,B,C,WL02,SL02);      HOST_c2l(data,l); X( 4)=l;
+        RIP1(C,D,E,A,B,WL03,SL03);      HOST_c2l(data,l); X( 5)=l;
+        RIP1(B,C,D,E,A,WL04,SL04);      HOST_c2l(data,l); X( 6)=l;
+        RIP1(A,B,C,D,E,WL05,SL05);      HOST_c2l(data,l); X( 7)=l;
+        RIP1(E,A,B,C,D,WL06,SL06);      HOST_c2l(data,l); X( 8)=l;
+        RIP1(D,E,A,B,C,WL07,SL07);      HOST_c2l(data,l); X( 9)=l;
+        RIP1(C,D,E,A,B,WL08,SL08);      HOST_c2l(data,l); X(10)=l;
+        RIP1(B,C,D,E,A,WL09,SL09);      HOST_c2l(data,l); X(11)=l;
+        RIP1(A,B,C,D,E,WL10,SL10);      HOST_c2l(data,l); X(12)=l;
+        RIP1(E,A,B,C,D,WL11,SL11);      HOST_c2l(data,l); X(13)=l;
+        RIP1(D,E,A,B,C,WL12,SL12);      HOST_c2l(data,l); X(14)=l;
+        RIP1(C,D,E,A,B,WL13,SL13);      HOST_c2l(data,l); X(15)=l;
+        RIP1(B,C,D,E,A,WL14,SL14);
+        RIP1(A,B,C,D,E,WL15,SL15);
+
+        RIP2(E,A,B,C,D,WL16,SL16,KL1);
+        RIP2(D,E,A,B,C,WL17,SL17,KL1);
+        RIP2(C,D,E,A,B,WL18,SL18,KL1);
+        RIP2(B,C,D,E,A,WL19,SL19,KL1);
+        RIP2(A,B,C,D,E,WL20,SL20,KL1);
+        RIP2(E,A,B,C,D,WL21,SL21,KL1);
+        RIP2(D,E,A,B,C,WL22,SL22,KL1);
+        RIP2(C,D,E,A,B,WL23,SL23,KL1);
+        RIP2(B,C,D,E,A,WL24,SL24,KL1);
+        RIP2(A,B,C,D,E,WL25,SL25,KL1);
+        RIP2(E,A,B,C,D,WL26,SL26,KL1);
+        RIP2(D,E,A,B,C,WL27,SL27,KL1);
+        RIP2(C,D,E,A,B,WL28,SL28,KL1);
+        RIP2(B,C,D,E,A,WL29,SL29,KL1);
+        RIP2(A,B,C,D,E,WL30,SL30,KL1);
+        RIP2(E,A,B,C,D,WL31,SL31,KL1);
+
+        RIP3(D,E,A,B,C,WL32,SL32,KL2);
+        RIP3(C,D,E,A,B,WL33,SL33,KL2);
+        RIP3(B,C,D,E,A,WL34,SL34,KL2);
+        RIP3(A,B,C,D,E,WL35,SL35,KL2);
+        RIP3(E,A,B,C,D,WL36,SL36,KL2);
+        RIP3(D,E,A,B,C,WL37,SL37,KL2);
+        RIP3(C,D,E,A,B,WL38,SL38,KL2);
+        RIP3(B,C,D,E,A,WL39,SL39,KL2);
+        RIP3(A,B,C,D,E,WL40,SL40,KL2);
+        RIP3(E,A,B,C,D,WL41,SL41,KL2);
+        RIP3(D,E,A,B,C,WL42,SL42,KL2);
+        RIP3(C,D,E,A,B,WL43,SL43,KL2);
+        RIP3(B,C,D,E,A,WL44,SL44,KL2);
+        RIP3(A,B,C,D,E,WL45,SL45,KL2);
+        RIP3(E,A,B,C,D,WL46,SL46,KL2);
+        RIP3(D,E,A,B,C,WL47,SL47,KL2);
+
+        RIP4(C,D,E,A,B,WL48,SL48,KL3);
+        RIP4(B,C,D,E,A,WL49,SL49,KL3);
+        RIP4(A,B,C,D,E,WL50,SL50,KL3);
+        RIP4(E,A,B,C,D,WL51,SL51,KL3);
+        RIP4(D,E,A,B,C,WL52,SL52,KL3);
+        RIP4(C,D,E,A,B,WL53,SL53,KL3);
+        RIP4(B,C,D,E,A,WL54,SL54,KL3);
+        RIP4(A,B,C,D,E,WL55,SL55,KL3);
+        RIP4(E,A,B,C,D,WL56,SL56,KL3);
+        RIP4(D,E,A,B,C,WL57,SL57,KL3);
+        RIP4(C,D,E,A,B,WL58,SL58,KL3);
+        RIP4(B,C,D,E,A,WL59,SL59,KL3);
+        RIP4(A,B,C,D,E,WL60,SL60,KL3);
+        RIP4(E,A,B,C,D,WL61,SL61,KL3);
+        RIP4(D,E,A,B,C,WL62,SL62,KL3);
+        RIP4(C,D,E,A,B,WL63,SL63,KL3);
+
+        RIP5(B,C,D,E,A,WL64,SL64,KL4);
+        RIP5(A,B,C,D,E,WL65,SL65,KL4);
+        RIP5(E,A,B,C,D,WL66,SL66,KL4);
+        RIP5(D,E,A,B,C,WL67,SL67,KL4);
+        RIP5(C,D,E,A,B,WL68,SL68,KL4);
+        RIP5(B,C,D,E,A,WL69,SL69,KL4);
+        RIP5(A,B,C,D,E,WL70,SL70,KL4);
+        RIP5(E,A,B,C,D,WL71,SL71,KL4);
+        RIP5(D,E,A,B,C,WL72,SL72,KL4);
+        RIP5(C,D,E,A,B,WL73,SL73,KL4);
+        RIP5(B,C,D,E,A,WL74,SL74,KL4);
+        RIP5(A,B,C,D,E,WL75,SL75,KL4);
+        RIP5(E,A,B,C,D,WL76,SL76,KL4);
+        RIP5(D,E,A,B,C,WL77,SL77,KL4);
+        RIP5(C,D,E,A,B,WL78,SL78,KL4);
+        RIP5(B,C,D,E,A,WL79,SL79,KL4);
+
+        a=A; b=B; c=C; d=D; e=E;
+        /* Do other half */
+        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+        RIP5(A,B,C,D,E,WR00,SR00,KR0);
+        RIP5(E,A,B,C,D,WR01,SR01,KR0);
+        RIP5(D,E,A,B,C,WR02,SR02,KR0);
+        RIP5(C,D,E,A,B,WR03,SR03,KR0);
+        RIP5(B,C,D,E,A,WR04,SR04,KR0);
+        RIP5(A,B,C,D,E,WR05,SR05,KR0);
+        RIP5(E,A,B,C,D,WR06,SR06,KR0);
+        RIP5(D,E,A,B,C,WR07,SR07,KR0);
+        RIP5(C,D,E,A,B,WR08,SR08,KR0);
+        RIP5(B,C,D,E,A,WR09,SR09,KR0);
+        RIP5(A,B,C,D,E,WR10,SR10,KR0);
+        RIP5(E,A,B,C,D,WR11,SR11,KR0);
+        RIP5(D,E,A,B,C,WR12,SR12,KR0);
+        RIP5(C,D,E,A,B,WR13,SR13,KR0);
+        RIP5(B,C,D,E,A,WR14,SR14,KR0);
+        RIP5(A,B,C,D,E,WR15,SR15,KR0);
+
+        RIP4(E,A,B,C,D,WR16,SR16,KR1);
+        RIP4(D,E,A,B,C,WR17,SR17,KR1);
+        RIP4(C,D,E,A,B,WR18,SR18,KR1);
+        RIP4(B,C,D,E,A,WR19,SR19,KR1);
+        RIP4(A,B,C,D,E,WR20,SR20,KR1);
+        RIP4(E,A,B,C,D,WR21,SR21,KR1);
+        RIP4(D,E,A,B,C,WR22,SR22,KR1);
+        RIP4(C,D,E,A,B,WR23,SR23,KR1);
+        RIP4(B,C,D,E,A,WR24,SR24,KR1);
+        RIP4(A,B,C,D,E,WR25,SR25,KR1);
+        RIP4(E,A,B,C,D,WR26,SR26,KR1);
+        RIP4(D,E,A,B,C,WR27,SR27,KR1);
+        RIP4(C,D,E,A,B,WR28,SR28,KR1);
+        RIP4(B,C,D,E,A,WR29,SR29,KR1);
+        RIP4(A,B,C,D,E,WR30,SR30,KR1);
+        RIP4(E,A,B,C,D,WR31,SR31,KR1);
+
+        RIP3(D,E,A,B,C,WR32,SR32,KR2);
+        RIP3(C,D,E,A,B,WR33,SR33,KR2);
+        RIP3(B,C,D,E,A,WR34,SR34,KR2);
+        RIP3(A,B,C,D,E,WR35,SR35,KR2);
+        RIP3(E,A,B,C,D,WR36,SR36,KR2);
+        RIP3(D,E,A,B,C,WR37,SR37,KR2);
+        RIP3(C,D,E,A,B,WR38,SR38,KR2);
+        RIP3(B,C,D,E,A,WR39,SR39,KR2);
+        RIP3(A,B,C,D,E,WR40,SR40,KR2);
+        RIP3(E,A,B,C,D,WR41,SR41,KR2);
+        RIP3(D,E,A,B,C,WR42,SR42,KR2);
+        RIP3(C,D,E,A,B,WR43,SR43,KR2);
+        RIP3(B,C,D,E,A,WR44,SR44,KR2);
+        RIP3(A,B,C,D,E,WR45,SR45,KR2);
+        RIP3(E,A,B,C,D,WR46,SR46,KR2);
+        RIP3(D,E,A,B,C,WR47,SR47,KR2);
+
+        RIP2(C,D,E,A,B,WR48,SR48,KR3);
+        RIP2(B,C,D,E,A,WR49,SR49,KR3);
+        RIP2(A,B,C,D,E,WR50,SR50,KR3);
+        RIP2(E,A,B,C,D,WR51,SR51,KR3);
+        RIP2(D,E,A,B,C,WR52,SR52,KR3);
+        RIP2(C,D,E,A,B,WR53,SR53,KR3);
+        RIP2(B,C,D,E,A,WR54,SR54,KR3);
+        RIP2(A,B,C,D,E,WR55,SR55,KR3);
+        RIP2(E,A,B,C,D,WR56,SR56,KR3);
+        RIP2(D,E,A,B,C,WR57,SR57,KR3);
+        RIP2(C,D,E,A,B,WR58,SR58,KR3);
+        RIP2(B,C,D,E,A,WR59,SR59,KR3);
+        RIP2(A,B,C,D,E,WR60,SR60,KR3);
+        RIP2(E,A,B,C,D,WR61,SR61,KR3);
+        RIP2(D,E,A,B,C,WR62,SR62,KR3);
+        RIP2(C,D,E,A,B,WR63,SR63,KR3);
+
+        RIP1(B,C,D,E,A,WR64,SR64);
+        RIP1(A,B,C,D,E,WR65,SR65);
+        RIP1(E,A,B,C,D,WR66,SR66);
+        RIP1(D,E,A,B,C,WR67,SR67);
+        RIP1(C,D,E,A,B,WR68,SR68);
+        RIP1(B,C,D,E,A,WR69,SR69);
+        RIP1(A,B,C,D,E,WR70,SR70);
+        RIP1(E,A,B,C,D,WR71,SR71);
+        RIP1(D,E,A,B,C,WR72,SR72);
+        RIP1(C,D,E,A,B,WR73,SR73);
+        RIP1(B,C,D,E,A,WR74,SR74);
+        RIP1(A,B,C,D,E,WR75,SR75);
+        RIP1(E,A,B,C,D,WR76,SR76);
+        RIP1(D,E,A,B,C,WR77,SR77);
+        RIP1(C,D,E,A,B,WR78,SR78);
+        RIP1(B,C,D,E,A,WR79,SR79);
+
+        D     =ctx->B+c+D;
+        ctx->B=ctx->C+d+E;
+        ctx->C=ctx->D+e+A;
+        ctx->D=ctx->E+a+B;
+        ctx->E=ctx->A+b+C;
+        ctx->A=D;
+
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h
new file mode 100644
index 0000000000..7b835dfbd4
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmd_locl.h
@@ -0,0 +1,160 @@
+/* crypto/ripemd/rmd_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/ripemd.h>
+
+#ifndef RIPEMD160_LONG_LOG2
+#define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+/*
+ * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
+ * FOR EXPLANATIONS ON FOLLOWING "CODE."
+ *                                      <appro@fy.chalmers.se>
+ */
+#ifdef RMD160_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#  define ripemd160_block_host_order ripemd160_block_asm_host_order
+# endif
+#endif
+
+void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
+void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#define ripemd160_block_data_order ripemd160_block_host_order
+#endif
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               RIPEMD160_LONG
+#define HASH_LONG_LOG2          RIPEMD160_LONG_LOG2
+#define HASH_CTX                RIPEMD160_CTX
+#define HASH_CBLOCK             RIPEMD160_CBLOCK
+#define HASH_LBLOCK             RIPEMD160_LBLOCK
+#define HASH_UPDATE             RIPEMD160_Update
+#define HASH_TRANSFORM          RIPEMD160_Transform
+#define HASH_FINAL              RIPEMD160_Final
+#define HASH_BLOCK_HOST_ORDER   ripemd160_block_host_order
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; HOST_l2c(ll,(s));    \
+        ll=(c)->B; HOST_l2c(ll,(s));    \
+        ll=(c)->C; HOST_l2c(ll,(s));    \
+        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->E; HOST_l2c(ll,(s));    \
+        } while (0)
+#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order)
+#define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
+#endif
+
+#include "md32_common.h"
+
+#if 0
+#define F1(x,y,z)        ((x)^(y)^(z))
+#define F2(x,y,z)       (((x)&(y))|((~x)&z))
+#define F3(x,y,z)       (((x)|(~y))^(z))
+#define F4(x,y,z)       (((x)&(z))|((y)&(~(z))))
+#define F5(x,y,z)        ((x)^((y)|(~(z))))
+#else
+/*
+ * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
+ */
+#define F1(x,y,z)       ((x) ^ (y) ^ (z))
+#define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
+#define F3(x,y,z)       (((~(y)) | (x)) ^ (z))
+#define F4(x,y,z)       ((((x) ^ (y)) & (z)) ^ (y))
+#define F5(x,y,z)       (((~(z)) | (y)) ^ (x))
+#endif
+
+#define RIPEMD160_A     0x67452301L
+#define RIPEMD160_B     0xEFCDAB89L
+#define RIPEMD160_C     0x98BADCFEL
+#define RIPEMD160_D     0x10325476L
+#define RIPEMD160_E     0xC3D2E1F0L
+
+#include "rmdconst.h"
+
+#define RIP1(a,b,c,d,e,w,s) { \
+        a+=F1(b,c,d)+X(w); \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP2(a,b,c,d,e,w,s,K) { \
+        a+=F2(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP3(a,b,c,d,e,w,s,K) { \
+        a+=F3(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP4(a,b,c,d,e,w,s,K) { \
+        a+=F4(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP5(a,b,c,d,e,w,s,K) { \
+        a+=F5(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
diff --git a/src/lib/libcrypto/ripemd/rmd_one.c b/src/lib/libcrypto/ripemd/rmd_one.c
new file mode 100644
index 0000000000..f8b580c33a
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmd_one.c
@@ -0,0 +1,77 @@
+/* crypto/ripemd/rmd_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/ripemd.h>
+#include <openssl/crypto.h>
+
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+             unsigned char *md)
+        {
+        RIPEMD160_CTX c;
+        static unsigned char m[RIPEMD160_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        RIPEMD160_Init(&c);
+        RIPEMD160_Update(&c,d,n);
+        RIPEMD160_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+        return(md);
+        }
+
diff --git a/src/lib/libcrypto/ripemd/rmdconst.h b/src/lib/libcrypto/ripemd/rmdconst.h
new file mode 100644
index 0000000000..59c48dead1
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmdconst.h
@@ -0,0 +1,399 @@
+/* crypto/ripemd/rmdconst.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define KL0 0x00000000L
+#define KL1 0x5A827999L
+#define KL2 0x6ED9EBA1L
+#define KL3 0x8F1BBCDCL
+#define KL4 0xA953FD4EL
+
+#define KR0 0x50A28BE6L
+#define KR1 0x5C4DD124L
+#define KR2 0x6D703EF3L
+#define KR3 0x7A6D76E9L
+#define KR4 0x00000000L
+
+#define WL00  0
+#define SL00 11
+#define WL01  1
+#define SL01 14
+#define WL02  2
+#define SL02 15
+#define WL03  3
+#define SL03 12
+#define WL04  4
+#define SL04  5
+#define WL05  5
+#define SL05  8
+#define WL06  6
+#define SL06  7
+#define WL07  7
+#define SL07  9
+#define WL08  8
+#define SL08 11
+#define WL09  9
+#define SL09 13
+#define WL10 10
+#define SL10 14
+#define WL11 11
+#define SL11 15
+#define WL12 12
+#define SL12  6
+#define WL13 13
+#define SL13  7
+#define WL14 14
+#define SL14  9
+#define WL15 15
+#define SL15  8
+
+#define WL16  7
+#define SL16  7
+#define WL17  4
+#define SL17  6
+#define WL18 13
+#define SL18  8
+#define WL19  1
+#define SL19 13
+#define WL20 10
+#define SL20 11
+#define WL21  6
+#define SL21  9
+#define WL22 15
+#define SL22  7
+#define WL23  3
+#define SL23 15
+#define WL24 12
+#define SL24  7
+#define WL25  0
+#define SL25 12
+#define WL26  9
+#define SL26 15
+#define WL27  5
+#define SL27  9
+#define WL28  2
+#define SL28 11
+#define WL29 14
+#define SL29  7
+#define WL30 11
+#define SL30 13
+#define WL31  8
+#define SL31 12
+
+#define WL32  3
+#define SL32 11
+#define WL33 10
+#define SL33 13
+#define WL34 14
+#define SL34  6
+#define WL35  4
+#define SL35  7
+#define WL36  9
+#define SL36 14
+#define WL37 15
+#define SL37  9
+#define WL38  8
+#define SL38 13
+#define WL39  1
+#define SL39 15
+#define WL40  2
+#define SL40 14
+#define WL41  7
+#define SL41  8
+#define WL42  0
+#define SL42 13
+#define WL43  6
+#define SL43  6
+#define WL44 13
+#define SL44  5
+#define WL45 11
+#define SL45 12
+#define WL46  5
+#define SL46  7
+#define WL47 12
+#define SL47  5
+
+#define WL48  1
+#define SL48 11
+#define WL49  9
+#define SL49 12
+#define WL50 11
+#define SL50 14
+#define WL51 10
+#define SL51 15
+#define WL52  0
+#define SL52 14
+#define WL53  8
+#define SL53 15
+#define WL54 12
+#define SL54  9
+#define WL55  4
+#define SL55  8
+#define WL56 13
+#define SL56  9
+#define WL57  3
+#define SL57 14
+#define WL58  7
+#define SL58  5
+#define WL59 15
+#define SL59  6
+#define WL60 14
+#define SL60  8
+#define WL61  5
+#define SL61  6
+#define WL62  6
+#define SL62  5
+#define WL63  2
+#define SL63 12
+
+#define WL64  4
+#define SL64  9
+#define WL65  0
+#define SL65 15
+#define WL66  5
+#define SL66  5
+#define WL67  9
+#define SL67 11
+#define WL68  7
+#define SL68  6
+#define WL69 12
+#define SL69  8
+#define WL70  2
+#define SL70 13
+#define WL71 10
+#define SL71 12
+#define WL72 14
+#define SL72  5
+#define WL73  1
+#define SL73 12
+#define WL74  3
+#define SL74 13
+#define WL75  8
+#define SL75 14
+#define WL76 11
+#define SL76 11
+#define WL77  6
+#define SL77  8
+#define WL78 15
+#define SL78  5
+#define WL79 13
+#define SL79  6
+
+#define WR00  5
+#define SR00  8
+#define WR01 14
+#define SR01  9
+#define WR02  7
+#define SR02  9
+#define WR03  0
+#define SR03 11
+#define WR04  9
+#define SR04 13
+#define WR05  2
+#define SR05 15
+#define WR06 11
+#define SR06 15
+#define WR07  4
+#define SR07  5
+#define WR08 13
+#define SR08  7
+#define WR09  6
+#define SR09  7
+#define WR10 15
+#define SR10  8
+#define WR11  8
+#define SR11 11
+#define WR12  1
+#define SR12 14
+#define WR13 10
+#define SR13 14
+#define WR14  3
+#define SR14 12
+#define WR15 12
+#define SR15  6
+
+#define WR16  6
+#define SR16  9
+#define WR17 11
+#define SR17 13
+#define WR18  3
+#define SR18 15
+#define WR19  7
+#define SR19  7
+#define WR20  0
+#define SR20 12
+#define WR21 13
+#define SR21  8
+#define WR22  5
+#define SR22  9
+#define WR23 10
+#define SR23 11
+#define WR24 14
+#define SR24  7
+#define WR25 15
+#define SR25  7
+#define WR26  8
+#define SR26 12
+#define WR27 12
+#define SR27  7
+#define WR28  4
+#define SR28  6
+#define WR29  9
+#define SR29 15
+#define WR30  1
+#define SR30 13
+#define WR31  2
+#define SR31 11
+
+#define WR32 15
+#define SR32  9
+#define WR33  5
+#define SR33  7
+#define WR34  1
+#define SR34 15
+#define WR35  3
+#define SR35 11
+#define WR36  7
+#define SR36  8
+#define WR37 14
+#define SR37  6
+#define WR38  6
+#define SR38  6
+#define WR39  9
+#define SR39 14
+#define WR40 11
+#define SR40 12
+#define WR41  8
+#define SR41 13
+#define WR42 12
+#define SR42  5
+#define WR43  2
+#define SR43 14
+#define WR44 10
+#define SR44 13
+#define WR45  0
+#define SR45 13
+#define WR46  4
+#define SR46  7
+#define WR47 13
+#define SR47  5
+
+#define WR48  8
+#define SR48 15
+#define WR49  6
+#define SR49  5
+#define WR50  4
+#define SR50  8
+#define WR51  1
+#define SR51 11
+#define WR52  3
+#define SR52 14
+#define WR53 11
+#define SR53 14
+#define WR54 15
+#define SR54  6
+#define WR55  0
+#define SR55 14
+#define WR56  5
+#define SR56  6
+#define WR57 12
+#define SR57  9
+#define WR58  2
+#define SR58 12
+#define WR59 13
+#define SR59  9
+#define WR60  9
+#define SR60 12
+#define WR61  7
+#define SR61  5
+#define WR62 10
+#define SR62 15
+#define WR63 14
+#define SR63  8
+
+#define WR64 12
+#define SR64  8
+#define WR65 15
+#define SR65  5
+#define WR66 10
+#define SR66 12
+#define WR67  4
+#define SR67  9
+#define WR68  1
+#define SR68 12
+#define WR69  5
+#define SR69  5
+#define WR70  8
+#define SR70 14
+#define WR71  7
+#define SR71  6
+#define WR72  6
+#define SR72  8
+#define WR73  2
+#define SR73 13
+#define WR74 13
+#define SR74  6
+#define WR75 14
+#define SR75  5
+#define WR76  0
+#define SR76 15
+#define WR77  3
+#define SR77 13
+#define WR78  9
+#define SR78 11
+#define WR79 11
+#define SR79 11
+
diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
new file mode 100644
index 0000000000..8089344a04
--- /dev/null
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -0,0 +1,241 @@
+#
+# SSLeay/crypto/rsa/Makefile
+#
+
+DIR=    rsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=rsa_test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_asn1.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
+        rsa_asn1.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= rsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/opensslconf.h
+rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../cryptlib.h rsa_asn1.c
+rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_chk.o: rsa_chk.c
+rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
+rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_err.o: rsa_err.c
+rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_gen.o: ../cryptlib.h rsa_gen.c
+rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h rsa_lib.c
+rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
+rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
+rsa_oaep.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_oaep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_oaep.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_oaep.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_oaep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_oaep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rsa_oaep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_oaep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_oaep.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_saos.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_saos.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_saos.o: ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_saos.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_saos.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_saos.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h rsa_saos.c
+rsa_sign.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h rsa_sign.c
+rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
new file mode 100644
index 0000000000..fc3bb5f86d
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -0,0 +1,366 @@
+/* crypto/rsa/rsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RSA_H
+#define HEADER_RSA_H
+
+#include <openssl/asn1.h>
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef OPENSSL_NO_RSA
+#error RSA is disabled.
+#endif
+
+#if defined(OPENSSL_FIPS)
+#define FIPS_RSA_SIZE_T int
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rsa_st RSA;
+
+typedef struct rsa_meth_st
+        {
+        const char *name;
+        int (*rsa_pub_enc)(int flen,const unsigned char *from,
+                           unsigned char *to,
+                           RSA *rsa,int padding);
+        int (*rsa_pub_dec)(int flen,const unsigned char *from,
+                           unsigned char *to,
+                           RSA *rsa,int padding);
+        int (*rsa_priv_enc)(int flen,const unsigned char *from,
+                            unsigned char *to,
+                            RSA *rsa,int padding);
+        int (*rsa_priv_dec)(int flen,const unsigned char *from,
+                            unsigned char *to,
+                            RSA *rsa,int padding);
+        int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
+        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx,
+                          BN_MONT_CTX *m_ctx); /* Can be null */
+        int (*init)(RSA *rsa);          /* called at new */
+        int (*finish)(RSA *rsa);        /* called at free */
+        int flags;                      /* RSA_METHOD_FLAG_* things */
+        char *app_data;                 /* may be needed! */
+/* New sign and verify functions: some libraries don't allow arbitrary data
+ * to be signed/verified: this allows them to be used. Note: for this to work
+ * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
+ * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
+ * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
+ * option is set in 'flags'.
+ */
+        int (*rsa_sign)(int type,
+                const unsigned char *m, unsigned int m_length,
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+        int (*rsa_verify)(int dtype,
+                const unsigned char *m, unsigned int m_length,
+                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+
+        } RSA_METHOD;
+
+struct rsa_st
+        {
+        /* The first parameter is used to pickup errors where
+         * this is passed instead of aEVP_PKEY, it is set to 0 */
+        int pad;
+        long version;
+        const RSA_METHOD *meth;
+        /* functional reference if 'meth' is ENGINE-provided */
+        ENGINE *engine;
+        BIGNUM *n;
+        BIGNUM *e;
+        BIGNUM *d;
+        BIGNUM *p;
+        BIGNUM *q;
+        BIGNUM *dmp1;
+        BIGNUM *dmq1;
+        BIGNUM *iqmp;
+        /* be careful using this if the RSA structure is shared */
+        CRYPTO_EX_DATA ex_data;
+        int references;
+        int flags;
+
+        /* Used to cache montgomery values */
+        BN_MONT_CTX *_method_mod_n;
+        BN_MONT_CTX *_method_mod_p;
+        BN_MONT_CTX *_method_mod_q;
+
+        /* all BIGNUM values are actually in the following data, if it is not
+         * NULL */
+        char *bignum_data;
+        BN_BLINDING *blinding;
+        };
+
+#define RSA_3   0x3L
+#define RSA_F4  0x10001L
+
+#define RSA_METHOD_FLAG_NO_CHECK        0x01 /* don't check pub/private match */
+
+#define RSA_FLAG_CACHE_PUBLIC           0x02
+#define RSA_FLAG_CACHE_PRIVATE          0x04
+#define RSA_FLAG_BLINDING               0x08
+#define RSA_FLAG_THREAD_SAFE            0x10
+/* This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * gets called when private key components are absent.
+ */
+#define RSA_FLAG_EXT_PKEY               0x20
+
+/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
+ */
+#define RSA_FLAG_SIGN_VER               0x40
+
+#define RSA_FLAG_NO_BLINDING            0x80 /* new with 0.9.6j and 0.9.7b; the built-in
+                                              * RSA implementation now uses blinding by
+                                              * default (ignoring RSA_FLAG_BLINDING),
+                                              * but other engines might not need it
+                                              */
+
+#define RSA_PKCS1_PADDING       1
+#define RSA_SSLV23_PADDING      2
+#define RSA_NO_PADDING          3
+#define RSA_PKCS1_OAEP_PADDING  4
+
+#define RSA_PKCS1_PADDING_SIZE  11
+
+#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+
+RSA *   RSA_new(void);
+RSA *   RSA_new_method(ENGINE *engine);
+int     RSA_size(const RSA *);
+RSA *   RSA_generate_key(int bits, unsigned long e,void
+                (*callback)(int,int,void *),void *cb_arg);
+int     RSA_check_key(const RSA *);
+        /* next 4 return -1 on error */
+int     RSA_public_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+int     RSA_private_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+int     RSA_public_decrypt(int flen, const unsigned char *from, 
+                unsigned char *to, RSA *rsa,int padding);
+int     RSA_private_decrypt(int flen, const unsigned char *from, 
+                unsigned char *to, RSA *rsa,int padding);
+void    RSA_free (RSA *r);
+/* "up" the RSA object's reference count */
+int     RSA_up_ref(RSA *r);
+
+int     RSA_flags(const RSA *r);
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+/* This function needs the memory locking malloc callbacks to be installed */
+int RSA_memory_lock(RSA *r);
+
+/* these are the actual SSLeay RSA functions */
+const RSA_METHOD *RSA_PKCS1_SSLeay(void);
+
+const RSA_METHOD *RSA_null_method(void);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
+
+#ifndef OPENSSL_NO_FP_API
+int     RSA_print_fp(FILE *fp, const RSA *r,int offset);
+#endif
+
+#ifndef OPENSSL_NO_BIO
+int     RSA_print(BIO *bp, const RSA *r,int offset);
+#endif
+
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
+
+/* The following 2 functions sign and verify a X509_SIG ASN1 object
+ * inside PKCS#1 padded RSA encryption */
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
+        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
+        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+/* The following 2 function sign and verify a ASN1_OCTET_STRING
+ * object inside PKCS#1 padded RSA encryption */
+int RSA_sign_ASN1_OCTET_STRING(int type,
+        const unsigned char *m, unsigned int m_length,
+        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify_ASN1_OCTET_STRING(int type,
+        const unsigned char *m, unsigned int m_length,
+        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
+        const unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
+        const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
+        const unsigned char *f,int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
+        const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
+        const unsigned char *f,int fl,
+        const unsigned char *p,int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
+        const unsigned char *f,int fl,int rsa_len,
+        const unsigned char *p,int pl);
+int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
+        const unsigned char *f,int fl);
+int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
+        const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_none(unsigned char *to,int tlen,
+        const unsigned char *f,int fl);
+int RSA_padding_check_none(unsigned char *to,int tlen,
+        const unsigned char *f,int fl,int rsa_len);
+
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int RSA_set_ex_data(RSA *r,int idx,void *arg);
+void *RSA_get_ex_data(const RSA *r, int idx);
+
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_RSA_strings(void);
+
+/* Error codes for the RSA functions. */
+
+/* Function codes. */
+#define RSA_F_MEMORY_LOCK                                100
+#define RSA_F_RSA_CHECK_KEY                              123
+#define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
+#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT                    102
+#define RSA_F_RSA_EAY_PUBLIC_DECRYPT                     103
+#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                     104
+#define RSA_F_RSA_GENERATE_KEY                           105
+#define RSA_F_RSA_NEW_METHOD                             106
+#define RSA_F_RSA_NULL                                   124
+#define RSA_F_RSA_PADDING_ADD_NONE                       107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
+#define RSA_F_RSA_PADDING_ADD_SSLV23                     110
+#define RSA_F_RSA_PADDING_CHECK_NONE                     111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
+#define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
+#define RSA_F_RSA_PRINT                                  115
+#define RSA_F_RSA_PRINT_FP                               116
+#define RSA_F_RSA_SIGN                                   117
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
+#define RSA_F_RSA_VERIFY                                 119
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
+
+/* Reason codes. */
+#define RSA_R_ALGORITHM_MISMATCH                         100
+#define RSA_R_BAD_E_VALUE                                101
+#define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
+#define RSA_R_BAD_PAD_BYTE_COUNT                         103
+#define RSA_R_BAD_SIGNATURE                              104
+#define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
+#define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
+#define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
+#define RSA_R_DATA_TOO_LARGE                             109
+#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
+#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
+#define RSA_R_DATA_TOO_SMALL                             111
+#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
+#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
+#define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
+#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
+#define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
+#define RSA_R_INVALID_MESSAGE_LENGTH                     131
+#define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
+#define RSA_R_KEY_SIZE_TOO_SMALL                         120
+#define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
+#define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
+#define RSA_R_OAEP_DECODING_ERROR                        121
+#define RSA_R_PADDING_CHECK_FAILED                       114
+#define RSA_R_P_NOT_PRIME                                128
+#define RSA_R_Q_NOT_PRIME                                129
+#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
+#define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
+#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+#define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
+#define RSA_R_UNKNOWN_PADDING_TYPE                       118
+#define RSA_R_WRONG_SIGNATURE_LENGTH                     119
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
new file mode 100644
index 0000000000..1455a7e0e4
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -0,0 +1,121 @@
+/* rsa_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/asn1t.h>
+
+static ASN1_METHOD method={
+        (int (*)())  i2d_RSAPrivateKey,
+        (char *(*)())d2i_RSAPrivateKey,
+        (char *(*)())RSA_new,
+        (void (*)()) RSA_free};
+
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
+        {
+        return(&method);
+        }
+
+/* Override the default free and new methods */
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_PRE) {
+                *pval = (ASN1_VALUE *)RSA_new();
+                if(*pval) return 2;
+                return 0;
+        } else if(operation == ASN1_OP_FREE_PRE) {
+                RSA_free((RSA *)*pval);
+                *pval = NULL;
+                return 2;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
+        ASN1_SIMPLE(RSA, version, LONG),
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+        ASN1_SIMPLE(RSA, d, BIGNUM),
+        ASN1_SIMPLE(RSA, p, BIGNUM),
+        ASN1_SIMPLE(RSA, q, BIGNUM),
+        ASN1_SIMPLE(RSA, dmp1, BIGNUM),
+        ASN1_SIMPLE(RSA, dmq1, BIGNUM),
+        ASN1_SIMPLE(RSA, iqmp, BIGNUM)
+} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
+
+
+ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
+
+RSA *RSAPublicKey_dup(RSA *rsa)
+        {
+        return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+        }
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+        {
+        return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
new file mode 100644
index 0000000000..002f2cb487
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -0,0 +1,184 @@
+/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+
+int RSA_check_key(const RSA *key)
+        {
+        BIGNUM *i, *j, *k, *l, *m;
+        BN_CTX *ctx;
+        int r;
+        int ret=1;
+        
+        i = BN_new();
+        j = BN_new();
+        k = BN_new();
+        l = BN_new();
+        m = BN_new();
+        ctx = BN_CTX_new();
+        if (i == NULL || j == NULL || k == NULL || l == NULL ||
+                m == NULL || ctx == NULL)
+                {
+                ret = -1;
+                RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        /* p prime? */
+        r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
+        if (r != 1)
+                {
+                ret = r;
+                if (r != 0)
+                        goto err;
+                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+                }
+        
+        /* q prime? */
+        r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
+        if (r != 1)
+                {
+                ret = r;
+                if (r != 0)
+                        goto err;
+                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+                }
+        
+        /* n = p*q? */
+        r = BN_mul(i, key->p, key->q, ctx);
+        if (!r) { ret = -1; goto err; }
+        
+        if (BN_cmp(i, key->n) != 0)
+                {
+                ret = 0;
+                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+                }
+        
+        /* d*e = 1  mod lcm(p-1,q-1)? */
+
+        r = BN_sub(i, key->p, BN_value_one());
+        if (!r) { ret = -1; goto err; }
+        r = BN_sub(j, key->q, BN_value_one());
+        if (!r) { ret = -1; goto err; }
+
+        /* now compute k = lcm(i,j) */
+        r = BN_mul(l, i, j, ctx);
+        if (!r) { ret = -1; goto err; }
+        r = BN_gcd(m, i, j, ctx);
+        if (!r) { ret = -1; goto err; }
+        r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+        if (!r) { ret = -1; goto err; }
+
+        r = BN_mod_mul(i, key->d, key->e, k, ctx);
+        if (!r) { ret = -1; goto err; }
+
+        if (!BN_is_one(i))
+                {
+                ret = 0;
+                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+                }
+        
+        if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
+                {
+                /* dmp1 = d mod (p-1)? */
+                r = BN_sub(i, key->p, BN_value_one());
+                if (!r) { ret = -1; goto err; }
+
+                r = BN_mod(j, key->d, i, ctx);
+                if (!r) { ret = -1; goto err; }
+
+                if (BN_cmp(j, key->dmp1) != 0)
+                        {
+                        ret = 0;
+                        RSAerr(RSA_F_RSA_CHECK_KEY,
+                                RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+                        }
+        
+                /* dmq1 = d mod (q-1)? */    
+                r = BN_sub(i, key->q, BN_value_one());
+                if (!r) { ret = -1; goto err; }
+        
+                r = BN_mod(j, key->d, i, ctx);
+                if (!r) { ret = -1; goto err; }
+
+                if (BN_cmp(j, key->dmq1) != 0)
+                        {
+                        ret = 0;
+                        RSAerr(RSA_F_RSA_CHECK_KEY,
+                                RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+                        }
+        
+                /* iqmp = q^-1 mod p? */
+                if(!BN_mod_inverse(i, key->q, key->p, ctx))
+                        {
+                        ret = -1;
+                        goto err;
+                        }
+
+                if (BN_cmp(i, key->iqmp) != 0)
+                        {
+                        ret = 0;
+                        RSAerr(RSA_F_RSA_CHECK_KEY,
+                                RSA_R_IQMP_NOT_INVERSE_OF_Q);
+                        }
+                }
+
+ err:
+        if (i != NULL) BN_free(i);
+        if (j != NULL) BN_free(j);
+        if (k != NULL) BN_free(k);
+        if (l != NULL) BN_free(l);
+        if (m != NULL) BN_free(m);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return (ret);
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
new file mode 100644
index 0000000000..d4caab3f95
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -0,0 +1,727 @@
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_eay_meth={
+        "Eric Young's PKCS#1 RSA",
+        RSA_eay_public_encrypt,
+        RSA_eay_public_decrypt, /* signature verification */
+        RSA_eay_private_encrypt, /* signing */
+        RSA_eay_private_decrypt,
+        RSA_eay_mod_exp,
+        BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
+        RSA_eay_init,
+        RSA_eay_finish,
+        0, /* flags */
+        NULL,
+        0, /* rsa_sign */
+        0  /* rsa_verify */
+        };
+
+const RSA_METHOD *RSA_PKCS1_SSLeay(void)
+        {
+        return(&rsa_pkcs1_eay_meth);
+        }
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        BIGNUM f,ret;
+        int i,j,k,num=0,r= -1;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+
+        BN_init(&f);
+        BN_init(&ret);
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        num=BN_num_bytes(rsa->n);
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        switch (padding)
+                {
+        case RSA_PKCS1_PADDING:
+                i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
+                break;
+#ifndef OPENSSL_NO_SHA
+        case RSA_PKCS1_OAEP_PADDING:
+                i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
+                break;
+#endif
+        case RSA_SSLV23_PADDING:
+                i=RSA_padding_add_SSLv23(buf,num,from,flen);
+                break;
+        case RSA_NO_PADDING:
+                i=RSA_padding_add_none(buf,num,from,flen);
+                break;
+        default:
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+                goto err;
+                }
+        if (i <= 0) goto err;
+
+        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+        
+        if (BN_ucmp(&f, rsa->n) >= 0)
+                {       
+                /* usually the padding functions would catch this */
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                goto err;
+                }
+
+        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+                {
+                BN_MONT_CTX* bn_mont_ctx;
+                if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+                        goto err;
+                if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+                        {
+                        BN_MONT_CTX_free(bn_mont_ctx);
+                        goto err;
+                        }
+                if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+                        {
+                        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+                        if (rsa->_method_mod_n == NULL)
+                                {
+                                rsa->_method_mod_n = bn_mont_ctx;
+                                bn_mont_ctx = NULL;
+                                }
+                        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+                        }
+                if (bn_mont_ctx)
+                        BN_MONT_CTX_free(bn_mont_ctx);
+                }
+                
+        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+                rsa->_method_mod_n)) goto err;
+
+        /* put in leading 0 bytes if the number is less than the
+         * length of the modulus */
+        j=BN_num_bytes(&ret);
+        i=BN_bn2bin(&ret,&(to[num-j]));
+        for (k=0; k<(num-i); k++)
+                to[k]=0;
+
+        r=num;
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_clear_free(&f);
+        BN_clear_free(&ret);
+        if (buf != NULL) 
+                {
+                OPENSSL_cleanse(buf,num);
+                OPENSSL_free(buf);
+                }
+        return(r);
+        }
+
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
+        {
+        int ret = 1;
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        /* Check again inside the lock - the macro's check is racey */
+        if(rsa->blinding == NULL)
+                ret = RSA_blinding_on(rsa, ctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        return ret;
+        }
+
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+        do { \
+                if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
+                    ((rsa)->blinding == NULL) && \
+                    !rsa_eay_blinding(rsa, ctx)) \
+                    err_instr \
+        } while(0)
+
+static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
+        {
+        BIGNUM *A, *Ai;
+        BN_BLINDING *ret = NULL;
+
+        /* added in OpenSSL 0.9.6j and 0.9.7b */
+
+        /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
+         * this should be placed in a new function of its own, but for reasons
+         * of binary compatibility can't */
+
+        BN_CTX_start(ctx);
+        A = BN_CTX_get(ctx);
+        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+                {
+                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+                }
+        else
+                {
+                if (!BN_rand_range(A,rsa->n)) goto err;
+                }
+        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
+
+        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+                goto err;
+        ret = BN_BLINDING_new(A,Ai,rsa->n);
+        BN_free(Ai);
+err:
+        BN_CTX_end(ctx);
+        return ret;
+        }
+
+/* signing */
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        BIGNUM f,ret;
+        int i,j,k,num=0,r= -1;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+        int local_blinding = 0;
+        BN_BLINDING *blinding = NULL;
+
+        BN_init(&f);
+        BN_init(&ret);
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        num=BN_num_bytes(rsa->n);
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                {
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        switch (padding)
+                {
+        case RSA_PKCS1_PADDING:
+                i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
+                break;
+        case RSA_NO_PADDING:
+                i=RSA_padding_add_none(buf,num,from,flen);
+                break;
+        case RSA_SSLV23_PADDING:
+        default:
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+                goto err;
+                }
+        if (i <= 0) goto err;
+
+        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+        
+        if (BN_ucmp(&f, rsa->n) >= 0)
+                {       
+                /* usually the padding functions would catch this */
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                goto err;
+                }
+
+        BLINDING_HELPER(rsa, ctx, goto err;);
+        blinding = rsa->blinding;
+        
+        /* Now unless blinding is disabled, 'blinding' is non-NULL.
+         * But the BN_BLINDING object may be owned by some other thread
+         * (we don't want to keep it constant and we don't want to use
+         * lots of locking to avoid race conditions, so only a single
+         * thread can use it; other threads have to use local blinding
+         * factors) */
+        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+                {
+                if (blinding == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                }
+        
+        if (blinding != NULL)
+                {
+                if (blinding->thread_id != CRYPTO_thread_id())
+                        {
+                        /* we need a local one-time blinding factor */
+
+                        blinding = setup_blinding(rsa, ctx);
+                        if (blinding == NULL)
+                                goto err;
+                        local_blinding = 1;
+                        }
+                }
+
+        if (blinding)
+                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
+
+        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+                ((rsa->p != NULL) &&
+                (rsa->q != NULL) &&
+                (rsa->dmp1 != NULL) &&
+                (rsa->dmq1 != NULL) &&
+                (rsa->iqmp != NULL)) )
+                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+        else
+                {
+                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+                }
+
+        if (blinding)
+                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+
+        /* put in leading 0 bytes if the number is less than the
+         * length of the modulus */
+        j=BN_num_bytes(&ret);
+        i=BN_bn2bin(&ret,&(to[num-j]));
+        for (k=0; k<(num-i); k++)
+                to[k]=0;
+
+        r=num;
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_clear_free(&ret);
+        BN_clear_free(&f);
+        if (local_blinding)
+                BN_BLINDING_free(blinding);
+        if (buf != NULL)
+                {
+                OPENSSL_cleanse(buf,num);
+                OPENSSL_free(buf);
+                }
+        return(r);
+        }
+
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        BIGNUM f,ret;
+        int j,num=0,r= -1;
+        unsigned char *p;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+        int local_blinding = 0;
+        BN_BLINDING *blinding = NULL;
+
+        BN_init(&f);
+        BN_init(&ret);
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+
+        num=BN_num_bytes(rsa->n);
+
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+                {
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        /* This check was for equality but PGP does evil things
+         * and chops off the top '0' bytes */
+        if (flen > num)
+                {
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+                goto err;
+                }
+
+        /* make data into a big number */
+        if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
+
+        if (BN_ucmp(&f, rsa->n) >= 0)
+                {
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                goto err;
+                }
+
+        BLINDING_HELPER(rsa, ctx, goto err;);
+        blinding = rsa->blinding;
+        
+        /* Now unless blinding is disabled, 'blinding' is non-NULL.
+         * But the BN_BLINDING object may be owned by some other thread
+         * (we don't want to keep it constant and we don't want to use
+         * lots of locking to avoid race conditions, so only a single
+         * thread can use it; other threads have to use local blinding
+         * factors) */
+        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+                {
+                if (blinding == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                }
+        
+        if (blinding != NULL)
+                {
+                if (blinding->thread_id != CRYPTO_thread_id())
+                        {
+                        /* we need a local one-time blinding factor */
+
+                        blinding = setup_blinding(rsa, ctx);
+                        if (blinding == NULL)
+                                goto err;
+                        local_blinding = 1;
+                        }
+                }
+
+        if (blinding)
+                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
+
+        /* do the decrypt */
+        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+                ((rsa->p != NULL) &&
+                (rsa->q != NULL) &&
+                (rsa->dmp1 != NULL) &&
+                (rsa->dmq1 != NULL) &&
+                (rsa->iqmp != NULL)) )
+                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+        else
+                {
+                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+                        goto err;
+                }
+
+        if (blinding)
+                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+
+        p=buf;
+        j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
+
+        switch (padding)
+                {
+        case RSA_PKCS1_PADDING:
+                r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
+                break;
+#ifndef OPENSSL_NO_SHA
+        case RSA_PKCS1_OAEP_PADDING:
+                r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
+                break;
+#endif
+        case RSA_SSLV23_PADDING:
+                r=RSA_padding_check_SSLv23(to,num,buf,j,num);
+                break;
+        case RSA_NO_PADDING:
+                r=RSA_padding_check_none(to,num,buf,j,num);
+                break;
+        default:
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+                goto err;
+                }
+        if (r < 0)
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_clear_free(&f);
+        BN_clear_free(&ret);
+        if (local_blinding)
+                BN_BLINDING_free(blinding);
+        if (buf != NULL)
+                {
+                OPENSSL_cleanse(buf,num);
+                OPENSSL_free(buf);
+                }
+        return(r);
+        }
+
+/* signature verification */
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        BIGNUM f,ret;
+        int i,num=0,r= -1;
+        unsigned char *p;
+        unsigned char *buf=NULL;
+        BN_CTX *ctx=NULL;
+
+        BN_init(&f);
+        BN_init(&ret);
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+
+        num=BN_num_bytes(rsa->n);
+        buf=(unsigned char *)OPENSSL_malloc(num);
+        if (buf == NULL)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        /* This check was for equality but PGP does evil things
+         * and chops off the top '0' bytes */
+        if (flen > num)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
+                goto err;
+                }
+
+        if (BN_bin2bn(from,flen,&f) == NULL) goto err;
+
+        if (BN_ucmp(&f, rsa->n) >= 0)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+                goto err;
+                }
+
+        /* do the decrypt */
+        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+                {
+                BN_MONT_CTX* bn_mont_ctx;
+                if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+                        goto err;
+                if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+                        {
+                        BN_MONT_CTX_free(bn_mont_ctx);
+                        goto err;
+                        }
+                if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+                        {
+                        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+                        if (rsa->_method_mod_n == NULL)
+                                {
+                                rsa->_method_mod_n = bn_mont_ctx;
+                                bn_mont_ctx = NULL;
+                                }
+                        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+                        }
+                if (bn_mont_ctx)
+                        BN_MONT_CTX_free(bn_mont_ctx);
+                }
+                
+        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+                rsa->_method_mod_n)) goto err;
+
+        p=buf;
+        i=BN_bn2bin(&ret,p);
+
+        switch (padding)
+                {
+        case RSA_PKCS1_PADDING:
+                r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
+                break;
+        case RSA_NO_PADDING:
+                r=RSA_padding_check_none(to,num,buf,i,num);
+                break;
+        default:
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
+                goto err;
+                }
+        if (r < 0)
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
+
+err:
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_clear_free(&f);
+        BN_clear_free(&ret);
+        if (buf != NULL)
+                {
+                OPENSSL_cleanse(buf,num);
+                OPENSSL_free(buf);
+                }
+        return(r);
+        }
+
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BIGNUM r1,m1,vrfy;
+        int ret=0;
+        BN_CTX *ctx;
+
+        BN_init(&m1);
+        BN_init(&r1);
+        BN_init(&vrfy);
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+                {
+                if (rsa->_method_mod_p == NULL)
+                        {
+                        BN_MONT_CTX* bn_mont_ctx;
+                        if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+                                goto err;
+                        if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
+                                {
+                                BN_MONT_CTX_free(bn_mont_ctx);
+                                goto err;
+                                }
+                        if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
+                                {
+                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+                                if (rsa->_method_mod_p == NULL)
+                                        {
+                                        rsa->_method_mod_p = bn_mont_ctx;
+                                        bn_mont_ctx = NULL;
+                                        }
+                                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+                                }
+                        if (bn_mont_ctx)
+                                BN_MONT_CTX_free(bn_mont_ctx);
+                        }
+
+                if (rsa->_method_mod_q == NULL)
+                        {
+                        BN_MONT_CTX* bn_mont_ctx;
+                        if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+                                goto err;
+                        if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
+                                {
+                                BN_MONT_CTX_free(bn_mont_ctx);
+                                goto err;
+                                }
+                        if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
+                                {
+                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+                                if (rsa->_method_mod_q == NULL)
+                                        {
+                                        rsa->_method_mod_q = bn_mont_ctx;
+                                        bn_mont_ctx = NULL;
+                                        }
+                                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+                                }
+                        if (bn_mont_ctx)
+                                BN_MONT_CTX_free(bn_mont_ctx);
+                        }
+                }
+                
+        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
+        if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+                rsa->_method_mod_q)) goto err;
+
+        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
+        if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+                rsa->_method_mod_p)) goto err;
+
+        if (!BN_sub(r0,r0,&m1)) goto err;
+        /* This will help stop the size of r0 increasing, which does
+         * affect the multiply if it optimised for a power of 2 size */
+        if (r0->neg)
+                if (!BN_add(r0,r0,rsa->p)) goto err;
+
+        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
+        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+        /* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r0 is negative above to leave the result still
+         * negative. This can break the private key operations: the following
+         * second correction should *always* correct this rare occurrence.
+         * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+        if (r0->neg)
+                if (!BN_add(r0,r0,rsa->p)) goto err;
+        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
+        if (!BN_add(r0,&r1,&m1)) goto err;
+
+        if (rsa->e && rsa->n)
+                {
+                if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+                /* If 'I' was greater than (or equal to) rsa->n, the operation
+                 * will be equivalent to using 'I mod n'. However, the result of
+                 * the verify will *always* be less than 'n' so we don't check
+                 * for absolute equality, just congruency. */
+                if (!BN_sub(&vrfy, &vrfy, I)) goto err;
+                if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
+                if (vrfy.neg)
+                        if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
+                if (!BN_is_zero(&vrfy))
+                        /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
+                         * miscalculated CRT output, just do a raw (slower)
+                         * mod_exp and return that instead. */
+                        if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+                }
+        ret=1;
+err:
+        BN_clear_free(&m1);
+        BN_clear_free(&r1);
+        BN_clear_free(&vrfy);
+        BN_CTX_free(ctx);
+        return(ret);
+        }
+
+static int RSA_eay_init(RSA *rsa)
+        {
+        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+        return(1);
+        }
+
+static int RSA_eay_finish(RSA *rsa)
+        {
+        if (rsa->_method_mod_n != NULL)
+                BN_MONT_CTX_free(rsa->_method_mod_n);
+        if (rsa->_method_mod_p != NULL)
+                BN_MONT_CTX_free(rsa->_method_mod_p);
+        if (rsa->_method_mod_q != NULL)
+                BN_MONT_CTX_free(rsa->_method_mod_q);
+        return(1);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
new file mode 100644
index 0000000000..a7766c3b76
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -0,0 +1,149 @@
+/* crypto/rsa/rsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA RSA_str_functs[]=
+        {
+{ERR_PACK(0,RSA_F_MEMORY_LOCK,0),       "MEMORY_LOCK"},
+{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0),     "RSA_check_key"},
+{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0),   "RSA_EAY_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0),   "RSA_EAY_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0),    "RSA_EAY_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0),    "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0),  "RSA_generate_key"},
+{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0),    "RSA_new_method"},
+{ERR_PACK(0,RSA_F_RSA_NULL,0),  "RSA_NULL"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0),      "RSA_padding_add_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0),        "RSA_padding_add_PKCS1_OAEP"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0),      "RSA_padding_add_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0),      "RSA_padding_add_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0),    "RSA_padding_add_SSLv23"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0),    "RSA_padding_check_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0),      "RSA_padding_check_PKCS1_OAEP"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0),    "RSA_padding_check_PKCS1_type_1"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0),    "RSA_padding_check_PKCS1_type_2"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0),  "RSA_padding_check_SSLv23"},
+{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"},
+{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0),      "RSA_print_fp"},
+{ERR_PACK(0,RSA_F_RSA_SIGN,0),  "RSA_sign"},
+{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0),        "RSA_sign_ASN1_OCTET_STRING"},
+{ERR_PACK(0,RSA_F_RSA_VERIFY,0),        "RSA_verify"},
+{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0),      "RSA_verify_ASN1_OCTET_STRING"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA RSA_str_reasons[]=
+        {
+{RSA_R_ALGORITHM_MISMATCH                ,"algorithm mismatch"},
+{RSA_R_BAD_E_VALUE                       ,"bad e value"},
+{RSA_R_BAD_FIXED_HEADER_DECRYPT          ,"bad fixed header decrypt"},
+{RSA_R_BAD_PAD_BYTE_COUNT                ,"bad pad byte count"},
+{RSA_R_BAD_SIGNATURE                     ,"bad signature"},
+{RSA_R_BLOCK_TYPE_IS_NOT_01              ,"block type is not 01"},
+{RSA_R_BLOCK_TYPE_IS_NOT_02              ,"block type is not 02"},
+{RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
+{RSA_R_DATA_TOO_LARGE                    ,"data too large"},
+{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{RSA_R_DATA_TOO_LARGE_FOR_MODULUS        ,"data too large for modulus"},
+{RSA_R_DATA_TOO_SMALL                    ,"data too small"},
+{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE       ,"data too small for key size"},
+{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
+{RSA_R_DMP1_NOT_CONGRUENT_TO_D           ,"dmp1 not congruent to d"},
+{RSA_R_DMQ1_NOT_CONGRUENT_TO_D           ,"dmq1 not congruent to d"},
+{RSA_R_D_E_NOT_CONGRUENT_TO_1            ,"d e not congruent to 1"},
+{RSA_R_INVALID_MESSAGE_LENGTH            ,"invalid message length"},
+{RSA_R_IQMP_NOT_INVERSE_OF_Q             ,"iqmp not inverse of q"},
+{RSA_R_KEY_SIZE_TOO_SMALL                ,"key size too small"},
+{RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+{RSA_R_N_DOES_NOT_EQUAL_P_Q              ,"n does not equal p q"},
+{RSA_R_OAEP_DECODING_ERROR               ,"oaep decoding error"},
+{RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
+{RSA_R_P_NOT_PRIME                       ,"p not prime"},
+{RSA_R_Q_NOT_PRIME                       ,"q not prime"},
+{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED      ,"rsa operations not supported"},
+{RSA_R_SSLV3_ROLLBACK_ATTACK             ,"sslv3 rollback attack"},
+{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
+{RSA_R_UNKNOWN_ALGORITHM_TYPE            ,"unknown algorithm type"},
+{RSA_R_UNKNOWN_PADDING_TYPE              ,"unknown padding type"},
+{RSA_R_WRONG_SIGNATURE_LENGTH            ,"wrong signature length"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_RSA_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
+                ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
new file mode 100644
index 0000000000..adb5e34da5
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -0,0 +1,200 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifndef OPENSSL_FIPS
+
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+             void (*callback)(int,int,void *), void *cb_arg)
+        {
+        RSA *rsa=NULL;
+        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
+        int bitsp,bitsq,ok= -1,n=0,i;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        ctx2=BN_CTX_new();
+        if (ctx2 == NULL) goto err;
+        BN_CTX_start(ctx);
+        r0 = BN_CTX_get(ctx);
+        r1 = BN_CTX_get(ctx);
+        r2 = BN_CTX_get(ctx);
+        r3 = BN_CTX_get(ctx);
+        if (r3 == NULL) goto err;
+
+        bitsp=(bits+1)/2;
+        bitsq=bits-bitsp;
+        rsa=RSA_new();
+        if (rsa == NULL) goto err;
+
+        /* set e */ 
+        rsa->e=BN_new();
+        if (rsa->e == NULL) goto err;
+
+#if 1
+        /* The problem is when building with 8, 16, or 32 BN_ULONG,
+         * unsigned long can be larger */
+        for (i=0; i<sizeof(unsigned long)*8; i++)
+                {
+                if (e_value & (1UL<<i))
+                        BN_set_bit(rsa->e,i);
+                }
+#else
+        if (!BN_set_word(rsa->e,e_value)) goto err;
+#endif
+
+        /* generate p and q */
+        for (;;)
+                {
+                rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
+                if (rsa->p == NULL) goto err;
+                if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
+                if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
+                if (BN_is_one(r1)) break;
+                if (callback != NULL) callback(2,n++,cb_arg);
+                BN_free(rsa->p);
+                }
+        if (callback != NULL) callback(3,0,cb_arg);
+        for (;;)
+                {
+                rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
+                if (rsa->q == NULL) goto err;
+                if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
+                if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
+                if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
+                        break;
+                if (callback != NULL) callback(2,n++,cb_arg);
+                BN_free(rsa->q);
+                }
+        if (callback != NULL) callback(3,1,cb_arg);
+        if (BN_cmp(rsa->p,rsa->q) < 0)
+                {
+                tmp=rsa->p;
+                rsa->p=rsa->q;
+                rsa->q=tmp;
+                }
+
+        /* calculate n */
+        rsa->n=BN_new();
+        if (rsa->n == NULL) goto err;
+        if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
+
+        /* calculate d */
+        if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;        /* p-1 */
+        if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;        /* q-1 */
+        if (!BN_mul(r0,r1,r2,ctx)) goto err;    /* (p-1)(q-1) */
+
+/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
+/*      for (;;)
+                {
+                if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
+                if (BN_is_one(r3)) break;
+
+                if (1)
+                        {
+                        if (!BN_add_word(rsa->e,2L)) goto err;
+                        continue;
+                        }
+                RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
+                goto err;
+                }
+*/
+        rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);     /* d */
+        if (rsa->d == NULL) goto err;
+
+        /* calculate d mod (p-1) */
+        rsa->dmp1=BN_new();
+        if (rsa->dmp1 == NULL) goto err;
+        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
+
+        /* calculate d mod (q-1) */
+        rsa->dmq1=BN_new();
+        if (rsa->dmq1 == NULL) goto err;
+        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
+
+        /* calculate inverse of q mod p */
+        rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+        if (rsa->iqmp == NULL) goto err;
+
+        ok=1;
+err:
+        if (ok == -1)
+                {
+                RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
+                ok=0;
+                }
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        BN_CTX_free(ctx2);
+        
+        if (!ok)
+                {
+                if (rsa != NULL) RSA_free(rsa);
+                return(NULL);
+                }
+        else
+                return(rsa);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
new file mode 100644
index 0000000000..e4d622851e
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -0,0 +1,414 @@
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
+
+static const RSA_METHOD *default_RSA_meth=NULL;
+
+RSA *RSA_new(void)
+        {
+        RSA *r=RSA_new_method(NULL);
+
+        return r;
+        }
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+        {
+        default_RSA_meth = meth;
+        }
+
+const RSA_METHOD *RSA_get_default_method(void)
+        {
+        if (default_RSA_meth == NULL)
+                {
+#ifdef RSA_NULL
+                default_RSA_meth=RSA_null_method();
+#else
+#if 0 /* was: #ifdef RSAref */
+                default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+                default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                }
+
+        return default_RSA_meth;
+        }
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+        {
+        return rsa->meth;
+        }
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const RSA_METHOD *mtmp;
+        mtmp = rsa->meth;
+        if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+        if (rsa->engine)
+                {
+                ENGINE_finish(rsa->engine);
+                rsa->engine = NULL;
+                }
+#endif
+        rsa->meth = meth;
+        if (meth->init) meth->init(rsa);
+        return 1;
+        }
+
+RSA *RSA_new_method(ENGINE *engine)
+        {
+        RSA *ret;
+
+        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
+        if (ret == NULL)
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_RSA();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_RSA(ret->engine);
+                if(!ret->meth)
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+
+        ret->pad=0;
+        ret->version=0;
+        ret->n=NULL;
+        ret->e=NULL;
+        ret->d=NULL;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->dmp1=NULL;
+        ret->dmq1=NULL;
+        ret->iqmp=NULL;
+        ret->references=1;
+        ret->_method_mod_n=NULL;
+        ret->_method_mod_p=NULL;
+        ret->_method_mod_q=NULL;
+        ret->blinding=NULL;
+        ret->bignum_data=NULL;
+        ret->flags=ret->meth->flags;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+void RSA_free(RSA *r)
+        {
+        int i;
+
+        if (r == NULL) return;
+
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"RSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if (r->engine)
+                ENGINE_finish(r->engine);
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+        if (r->n != NULL) BN_clear_free(r->n);
+        if (r->e != NULL) BN_clear_free(r->e);
+        if (r->d != NULL) BN_clear_free(r->d);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+        OPENSSL_free(r);
+        }
+
+int RSA_up_ref(RSA *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "RSA_up_ref, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+int RSA_size(const RSA *r)
+        {
+        return(BN_num_bytes(r->n));
+        }
+
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+        }
+
+int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+        }
+
+int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+        }
+
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+        }
+
+int RSA_flags(const RSA *r)
+        {
+        return((r == NULL)?0:r->meth->flags);
+        }
+
+void RSA_blinding_off(RSA *rsa)
+        {
+        if (rsa->blinding != NULL)
+                {
+                BN_BLINDING_free(rsa->blinding);
+                rsa->blinding=NULL;
+                }
+        rsa->flags &= ~RSA_FLAG_BLINDING;
+        rsa->flags |= RSA_FLAG_NO_BLINDING;
+        }
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
+        {
+        BIGNUM *A,*Ai = NULL;
+        BN_CTX *ctx;
+        int ret=0;
+
+        if (p_ctx == NULL)
+                {
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+                }
+        else
+                ctx=p_ctx;
+
+        /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
+        if (rsa->blinding != NULL)
+                {
+                BN_BLINDING_free(rsa->blinding);
+                rsa->blinding = NULL;
+                }
+
+        /* NB: similar code appears in setup_blinding (rsa_eay.c);
+         * this should be placed in a new function of its own, but for reasons
+         * of binary compatibility can't */
+
+        BN_CTX_start(ctx);
+        A = BN_CTX_get(ctx);
+        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+                {
+                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+                }
+        else
+                {
+                if (!BN_rand_range(A,rsa->n)) goto err;
+                }
+        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
+
+        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+                goto err;
+        if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
+        /* to make things thread-safe without excessive locking,
+         * rsa->blinding will be used just by the current thread: */
+        rsa->blinding->thread_id = CRYPTO_thread_id();
+        rsa->flags |= RSA_FLAG_BLINDING;
+        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+        ret=1;
+err:
+        if (Ai != NULL) BN_free(Ai);
+        BN_CTX_end(ctx);
+        if (ctx != p_ctx) BN_CTX_free(ctx);
+        return(ret);
+        }
+
+int RSA_memory_lock(RSA *r)
+        {
+        int i,j,k,off;
+        char *p;
+        BIGNUM *bn,**t[6],*b;
+        BN_ULONG *ul;
+
+        if (r->d == NULL) return(1);
+        t[0]= &r->d;
+        t[1]= &r->p;
+        t[2]= &r->q;
+        t[3]= &r->dmp1;
+        t[4]= &r->dmq1;
+        t[5]= &r->iqmp;
+        k=sizeof(BIGNUM)*6;
+        off=k/sizeof(BN_ULONG)+1;
+        j=1;
+        for (i=0; i<6; i++)
+                j+= (*t[i])->top;
+        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+                {
+                RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        bn=(BIGNUM *)p;
+        ul=(BN_ULONG *)&(p[off]);
+        for (i=0; i<6; i++)
+                {
+                b= *(t[i]);
+                *(t[i])= &(bn[i]);
+                memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+                bn[i].flags=BN_FLG_STATIC_DATA;
+                bn[i].d=ul;
+                memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+                ul+=b->top;
+                BN_clear_free(b);
+                }
+        
+        /* I should fix this so it can still be done */
+        r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+
+        r->bignum_data=p;
+        return(1);
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c
new file mode 100644
index 0000000000..e6f3e627ca
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_none.c
@@ -0,0 +1,98 @@
+/* crypto/rsa/rsa_none.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_none(unsigned char *to, int tlen,
+        const unsigned char *from, int flen)
+        {
+        if (flen > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+
+        if (flen < tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        memcpy(to,from,(unsigned int)flen);
+        return(1);
+        }
+
+int RSA_padding_check_none(unsigned char *to, int tlen,
+        const unsigned char *from, int flen, int num)
+        {
+
+        if (flen > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
+
+        memset(to,0,tlen-flen);
+        memcpy(to+tlen-flen,from,flen);
+        return(tlen);
+        }
+
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
new file mode 100644
index 0000000000..e3f7c608ec
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -0,0 +1,206 @@
+/* crypto/rsa/rsa_oaep.c */
+/* Written by Ulf Moeller. This software is distributed on an "AS IS"
+   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
+
+/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
+ * <URL: http://www.shoup.net/papers/oaep.ps.Z>
+ * for problems with the security proof for the
+ * original OAEP scheme, which EME-OAEP is based on.
+ * 
+ * A new proof can be found in E. Fujisaki, T. Okamoto,
+ * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
+ * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
+ * The new proof has stronger requirements for the
+ * underlying permutation: "partial-one-wayness" instead
+ * of one-wayness.  For the RSA function, this is
+ * an equivalent notion.
+ */
+
+
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+int MGF1(unsigned char *mask, long len,
+        const unsigned char *seed, long seedlen);
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+        const unsigned char *from, int flen,
+        const unsigned char *param, int plen)
+        {
+        int i, emlen = tlen - 1;
+        unsigned char *db, *seed;
+        unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+
+        if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+                   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return 0;
+                }
+
+        if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+                return 0;
+                }
+
+        dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+        if (dbmask == NULL)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+
+        to[0] = 0;
+        seed = to + 1;
+        db = to + SHA_DIGEST_LENGTH + 1;
+
+        EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
+        memset(db + SHA_DIGEST_LENGTH, 0,
+                emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+        db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+        memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
+        if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+                return 0;
+#ifdef PKCS_TESTVECT
+        memcpy(seed,
+           "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+           20);
+#endif
+
+        MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+        for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+                db[i] ^= dbmask[i];
+
+        MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+                seed[i] ^= seedmask[i];
+
+        OPENSSL_free(dbmask);
+        return 1;
+        }
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+        const unsigned char *from, int flen, int num,
+        const unsigned char *param, int plen)
+        {
+        int i, dblen, mlen = -1;
+        const unsigned char *maskeddb;
+        int lzero;
+        unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+        int bad = 0;
+
+        if (--num < 2 * SHA_DIGEST_LENGTH + 1)
+                /* 'num' is the length of the modulus, i.e. does not depend on the
+                 * particular ciphertext. */
+                goto decoding_err;
+
+        lzero = num - flen;
+        if (lzero < 0)
+                {
+                /* lzero == -1 */
+
+                /* signalling this error immediately after detection might allow
+                 * for side-channel attacks (e.g. timing if 'plen' is huge
+                 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
+                 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
+                 * so we use a 'bad' flag */
+                bad = 1;
+                lzero = 0;
+                }
+        maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+
+        dblen = num - SHA_DIGEST_LENGTH;
+        db = OPENSSL_malloc(dblen);
+        if (db == NULL)
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+                return -1;
+                }
+
+        MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+        for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
+                seed[i] ^= from[i - lzero];
+  
+        MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+        for (i = 0; i < dblen; i++)
+                db[i] ^= maskeddb[i];
+
+        EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+
+        if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+                goto decoding_err;
+        else
+                {
+                for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+                        if (db[i] != 0x00)
+                                break;
+                if (db[i] != 0x01 || i++ >= dblen)
+                        goto decoding_err;
+                else
+                        {
+                        /* everything looks OK */
+
+                        mlen = dblen - i;
+                        if (tlen < mlen)
+                                {
+                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+                                mlen = -1;
+                                }
+                        else
+                                memcpy(to, db + i, mlen);
+                        }
+                }
+        OPENSSL_free(db);
+        return mlen;
+
+decoding_err:
+        /* to avoid chosen ciphertext attacks, the error message should not reveal
+         * which kind of decoding error happened */
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+        if (db != NULL) OPENSSL_free(db);
+        return -1;
+        }
+
+int MGF1(unsigned char *mask, long len,
+        const unsigned char *seed, long seedlen)
+        {
+        long i, outlen = 0;
+        unsigned char cnt[4];
+        EVP_MD_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        EVP_MD_CTX_init(&c);
+        for (i = 0; outlen < len; i++)
+                {
+                cnt[0] = (unsigned char)((i >> 24) & 255);
+                cnt[1] = (unsigned char)((i >> 16) & 255);
+                cnt[2] = (unsigned char)((i >> 8)) & 255;
+                cnt[3] = (unsigned char)(i & 255);
+                EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+                EVP_DigestUpdate(&c, seed, seedlen);
+                EVP_DigestUpdate(&c, cnt, 4);
+                if (outlen + SHA_DIGEST_LENGTH <= len)
+                        {
+                        EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+                        outlen += SHA_DIGEST_LENGTH;
+                        }
+                else
+                        {
+                        EVP_DigestFinal_ex(&c, md, NULL);
+                        memcpy(mask + outlen, md, len - outlen);
+                        outlen = len;
+                        }
+                }
+        EVP_MD_CTX_cleanup(&c);
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
new file mode 100644
index 0000000000..8560755f1d
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -0,0 +1,224 @@
+/* crypto/rsa/rsa_pk1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+             const unsigned char *from, int flen)
+        {
+        int j;
+        unsigned char *p;
+
+        if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        p=(unsigned char *)to;
+
+        *(p++)=0;
+        *(p++)=1; /* Private Key BT (Block Type) */
+
+        /* pad out with 0xff data */
+        j=tlen-3-flen;
+        memset(p,0xff,j);
+        p+=j;
+        *(p++)='\0';
+        memcpy(p,from,(unsigned int)flen);
+        return(1);
+        }
+
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+             const unsigned char *from, int flen, int num)
+        {
+        int i,j;
+        const unsigned char *p;
+
+        p=from;
+        if ((num != (flen+1)) || (*(p++) != 01))
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
+                return(-1);
+                }
+
+        /* scan over padding data */
+        j=flen-1; /* one for type. */
+        for (i=0; i<j; i++)
+                {
+                if (*p != 0xff) /* should decrypt to 0xff */
+                        {
+                        if (*p == 0)
+                                { p++; break; }
+                        else    {
+                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
+                                return(-1);
+                                }
+                        }
+                p++;
+                }
+
+        if (i == j)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                return(-1);
+                }
+
+        if (i < 8)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
+                return(-1);
+                }
+        i++; /* Skip over the '\0' */
+        j-=i;
+        if (j > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
+        memcpy(to,p,(unsigned int)j);
+
+        return(j);
+        }
+
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+             const unsigned char *from, int flen)
+        {
+        int i,j;
+        unsigned char *p;
+        
+        if (flen > (tlen-11))
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        p=(unsigned char *)to;
+
+        *(p++)=0;
+        *(p++)=2; /* Public Key BT (Block Type) */
+
+        /* pad out with non-zero random data */
+        j=tlen-3-flen;
+
+        if (RAND_bytes(p,j) <= 0)
+                return(0);
+        for (i=0; i<j; i++)
+                {
+                if (*p == '\0')
+                        do      {
+                                if (RAND_bytes(p,1) <= 0)
+                                        return(0);
+                                } while (*p == '\0');
+                p++;
+                }
+
+        *(p++)='\0';
+
+        memcpy(p,from,(unsigned int)flen);
+        return(1);
+        }
+
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+             const unsigned char *from, int flen, int num)
+        {
+        int i,j;
+        const unsigned char *p;
+
+        p=from;
+        if ((num != (flen+1)) || (*(p++) != 02))
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
+                return(-1);
+                }
+#ifdef PKCS1_CHECK
+        return(num-11);
+#endif
+
+        /* scan over padding data */
+        j=flen-1; /* one for type. */
+        for (i=0; i<j; i++)
+                if (*(p++) == 0) break;
+
+        if (i == j)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                return(-1);
+                }
+
+        if (i < 8)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
+                return(-1);
+                }
+        i++; /* Skip over the '\0' */
+        j-=i;
+        if (j > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
+        memcpy(to,p,(unsigned int)j);
+
+        return(j);
+        }
+
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
new file mode 100644
index 0000000000..24fc94835e
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -0,0 +1,149 @@
+/* crypto/rsa/rsa_saos.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int RSA_sign_ASN1_OCTET_STRING(int type,
+        const unsigned char *m, unsigned int m_len,
+        unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+        {
+        ASN1_OCTET_STRING sig;
+        int i,j,ret=1;
+        unsigned char *p,*s;
+
+        sig.type=V_ASN1_OCTET_STRING;
+        sig.length=m_len;
+        sig.data=(unsigned char *)m;
+
+        i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+        j=RSA_size(rsa);
+        if (i > (j-RSA_PKCS1_PADDING_SIZE))
+                {
+                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                return(0);
+                }
+        s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        p=s;
+        i2d_ASN1_OCTET_STRING(&sig,&p);
+        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+        if (i <= 0)
+                ret=0;
+        else
+                *siglen=i;
+
+        OPENSSL_cleanse(s,(unsigned int)j+1);
+        OPENSSL_free(s);
+        return(ret);
+        }
+
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+        const unsigned char *m,
+        unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+        RSA *rsa)
+        {
+        int i,ret=0;
+        unsigned char *p,*s;
+        ASN1_OCTET_STRING *sig=NULL;
+
+        if (siglen != (unsigned int)RSA_size(rsa))
+                {
+                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);
+                return(0);
+                }
+
+        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+
+        if (i <= 0) goto err;
+
+        p=s;
+        sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);
+        if (sig == NULL) goto err;
+
+        if (    ((unsigned int)sig->length != m_len) ||
+                (memcmp(m,sig->data,m_len) != 0))
+                {
+                RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);
+                }
+        else
+                ret=1;
+err:
+        if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+        if (s != NULL)
+                {
+                OPENSSL_cleanse(s,(unsigned int)siglen);
+                OPENSSL_free(s);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
new file mode 100644
index 0000000000..cee09eccb1
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -0,0 +1,232 @@
+/* crypto/rsa/rsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+/* Size of an SSL signature: MD5+SHA1 */
+#define SSL_SIG_LENGTH  36
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+        {
+        X509_SIG sig;
+        ASN1_TYPE parameter;
+        int i,j,ret=1;
+        unsigned char *p, *tmps = NULL;
+        const unsigned char *s = NULL;
+        X509_ALGOR algor;
+        ASN1_OCTET_STRING digest;
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
+                {
+                return rsa->meth->rsa_sign(type, m, m_len,
+                        sigret, siglen, rsa);
+                }
+        /* Special case: SSL signature, just check the length */
+        if(type == NID_md5_sha1) {
+                if(m_len != SSL_SIG_LENGTH) {
+                        RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
+                        return(0);
+                }
+                i = SSL_SIG_LENGTH;
+                s = m;
+        } else {
+                sig.algor= &algor;
+                sig.algor->algorithm=OBJ_nid2obj(type);
+                if (sig.algor->algorithm == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        return(0);
+                        }
+                if (sig.algor->algorithm->length == 0)
+                        {
+                        RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        return(0);
+                        }
+                parameter.type=V_ASN1_NULL;
+                parameter.value.ptr=NULL;
+                sig.algor->parameter= &parameter;
+
+                sig.digest= &digest;
+                sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
+                sig.digest->length=m_len;
+
+                i=i2d_X509_SIG(&sig,NULL);
+        }
+        j=RSA_size(rsa);
+        if (i > (j-RSA_PKCS1_PADDING_SIZE))
+                {
+                RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                return(0);
+                }
+        if(type != NID_md5_sha1) {
+                tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
+                if (tmps == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                        }
+                p=tmps;
+                i2d_X509_SIG(&sig,&p);
+                s=tmps;
+        }
+        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+        if (i <= 0)
+                ret=0;
+        else
+                *siglen=i;
+
+        if(type != NID_md5_sha1) {
+                OPENSSL_cleanse(tmps,(unsigned int)j+1);
+                OPENSSL_free(tmps);
+        }
+        return(ret);
+        }
+
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+        {
+        int i,ret=0,sigtype;
+        unsigned char *p,*s;
+        X509_SIG *sig=NULL;
+
+        if (siglen != (unsigned int)RSA_size(rsa))
+                {
+                RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+                return(0);
+                }
+
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+                {
+                return rsa->meth->rsa_verify(dtype, m, m_len,
+                        sigbuf, siglen, rsa);
+                }
+
+        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
+                        goto err;
+        }
+        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+
+        if (i <= 0) goto err;
+
+        /* Special case: SSL signature */
+        if(dtype == NID_md5_sha1) {
+                if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
+                                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                else ret = 1;
+        } else {
+                p=s;
+                sig=d2i_X509_SIG(NULL,&p,(long)i);
+
+                if (sig == NULL) goto err;
+                sigtype=OBJ_obj2nid(sig->algor->algorithm);
+
+
+        #ifdef RSA_DEBUG
+                /* put a backward compatibility flag in EAY */
+                fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
+                        OBJ_nid2ln(dtype));
+        #endif
+                if (sigtype != dtype)
+                        {
+                        if (((dtype == NID_md5) &&
+                                (sigtype == NID_md5WithRSAEncryption)) ||
+                                ((dtype == NID_md2) &&
+                                (sigtype == NID_md2WithRSAEncryption)))
+                                {
+                                /* ok, we will let it through */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+                                fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
+#endif
+                                }
+                        else
+                                {
+                                RSAerr(RSA_F_RSA_VERIFY,
+                                                RSA_R_ALGORITHM_MISMATCH);
+                                goto err;
+                                }
+                        }
+                if (    ((unsigned int)sig->digest->length != m_len) ||
+                        (memcmp(m,sig->digest->data,m_len) != 0))
+                        {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        }
+                else
+                        ret=1;
+        }
+err:
+        if (sig != NULL) X509_SIG_free(sig);
+        if (s != NULL)
+                {
+                OPENSSL_cleanse(s,(unsigned int)siglen);
+                OPENSSL_free(s);
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
new file mode 100644
index 0000000000..ea72629494
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -0,0 +1,154 @@
+/* crypto/rsa/rsa_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+        const unsigned char *from, int flen)
+        {
+        int i,j;
+        unsigned char *p;
+        
+        if (flen > (tlen-11))
+                {
+                RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+                return(0);
+                }
+        
+        p=(unsigned char *)to;
+
+        *(p++)=0;
+        *(p++)=2; /* Public Key BT (Block Type) */
+
+        /* pad out with non-zero random data */
+        j=tlen-3-8-flen;
+
+        if (RAND_bytes(p,j) <= 0)
+                return(0);
+        for (i=0; i<j; i++)
+                {
+                if (*p == '\0')
+                        do      {
+                                if (RAND_bytes(p,1) <= 0)
+                                        return(0);
+                                } while (*p == '\0');
+                p++;
+                }
+
+        memset(p,3,8);
+        p+=8;
+        *(p++)='\0';
+
+        memcpy(p,from,(unsigned int)flen);
+        return(1);
+        }
+
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+        const unsigned char *from, int flen, int num)
+        {
+        int i,j,k;
+        const unsigned char *p;
+
+        p=from;
+        if (flen < 10)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
+                return(-1);
+                }
+        if ((num != (flen+1)) || (*(p++) != 02))
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
+                return(-1);
+                }
+
+        /* scan over padding data */
+        j=flen-1; /* one for type */
+        for (i=0; i<j; i++)
+                if (*(p++) == 0) break;
+
+        if ((i == j) || (i < 8))
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
+                return(-1);
+                }
+        for (k= -8; k<0; k++)
+                {
+                if (p[k] !=  0x03) break;
+                }
+        if (k == -1)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
+                return(-1);
+                }
+
+        i++; /* Skip over the '\0' */
+        j-=i;
+        if (j > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
+        memcpy(to,p,(unsigned int)j);
+
+        return(j);
+        }
+
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
index 218bb2a39b..924e9ad1f6 100644
--- a/src/lib/libcrypto/rsa/rsa_test.c
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -227,10 +227,10 @@ int main(int argc, char *argv[])
 
     plen = sizeof(ptext_ex) - 1;
 
-    for (v = 0; v < 6; v++)
+    for (v = 0; v < 3; v++)
         {
         key = RSA_new();
-        switch (v%3) {
+        switch (v) {
     case 0:
         clen = key1(key, ctext_ex);
         break;
@@ -241,7 +241,6 @@ int main(int argc, char *argv[])
         clen = key3(key, ctext_ex);
         break;
         }
-        if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
 
         num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
                                  RSA_PKCS1_PADDING);
diff --git a/src/lib/libcrypto/sha/Makefile.ssl b/src/lib/libcrypto/sha/Makefile.ssl
new file mode 100644
index 0000000000..4ba201c787
--- /dev/null
+++ b/src/lib/libcrypto/sha/Makefile.ssl
@@ -0,0 +1,116 @@
+#
+# SSLeay/crypto/sha/Makefile
+#
+
+DIR=    sha
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+SHA1_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+
+GENERAL=Makefile
+TEST=shatest.c sha1test.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+# elf
+asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s)
+
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+        $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+        $(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
+
+asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1_one.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha_one.o: sha_one.c
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
new file mode 100644
index 0000000000..041acc0348
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-586.pl
@@ -0,0 +1,425 @@
+#!/usr/local/bin/perl
+
+# It was noted that Intel IA-32 C compiler generates code which
+# performs ~30% *faster* on P4 CPU than original *hand-coded*
+# SHA1 assembler implementation. To address this problem (and
+# prove that humans are still better than machines:-), the
+# original code was overhauled, which resulted in following
+# performance changes:
+#
+#               compared with original  compared with Intel cc
+#               assembler impl.         generated code
+# Pentium       -25%                    +37%
+# PIII/AMD      +8%                     +16%
+# P4            +85%(!)                 +45%
+#
+# As you can see Pentium came out as looser:-( Yet I reckoned that
+# improvement on P4 outweights the loss and incorporate this
+# re-tuned code to 0.9.7 and later.
+# ----------------------------------------------------------------
+# Those who for any particular reason absolutely must score on
+# Pentium can replace this module with one from 0.9.6 distribution.
+# This "offer" shall be revoked the moment programming interface to
+# this module is changed, in which case this paragraph should be
+# removed.
+# ----------------------------------------------------------------
+#                                       <appro@fy.chalmers.se>
+
+$normal=0;
+
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
+
+$A="eax";
+$B="ecx";
+$C="ebx";
+$D="edx";
+$E="edi";
+$T="esi";
+$tmp1="ebp";
+
+$off=9*4;
+
+@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);
+
+&sha1_block_data("sha1_block_asm_data_order");
+
+&asm_finish();
+
+sub Nn
+        {
+        local($p)=@_;
+        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+        return($n{$p});
+        }
+
+sub Np
+        {
+        local($p)=@_;
+        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+        local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A);
+        return($n{$p});
+        }
+
+sub Na
+        {
+        local($n)=@_;
+        return( (($n   )&0x0f),
+                (($n+ 2)&0x0f),
+                (($n+ 8)&0x0f),
+                (($n+13)&0x0f),
+                (($n+ 1)&0x0f));
+        }
+
+sub X_expand
+        {
+        local($in)=@_;
+
+        &comment("First, load the words onto the stack in network byte order");
+        for ($i=0; $i<16; $i+=2)
+                {
+                &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0;
+                 &mov($B,&DWP(($i+1)*4,$in,"",0));
+                &bswap($A);
+                 &bswap($B);
+                &mov(&swtmp($i+0),$A);
+                 &mov(&swtmp($i+1),$B);
+                }
+
+        &comment("We now have the X array on the stack");
+        &comment("starting at sp-4");
+        }
+
+# Rules of engagement
+# F is always trashable at the start, the running total.
+# E becomes the next F so it can be trashed after it has been 'accumulated'
+# F becomes A in the next round.  We don't need to access it much.
+# During the X update part, the result ends up in $X[$n0].
+
+sub BODY_00_15
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+
+        &comment("00_15 $n");
+
+        &mov($tmp1,$a);
+         &mov($f,$c);                   # f to hold F_00_19(b,c,d)
+        &rotl($tmp1,5);                 # tmp1=ROTATE(a,5)
+         &xor($f,$d);
+        &and($f,$b);
+         &rotr($b,2);                   # b=ROTATE(b,30)
+        &add($tmp1,$e);                 # tmp1+=e;
+         &mov($e,&swtmp($n));           # e becomes volatile and
+                                        # is loaded with xi
+        &xor($f,$d);                    # f holds F_00_19(b,c,d)
+         &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
+        
+        &add($f,$tmp1);                 # f+=tmp1
+        }
+
+sub BODY_16_19
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+
+        &comment("16_19 $n");
+
+        &mov($f,&swtmp($n1));           # f to hold Xupdate(xi,xa,xb,xc,xd)
+         &mov($tmp1,$c);                # tmp1 to hold F_00_19(b,c,d)
+        &xor($f,&swtmp($n0));
+         &xor($tmp1,$d);
+        &xor($f,&swtmp($n2));
+         &and($tmp1,$b);                # tmp1 holds F_00_19(b,c,d)
+        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
+         &rotr($b,2);                   # b=ROTATE(b,30)
+        &xor($tmp1,$d);                 # tmp1=F_00_19(b,c,d)
+         &rotl($f,1);                   # f=ROATE(f,1)
+        &mov(&swtmp($n0),$f);           # xi=f
+        &lea($f,&DWP($K,$f,$e,1));      # f+=K_00_19+e
+         &mov($e,$a);                   # e becomes volatile
+        &add($f,$tmp1);                 # f+=F_00_19(b,c,d)
+         &rotl($e,5);                   # e=ROTATE(a,5)
+        &add($f,$e);                    # f+=ROTATE(a,5)
+        }
+
+sub BODY_20_39
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+
+        &comment("20_39 $n");
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+
+        &mov($f,&swtmp($n0));           # f to hold Xupdate(xi,xa,xb,xc,xd)
+         &mov($tmp1,$b);                # tmp1 to hold F_20_39(b,c,d)
+        &xor($f,&swtmp($n1));
+         &rotr($b,2);                   # b=ROTATE(b,30)
+        &xor($f,&swtmp($n2));
+         &xor($tmp1,$c);
+        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
+         &xor($tmp1,$d);                # tmp1 holds F_20_39(b,c,d)
+        &rotl($f,1);                    # f=ROTATE(f,1)
+        &mov(&swtmp($n0),$f);           # xi=f
+        &lea($f,&DWP($K,$f,$e,1));      # f+=K_20_39+e
+         &mov($e,$a);                   # e becomes volatile
+        &rotl($e,5);                    # e=ROTATE(a,5)
+         &add($f,$tmp1);                # f+=F_20_39(b,c,d)
+        &add($f,$e);                    # f+=ROTATE(a,5)
+        }
+
+sub BODY_40_59
+        {
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+
+        &comment("40_59 $n");
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
+
+        &mov($f,&swtmp($n0));           # f to hold Xupdate(xi,xa,xb,xc,xd)
+         &mov($tmp1,$b);                # tmp1 to hold F_40_59(b,c,d)
+        &xor($f,&swtmp($n1));
+         &or($tmp1,$c);
+        &xor($f,&swtmp($n2));
+         &and($tmp1,$d);
+        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
+        &rotl($f,1);                    # f=ROTATE(f,1)
+        &mov(&swtmp($n0),$f);           # xi=f
+        &lea($f,&DWP($K,$f,$e,1));      # f+=K_40_59+e
+         &mov($e,$b);                   # e becomes volatile and is used
+                                        # to calculate F_40_59(b,c,d)
+        &rotr($b,2);                    # b=ROTATE(b,30)
+         &and($e,$c);
+        &or($tmp1,$e);                  # tmp1 holds F_40_59(b,c,d)             
+         &mov($e,$a);
+        &rotl($e,5);                    # e=ROTATE(a,5)
+        &add($tmp1,$e);                 # tmp1+=ROTATE(a,5)
+        &add($f,$tmp1);                 # f+=tmp1;
+        }
+
+sub BODY_60_79
+        {
+        &BODY_20_39(@_);
+        }
+
+sub sha1_block_host
+        {
+        local($name, $sclabel)=@_;
+
+        &function_begin_B($name,"");
+
+        # parameter 1 is the MD5_CTX structure.
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+        # E     16
+
+        &mov("ecx",     &wparam(2));
+         &push("esi");
+        &shl("ecx",6);
+         &mov("esi",    &wparam(1));
+        &push("ebp");
+         &add("ecx","esi");     # offset to leave on
+        &push("ebx");
+         &mov("ebp",    &wparam(0));
+        &push("edi");
+         &mov($D,       &DWP(12,"ebp","",0));
+        &stack_push(18+9);
+         &mov($E,       &DWP(16,"ebp","",0));
+        &mov($C,        &DWP( 8,"ebp","",0));
+         &mov(&swtmp(17),"ecx");
+
+        &comment("First we need to setup the X array");
+
+        for ($i=0; $i<16; $i+=2)
+                {
+                &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0;
+                 &mov($B,&DWP(($i+1)*4,"esi","",0));
+                &mov(&swtmp($i+0),$A);
+                 &mov(&swtmp($i+1),$B);
+                }
+        &jmp($sclabel);
+        &function_end_B($name);
+        }
+
+
+sub sha1_block_data
+        {
+        local($name)=@_;
+
+        &function_begin_B($name,"");
+
+        # parameter 1 is the MD5_CTX structure.
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+        # E     16
+
+        &mov("ecx",     &wparam(2));
+         &push("esi");
+        &shl("ecx",6);
+         &mov("esi",    &wparam(1));
+        &push("ebp");
+         &add("ecx","esi");     # offset to leave on
+        &push("ebx");
+         &mov("ebp",    &wparam(0));
+        &push("edi");
+         &mov($D,       &DWP(12,"ebp","",0));
+        &stack_push(18+9);
+         &mov($E,       &DWP(16,"ebp","",0));
+        &mov($C,        &DWP( 8,"ebp","",0));
+         &mov(&swtmp(17),"ecx");
+
+        &comment("First we need to setup the X array");
+
+        &set_label("start") unless $normal;
+
+        &X_expand("esi");
+         &mov(&wparam(1),"esi");
+
+        &set_label("shortcut", 0, 1);
+        &comment("");
+        &comment("Start processing");
+
+        # odd start
+        &mov($A,        &DWP( 0,"ebp","",0));
+         &mov($B,       &DWP( 4,"ebp","",0));
+        $X="esp";
+        &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C);
+        &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B);
+        &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A);
+        &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T);
+        &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E);
+
+        &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C);
+
+        &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A);
+
+        &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E);
+
+        &comment("End processing");
+        &comment("");
+        # D is the tmp value
+
+        # E -> A
+        # T -> B
+        # A -> C
+        # B -> D
+        # C -> E
+        # D -> T
+
+        &mov($tmp1,&wparam(0));
+
+         &mov($D,       &DWP(12,$tmp1,"",0));
+        &add($D,$B);
+         &mov($B,       &DWP( 4,$tmp1,"",0));
+        &add($B,$T);
+         &mov($T,       $A);
+        &mov($A,        &DWP( 0,$tmp1,"",0));
+         &mov(&DWP(12,$tmp1,"",0),$D);
+
+        &add($A,$E);
+         &mov($E,       &DWP(16,$tmp1,"",0));
+        &add($E,$C);
+         &mov($C,       &DWP( 8,$tmp1,"",0));
+        &add($C,$T);
+
+         &mov(&DWP( 0,$tmp1,"",0),$A);
+        &mov("esi",&wparam(1));
+         &mov(&DWP( 8,$tmp1,"",0),$C);
+        &add("esi",64);
+         &mov("eax",&swtmp(17));
+        &mov(&DWP(16,$tmp1,"",0),$E);
+         &cmp("esi","eax");
+        &mov(&DWP( 4,$tmp1,"",0),$B);
+         &jb(&label("start"));
+
+        &stack_pop(18+9);
+         &pop("edi");
+        &pop("ebx");
+         &pop("ebp");
+        &pop("esi");
+         &ret();
+
+        # keep a note of shortcut label so it can be used outside
+        # block.
+        my $sclabel = &label("shortcut");
+
+        &function_end_B($name);
+        # Putting this here avoids problems with MASM in debugging mode
+        &sha1_block_host("sha1_block_asm_host_order", $sclabel);
+        }
+
diff --git a/src/lib/libcrypto/sha/asm/sha1-ia64.pl b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
new file mode 100644
index 0000000000..cb9dfad124
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
@@ -0,0 +1,549 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Eternal question is what's wrong with compiler generated code? The
+# trick is that it's possible to reduce the number of shifts required
+# to perform rotations by maintaining copy of 32-bit value in upper
+# bits of 64-bit register. Just follow mux2 and shrp instructions...
+# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
+# is >50% better than HP C and >2x better than gcc. As of this moment
+# performance under little-endian OS such as Linux and Windows will be
+# a bit lower, because data has to be picked in reverse byte-order.
+# It's possible to resolve this issue by implementing third function,
+# sha1_block_asm_data_order_aligned, which would temporarily flip
+# BE field in User Mask register...
+
+$code=<<___;
+.ident  \"sha1-ia64.s, version 1.0\"
+.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
+.explicit
+
+___
+
+
+if ($^O eq "hpux") {
+    $ADDP="addp4";
+    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
+} else { $ADDP="add"; }
+for (@ARGV) {   $big_endian=1 if (/\-DB_ENDIAN/);
+                $big_endian=0 if (/\-DL_ENDIAN/);   }
+if (!defined($big_endian))
+            {   $big_endian=(unpack('L',pack('N',1))==1);   }
+
+#$human=1;
+if ($human) {   # useful for visual code auditing...
+        ($A,$B,$C,$D,$E,$T)   = ("A","B","C","D","E","T");
+        ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
+        ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
+            (   "K_00_19","K_20_39","K_40_59","K_60_79" );
+        @X= (   "X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",
+                "X8", "X9","X10","X11","X12","X13","X14","X15"  );
+}
+else {
+        ($A,$B,$C,$D,$E,$T)   = ("loc0","loc1","loc2","loc3","loc4","loc5");
+        ($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10");
+        ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
+            (   "r14", "r15", "loc11", "loc12"  );
+        @X= (   "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
+                "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"  );
+}
+
+sub BODY_00_15 {
+local   *code=shift;
+local   ($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_;
+
+if ($unaligned) {
+        $code.=<<___;
+{ .mmi; ld1     tmp0=[inp],2                // MSB
+        ld1     tmp1=[tmp3],2           };;
+{ .mmi; ld1     tmp2=[inp],2
+        ld1     $X[$i&0xf]=[tmp3],2         // LSB
+        dep     tmp1=tmp0,tmp1,8,8      };;
+{ .mii; cmp.ne  p16,p0=r0,r0                // no misaligned prefetch
+        dep     $X[$i&0xf]=tmp2,$X[$i&0xf],8,8;;
+        dep     $X[$i&0xf]=tmp1,$X[$i&0xf],16,16        };;
+{ .mmi; nop.m   0
+___
+        }
+elsif ($i<15) {
+        $code.=<<___;
+{ .mmi; ld4     $X[($i+1)&0xf]=[inp],4  // prefetch
+___
+        }
+else    {
+        $code.=<<___;
+{ .mmi; nop.m   0
+___
+        }
+if ($i<15) {
+        $code.=<<___;
+        and     tmp0=$c,$b
+        dep.z   tmp5=$a,5,27            }   // a<<5
+{ .mmi; andcm   tmp1=$d,$b
+        add     tmp4=$e,$K_00_19        };;
+{ .mmi; or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
+        add     $f=tmp4,$X[$i&0xf]          // f=xi+e+K_00_19
+        extr.u  tmp1=$a,27,5            };; // a>>27
+{ .mib; add     $f=$f,tmp0                  // f+=F_00_19(b,c,d)
+        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
+{ .mib; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+        mux2    tmp6=$a,0x44            };; // see b in next iteration
+{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
+        mux2    $X[$i&0xf]=$X[$i&0xf],0x44
+        nop.i   0                       };;
+
+___
+        }
+else    {
+        $code.=<<___;
+        and     tmp0=$c,$b
+        dep.z   tmp5=$a,5,27            }   // a<<5 ;;?
+{ .mmi; andcm   tmp1=$d,$b
+        add     tmp4=$e,$K_00_19        };;
+{ .mmi; or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
+        add     $f=tmp4,$X[$i&0xf]          // f=xi+e+K_00_19
+        extr.u  tmp1=$a,27,5            }   // a>>27
+{ .mmi; xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
+        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
+        nop.i   0                       };;
+{ .mmi; add     $f=$f,tmp0                  // f+=F_00_19(b,c,d)
+        xor     tmp2=tmp2,tmp3              // +1
+        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
+{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+        mux2    tmp6=$a,0x44            };; // see b in next iteration
+{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
+        shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
+        mux2    $X[$i&0xf]=$X[$i&0xf],0x44  };;
+
+___
+        }
+}
+
+sub BODY_16_19 {
+local   *code=shift;
+local   ($i,$a,$b,$c,$d,$e,$f)=@_;
+
+$code.=<<___;
+{ .mmi; mov     $X[$i&0xf]=$f               // Xupdate
+        and     tmp0=$c,$b
+        dep.z   tmp5=$a,5,27            }   // a<<5
+{ .mmi; andcm   tmp1=$d,$b
+        add     tmp4=$e,$K_00_19        };;
+{ .mmi; or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
+        add     $f=$f,tmp4                  // f+=e+K_00_19
+        extr.u  tmp1=$a,27,5            }   // a>>27
+{ .mmi; xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
+        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
+        nop.i   0                       };;
+{ .mmi; add     $f=$f,tmp0                  // f+=F_00_19(b,c,d)
+        xor     tmp2=tmp2,tmp3              // +1
+        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
+{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+        mux2    tmp6=$a,0x44            };; // see b in next iteration
+{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
+        shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
+        nop.i   0                       };;
+
+___
+}
+
+sub BODY_20_39 {
+local   *code=shift;
+local   ($i,$a,$b,$c,$d,$e,$f,$Konst)=@_;
+        $Konst = $K_20_39 if (!defined($Konst));
+
+if ($i<79) {
+$code.=<<___;
+{ .mib; mov     $X[$i&0xf]=$f               // Xupdate
+        dep.z   tmp5=$a,5,27            }   // a<<5
+{ .mib; xor     tmp0=$c,$b
+        add     tmp4=$e,$Konst          };;
+{ .mmi; xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
+        add     $f=$f,tmp4                  // f+=e+K_20_39
+        extr.u  tmp1=$a,27,5            }   // a>>27
+{ .mmi; xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
+        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
+        nop.i   0                       };;
+{ .mmi; add     $f=$f,tmp0                  // f+=F_20_39(b,c,d)
+        xor     tmp2=tmp2,tmp3              // +1
+        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
+{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+        mux2    tmp6=$a,0x44            };; // see b in next iteration
+{ .mii; add     $f=$f,tmp1                  // f+=ROTATE(a,5)
+        shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
+        nop.i   0                       };;
+
+___
+}
+else {
+$code.=<<___;
+{ .mib; mov     $X[$i&0xf]=$f               // Xupdate
+        dep.z   tmp5=$a,5,27            }   // a<<5
+{ .mib; xor     tmp0=$c,$b
+        add     tmp4=$e,$Konst          };;
+{ .mib; xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
+        extr.u  tmp1=$a,27,5            }   // a>>27
+{ .mib; add     $f=$f,tmp4                  // f+=e+K_20_39
+        add     $h1=$h1,$a              };; // wrap up
+{ .mmi;
+(p16)   ld4.s   $X[0]=[inp],4               // non-faulting prefetch
+        add     $f=$f,tmp0                  // f+=F_20_39(b,c,d)
+        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30) ;;?
+{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+        add     $h3=$h3,$c              };; // wrap up
+{ .mib; add     tmp3=1,inp                  // used in unaligned codepath
+        add     $f=$f,tmp1              }   // f+=ROTATE(a,5)
+{ .mib; add     $h2=$h2,$b                  // wrap up
+        add     $h4=$h4,$d              };; // wrap up
+
+___
+}
+}
+
+sub BODY_40_59 {
+local   *code=shift;
+local   ($i,$a,$b,$c,$d,$e,$f)=@_;
+
+$code.=<<___;
+{ .mmi; mov     $X[$i&0xf]=$f               // Xupdate
+        and     tmp0=$c,$b
+        dep.z   tmp5=$a,5,27            }   // a<<5
+{ .mmi; and     tmp1=$d,$b
+        add     tmp4=$e,$K_40_59        };;
+{ .mmi; or      tmp0=tmp0,tmp1              // (b&c)|(b&d)
+        add     $f=$f,tmp4                  // f+=e+K_40_59
+        extr.u  tmp1=$a,27,5            }   // a>>27
+{ .mmi; and     tmp4=$c,$d
+        xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
+        xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
+        };;
+{ .mmi; or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+        xor     tmp2=tmp2,tmp3              // +1
+        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
+{ .mmi; or      tmp0=tmp0,tmp4              // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d)
+        mux2    tmp6=$a,0x44            };; // see b in next iteration
+{ .mii; add     $f=$f,tmp0                  // f+=F_40_59(b,c,d)
+        shrp    $e=tmp2,tmp2,31;;           // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
+        add     $f=$f,tmp1              };; // f+=ROTATE(a,5)
+
+___
+}
+sub BODY_60_79  { &BODY_20_39(@_,$K_60_79); }
+
+$code.=<<___;
+.text
+
+tmp0=r8;
+tmp1=r9;
+tmp2=r10;
+tmp3=r11;
+ctx=r32;        // in0
+inp=r33;        // in1
+
+// void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num);
+.global sha1_block_asm_host_order#
+.proc   sha1_block_asm_host_order#
+.align  32
+sha1_block_asm_host_order:
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r0
+        .save   ar.lc,r3
+{ .mmi; alloc   tmp1=ar.pfs,3,15,0,0
+        $ADDP   tmp0=4,ctx
+        mov     r3=ar.lc                }
+{ .mmi; $ADDP   ctx=0,ctx
+        $ADDP   inp=0,inp
+        mov     r2=pr                   };;
+tmp4=in2;
+tmp5=loc13;
+tmp6=loc14;
+        .body
+{ .mlx; ld4     $h0=[ctx],8
+        movl    $K_00_19=0x5a827999     }
+{ .mlx; ld4     $h1=[tmp0],8
+        movl    $K_20_39=0x6ed9eba1     };;
+{ .mlx; ld4     $h2=[ctx],8
+        movl    $K_40_59=0x8f1bbcdc     }
+{ .mlx; ld4     $h3=[tmp0]
+        movl    $K_60_79=0xca62c1d6     };;
+{ .mmi; ld4     $h4=[ctx],-16
+        add     in2=-1,in2                  // adjust num for ar.lc
+        mov     ar.ec=1                 };;
+{ .mmi; ld4     $X[0]=[inp],4               // prefetch
+        cmp.ne  p16,p0=r0,in2               // prefecth at loop end
+        mov     ar.lc=in2               };; // brp.loop.imp: too far
+
+.Lhtop:
+{ .mmi; mov     $A=$h0
+        mov     $B=$h1
+        mux2    tmp6=$h1,0x44           }
+{ .mmi; mov     $C=$h2
+        mov     $D=$h3
+        mov     $E=$h4                  };;
+
+___
+
+        &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C);
+
+        &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);
+        &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);
+        &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);
+        &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);
+
+        &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);
+
+        &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);
+
+        &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);
+
+$code.=<<___;
+{ .mmb; add     $h0=$h0,$E
+        nop.m   0
+        br.ctop.dptk.many       .Lhtop  };;
+.Lhend:
+{ .mmi; add     tmp0=4,ctx
+        mov     ar.lc=r3                };;
+{ .mmi; st4     [ctx]=$h0,8
+        st4     [tmp0]=$h1,8            };;
+{ .mmi; st4     [ctx]=$h2,8
+        st4     [tmp0]=$h3              };;
+{ .mib; st4     [ctx]=$h4,-16
+        mov     pr=r2,0x1ffff
+        br.ret.sptk.many        b0      };;
+.endp   sha1_block_asm_host_order#
+___
+
+
+$code.=<<___;
+// void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num);
+.global sha1_block_asm_data_order#
+.proc   sha1_block_asm_data_order#
+.align  32
+sha1_block_asm_data_order:
+___
+$code.=<<___ if ($big_endian);
+{ .mmi; and     r2=3,inp                                };;
+{ .mib; cmp.eq  p6,p0=r0,r2
+(p6)    br.dptk.many    sha1_block_asm_host_order       };;
+___
+$code.=<<___;
+        .prologue
+        .fframe 0
+        .save   ar.pfs,r0
+        .save   ar.lc,r3
+{ .mmi; alloc   tmp1=ar.pfs,3,15,0,0
+        $ADDP   tmp0=4,ctx
+        mov     r3=ar.lc                }
+{ .mmi; $ADDP   ctx=0,ctx
+        $ADDP   inp=0,inp
+        mov     r2=pr                   };;
+tmp4=in2;
+tmp5=loc13;
+tmp6=loc14;
+        .body
+{ .mlx; ld4     $h0=[ctx],8
+        movl    $K_00_19=0x5a827999     }
+{ .mlx; ld4     $h1=[tmp0],8
+        movl    $K_20_39=0x6ed9eba1     };;
+{ .mlx; ld4     $h2=[ctx],8
+        movl    $K_40_59=0x8f1bbcdc     }
+{ .mlx; ld4     $h3=[tmp0]
+        movl    $K_60_79=0xca62c1d6     };;
+{ .mmi; ld4     $h4=[ctx],-16
+        add     in2=-1,in2                  // adjust num for ar.lc
+        mov     ar.ec=1                 };;
+{ .mmi; nop.m   0
+        add     tmp3=1,inp
+        mov     ar.lc=in2               };; // brp.loop.imp: too far
+
+.Ldtop:
+{ .mmi; mov     $A=$h0
+        mov     $B=$h1
+        mux2    tmp6=$h1,0x44           }
+{ .mmi; mov     $C=$h2
+        mov     $D=$h3
+        mov     $E=$h4                  };;
+
+___
+
+        &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1);
+        &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1);
+        &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1);
+        &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1);
+        &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1);
+        &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1);
+        &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1);
+        &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1);
+        &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1);
+        &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1);
+        &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1);
+        &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1);
+        &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1);
+        &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1);
+        &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1);
+        &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1);
+
+        &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B);
+        &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A);
+        &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T);
+        &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E);
+
+        &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C);
+
+        &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A);
+
+        &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E);
+
+$code.=<<___;
+{ .mmb; add     $h0=$h0,$E
+        nop.m   0
+        br.ctop.dptk.many       .Ldtop  };;
+.Ldend:
+{ .mmi; add     tmp0=4,ctx
+        mov     ar.lc=r3                };;
+{ .mmi; st4     [ctx]=$h0,8
+        st4     [tmp0]=$h1,8            };;
+{ .mmi; st4     [ctx]=$h2,8
+        st4     [tmp0]=$h3              };;
+{ .mib; st4     [ctx]=$h4,-16
+        mov     pr=r2,0x1ffff
+        br.ret.sptk.many        b0      };;
+.endp   sha1_block_asm_data_order#
+___
+
+print $code;
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
new file mode 100644
index 0000000000..79c07b0fd1
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha.h
@@ -0,0 +1,128 @@
+/* crypto/sha/sha.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SHA_H
+#define HEADER_SHA_H
+
+#include <openssl/e_os2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
+#error SHA is disabled.
+#endif
+
+#if defined(OPENSSL_FIPS)
+#define FIPS_SHA_SIZE_T unsigned long
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
+#define SHA_LBLOCK      16
+#define SHA_CBLOCK      (SHA_LBLOCK*4)  /* SHA treats input data as a
+                                         * contiguous array of 32 bit
+                                         * wide big-endian values. */
+#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
+#define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st
+        {
+        SHA_LONG h0,h1,h2,h3,h4;
+        SHA_LONG Nl,Nh;
+        SHA_LONG data[SHA_LBLOCK];
+        int num;
+        } SHA_CTX;
+
+#ifndef OPENSSL_NO_SHA0
+#ifdef OPENSSL_FIPS
+int private_SHA_Init(SHA_CTX *c);
+#endif
+int SHA_Init(SHA_CTX *c);
+int SHA_Update(SHA_CTX *c, const void *data, unsigned long len);
+int SHA_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md);
+void SHA_Transform(SHA_CTX *c, const unsigned char *data);
+#endif
+#ifndef OPENSSL_NO_SHA1
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+#endif
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
new file mode 100644
index 0000000000..20e660c71d
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -0,0 +1,77 @@
+/* crypto/sha/sha1_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_SHA1
+unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
+        {
+        SHA_CTX c;
+        static unsigned char m[SHA_DIGEST_LENGTH];
+
+        if (md == NULL) md=m;
+        SHA1_Init(&c);
+        SHA1_Update(&c,d,n);
+        SHA1_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c));
+        return(md);
+        }
+#endif
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
new file mode 100644
index 0000000000..1e2009b760
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -0,0 +1,81 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
+
+#undef  SHA_0
+#define SHA_1
+
+#include <openssl/opensslv.h>
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
+
+/* The implementation is in ../md32_common.h */
+
+#include "sha_locl.h"
+
+#else /* ndef OPENSSL_FIPS */
+
+static void *dummy=&dummy;
+
+#endif /* ndef OPENSSL_FIPS */
+
+#endif
+
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
new file mode 100644
index 0000000000..a3623f72da
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_locl.h
@@ -0,0 +1,481 @@
+/* crypto/sha/sha_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2   2       /* default to 32 bits */
+#endif
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_LONG_LOG2          SHA_LONG_LOG2
+#define HASH_CTX                SHA_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+#define HASH_LBLOCK             SHA_LBLOCK
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->h0; HOST_l2c(ll,(s));   \
+        ll=(c)->h1; HOST_l2c(ll,(s));   \
+        ll=(c)->h2; HOST_l2c(ll,(s));   \
+        ll=(c)->h3; HOST_l2c(ll,(s));   \
+        ll=(c)->h4; HOST_l2c(ll,(s));   \
+        } while (0)
+
+#if defined(SHA_0)
+
+# define HASH_UPDATE                    SHA_Update
+# define HASH_TRANSFORM                 SHA_Transform
+# define HASH_FINAL                     SHA_Final
+# define HASH_INIT                      SHA_Init
+# define HASH_BLOCK_HOST_ORDER          sha_block_host_order
+# define HASH_BLOCK_DATA_ORDER          sha_block_data_order
+# define Xupdate(a,ix,ia,ib,ic,id)      (ix=(a)=(ia^ib^ic^id))
+
+  void sha_block_host_order (SHA_CTX *c, const void *p,int num);
+  void sha_block_data_order (SHA_CTX *c, const void *p,int num);
+
+#elif defined(SHA_1)
+
+# define HASH_UPDATE                    SHA1_Update
+# define HASH_TRANSFORM                 SHA1_Transform
+# define HASH_FINAL                     SHA1_Final
+# define HASH_INIT                      SHA1_Init
+# define HASH_BLOCK_HOST_ORDER          sha1_block_host_order
+# define HASH_BLOCK_DATA_ORDER          sha1_block_data_order
+# if defined(__MWERKS__) && defined(__MC68K__)
+   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
+#  define Xupdate(a,ix,ia,ib,ic,id)     do { (a)=(ia^ib^ic^id);         \
+                                             ix=(a)=ROTATE((a),1);      \
+                                        } while (0)
+# else
+#  define Xupdate(a,ix,ia,ib,ic,id)     ( (a)=(ia^ib^ic^id),    \
+                                          ix=(a)=ROTATE((a),1)  \
+                                        )
+# endif
+
+# ifdef SHA1_ASM
+#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#   define sha1_block_host_order                sha1_block_asm_host_order
+#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#   define sha1_block_data_order                sha1_block_asm_data_order
+#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
+#   define HASH_BLOCK_DATA_ORDER_ALIGNED        sha1_block_asm_data_order
+#  elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#   define sha1_block_host_order                sha1_block_asm_host_order
+#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#   define sha1_block_data_order                sha1_block_asm_data_order
+#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
+#  endif
+# endif
+  void sha1_block_host_order (SHA_CTX *c, const void *p,int num);
+  void sha1_block_data_order (SHA_CTX *c, const void *p,int num);
+
+#else
+# error "Either SHA_0 or SHA_1 must be defined."
+#endif
+
+#include "md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+#if defined(SHA_0) && defined(OPENSSL_FIPS)
+FIPS_NON_FIPS_MD_Init(SHA)
+#else
+int HASH_INIT (SHA_CTX *c)
+#endif
+        {
+        c->h0=INIT_DATA_h0;
+        c->h1=INIT_DATA_h1;
+        c->h2=INIT_DATA_h2;
+        c->h3=INIT_DATA_h3;
+        c->h4=INIT_DATA_h4;
+        c->Nl=0;
+        c->Nh=0;
+        c->num=0;
+        return 1;
+        }
+
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
+ * simplified to the code in F_00_19.  Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d)) 
+#define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d)  (((b) & (c)) | (((b)|(c)) & (d))) 
+#define F_60_79(b,c,d)  F_20_39(b,c,d)
+
+#define BODY_00_15(i,a,b,c,d,e,f,xi) \
+        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+#ifdef X
+#undef X
+#endif
+#ifndef MD32_XARRAY
+  /*
+   * Originally X was an array. As it's automatic it's natural
+   * to expect RISC compiler to accomodate at least part of it in
+   * the register bank, isn't it? Unfortunately not all compilers
+   * "find" this expectation reasonable:-( On order to make such
+   * compilers generate better code I replace X[] with a bunch of
+   * X0, X1, etc. See the function body below...
+   *                                    <appro@fy.chalmers.se>
+   */
+# define X(i)   XX##i
+#else
+  /*
+   * However! Some compilers (most notably HP C) get overwhelmed by
+   * that many local variables so that we have to have the way to
+   * fall down to the original behavior.
+   */
+# define X(i)   XX[i]
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
+void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num)
+        {
+        const SHA_LONG *W=d;
+        register unsigned MD32_REG_T A,B,C,D,E,T;
+#ifndef MD32_XARRAY
+        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+        SHA_LONG        XX[16];
+#endif
+
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+
+        for (;;)
+                {
+        BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
+        BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
+        BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
+        BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
+        BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
+        BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
+        BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
+        BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
+        BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
+        BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
+        BODY_00_15(10,C,D,E,T,A,B,W[10]);
+        BODY_00_15(11,B,C,D,E,T,A,W[11]);
+        BODY_00_15(12,A,B,C,D,E,T,W[12]);
+        BODY_00_15(13,T,A,B,C,D,E,W[13]);
+        BODY_00_15(14,E,T,A,B,C,D,W[14]);
+        BODY_00_15(15,D,E,T,A,B,C,W[15]);
+
+        BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
+        BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
+        BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
+        BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
+
+        BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
+        BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
+        BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
+        BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
+        BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
+        BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
+        BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
+        BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
+        BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
+        BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
+        BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
+        BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
+
+        BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+        BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+        BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+        BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+        BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+        BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+        BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+        BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+        BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+        BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+        BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+        BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+        BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+        BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+        BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+        BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+        BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+        BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+        BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+        BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+        BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+        BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+        BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+        BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+        BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+        BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+        BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+        BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+        BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+        BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+        BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+        BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+        BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+        BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+        BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+        BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+        BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+        BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+        BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+        BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+        BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+        BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+        BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+        BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+        BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+        BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+        BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+        BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+        
+        c->h0=(c->h0+E)&0xffffffffL; 
+        c->h1=(c->h1+T)&0xffffffffL;
+        c->h2=(c->h2+A)&0xffffffffL;
+        c->h3=(c->h3+B)&0xffffffffL;
+        c->h4=(c->h4+C)&0xffffffffL;
+
+        if (--num <= 0) break;
+
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+
+        W+=SHA_LBLOCK;
+                }
+        }
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
+void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num)
+        {
+        const unsigned char *data=p;
+        register unsigned MD32_REG_T A,B,C,D,E,T,l;
+#ifndef MD32_XARRAY
+        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+        SHA_LONG        XX[16];
+#endif
+
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+
+        for (;;)
+                {
+
+        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
+        BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
+        BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
+        BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
+        BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
+        BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
+        BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
+        BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
+        BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
+        BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
+        BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
+        BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
+        BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
+        BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
+        BODY_00_15(14,E,T,A,B,C,D,X(14));
+        BODY_00_15(15,D,E,T,A,B,C,X(15));
+
+        BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
+        BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
+        BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
+        BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
+
+        BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
+        BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
+        BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
+        BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
+        BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
+        BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
+        BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
+        BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
+        BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
+        BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
+        BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
+        BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
+
+        BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+        BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+        BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+        BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+        BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+        BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+        BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+        BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+        BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+        BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+        BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+        BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+        BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+        BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+        BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+        BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+        BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+        BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+        BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+        BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+        BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+        BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+        BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+        BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+        BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+        BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+        BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+        BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+        BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+        BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+        BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+        BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+        BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+        BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+        BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+        BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+        BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+        BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+        BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+        BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+        BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+        BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+        BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+        BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+        BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+        BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+        BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+        BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+        
+        c->h0=(c->h0+E)&0xffffffffL; 
+        c->h1=(c->h1+T)&0xffffffffL;
+        c->h2=(c->h2+A)&0xffffffffL;
+        c->h3=(c->h3+B)&0xffffffffL;
+        c->h4=(c->h4+C)&0xffffffffL;
+
+        if (--num <= 0) break;
+
+        A=c->h0;
+        B=c->h1;
+        C=c->h2;
+        D=c->h3;
+        E=c->h4;
+
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c
index d4f4d344df..e61c63f3e9 100644
--- a/src/lib/libcrypto/sha/sha_one.c
+++ b/src/lib/libcrypto/sha/sha_one.c
@@ -68,8 +68,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
         static unsigned char m[SHA_DIGEST_LENGTH];
 
         if (md == NULL) md=m;
-        if (!SHA_Init(&c))
-                return NULL;
+        SHA_Init(&c);
         SHA_Update(&c,d,n);
         SHA_Final(md,&c);
         OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libcrypto/stack/Makefile.ssl b/src/lib/libcrypto/stack/Makefile.ssl
new file mode 100644
index 0000000000..7120fb804a
--- /dev/null
+++ b/src/lib/libcrypto/stack/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/stack/Makefile
+#
+
+DIR=    stack
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=stack.c
+LIBOBJ=stack.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= stack.h safestack.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+stack.o: ../../e_os.h ../../include/openssl/bio.h
+stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+stack.o: ../cryptlib.h stack.c
diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h
new file mode 100644
index 0000000000..bd1121c279
--- /dev/null
+++ b/src/lib/libcrypto/stack/safestack.h
@@ -0,0 +1,1571 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SAFESTACK_H
+#define HEADER_SAFESTACK_H
+
+#include <openssl/stack.h>
+
+#ifdef DEBUG_SAFESTACK
+
+#define STACK_OF(type) struct stack_st_##type
+#define PREDECLARE_STACK_OF(type) STACK_OF(type);
+
+#define DECLARE_STACK_OF(type) \
+STACK_OF(type) \
+    { \
+    STACK stack; \
+    };
+
+#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
+
+/* SKM_sk_... stack macros are internal to safestack.h:
+ * never use them directly, use sk_<type>_... instead */
+#define SKM_sk_new(type, cmp) \
+        ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp)
+#define SKM_sk_new_null(type) \
+        ((STACK_OF(type) * (*)(void))sk_new_null)()
+#define SKM_sk_free(type, st) \
+        ((void (*)(STACK_OF(type) *))sk_free)(st)
+#define SKM_sk_num(type, st) \
+        ((int (*)(const STACK_OF(type) *))sk_num)(st)
+#define SKM_sk_value(type, st,i) \
+        ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i)
+#define SKM_sk_set(type, st,i,val) \
+        ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val)
+#define SKM_sk_zero(type, st) \
+        ((void (*)(STACK_OF(type) *))sk_zero)(st)
+#define SKM_sk_push(type, st,val) \
+        ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val)
+#define SKM_sk_unshift(type, st,val) \
+        ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val)
+#define SKM_sk_find(type, st,val) \
+        ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val)
+#define SKM_sk_delete(type, st,i) \
+        ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i)
+#define SKM_sk_delete_ptr(type, st,ptr) \
+        ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr)
+#define SKM_sk_insert(type, st,val,i) \
+        ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i)
+#define SKM_sk_set_cmp_func(type, st,cmp) \
+        ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
+          (const type * const *, const type * const *))sk_set_cmp_func)\
+        (st, cmp)
+#define SKM_sk_dup(type, st) \
+        ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st)
+#define SKM_sk_pop_free(type, st,free_func) \
+        ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\
+        (st, free_func)
+#define SKM_sk_shift(type, st) \
+        ((type * (*)(STACK_OF(type) *))sk_shift)(st)
+#define SKM_sk_pop(type, st) \
+        ((type * (*)(STACK_OF(type) *))sk_pop)(st)
+#define SKM_sk_sort(type, st) \
+        ((void (*)(STACK_OF(type) *))sk_sort)(st)
+#define SKM_sk_is_sorted(type, st) \
+        ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st)
+
+#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
+                                       type *(*)(type **, unsigned char **,long), \
+                                       void (*)(type *), int ,int )) d2i_ASN1_SET) \
+                                                (st,pp,length, d2i_func, free_func, ex_tag,ex_class)
+#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        ((int (*)(STACK_OF(type) *,unsigned char **, \
+                           int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \
+                                                (st,pp,i2d_func,ex_tag,ex_class,is_set)
+
+#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+        ((unsigned char *(*)(STACK_OF(type) *, \
+                                    int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \
+                                (st, i2d_func, buf, len)
+#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+        ((STACK_OF(type) * (*)(unsigned char *,int, \
+                                       type *(*)(type **,unsigned char **, long), \
+                                       void (*)(type *)))ASN1_seq_unpack) \
+                                        (buf,len,d2i_func, free_func)
+
+#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        ((STACK_OF(type) * (*)(X509_ALGOR *, \
+                                type *(*)(type **, unsigned char **, long), void (*)(type *), \
+                                const char *, int, \
+                                ASN1_STRING *, int))PKCS12_decrypt_d2i) \
+                                (algor,d2i_func,free_func,pass,passlen,oct,seq)
+
+#else
+
+#define STACK_OF(type) STACK
+#define PREDECLARE_STACK_OF(type) /* nada */
+#define DECLARE_STACK_OF(type)    /* nada */
+#define IMPLEMENT_STACK_OF(type)  /* nada */
+
+#define SKM_sk_new(type, cmp) \
+        sk_new((int (*)(const char * const *, const char * const *))(cmp))
+#define SKM_sk_new_null(type) \
+        sk_new_null()
+#define SKM_sk_free(type, st) \
+        sk_free(st)
+#define SKM_sk_num(type, st) \
+        sk_num(st)
+#define SKM_sk_value(type, st,i) \
+        ((type *)sk_value(st, i))
+#define SKM_sk_set(type, st,i,val) \
+        ((type *)sk_set(st, i,(char *)val))
+#define SKM_sk_zero(type, st) \
+        sk_zero(st)
+#define SKM_sk_push(type, st,val) \
+        sk_push(st, (char *)val)
+#define SKM_sk_unshift(type, st,val) \
+        sk_unshift(st, val)
+#define SKM_sk_find(type, st,val) \
+        sk_find(st, (char *)val)
+#define SKM_sk_delete(type, st,i) \
+        ((type *)sk_delete(st, i))
+#define SKM_sk_delete_ptr(type, st,ptr) \
+        ((type *)sk_delete_ptr(st,(char *)ptr))
+#define SKM_sk_insert(type, st,val,i) \
+        sk_insert(st, (char *)val, i)
+#define SKM_sk_set_cmp_func(type, st,cmp) \
+        ((int (*)(const type * const *,const type * const *)) \
+        sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
+#define SKM_sk_dup(type, st) \
+        sk_dup(st)
+#define SKM_sk_pop_free(type, st,free_func) \
+        sk_pop_free(st, (void (*)(void *))free_func)
+#define SKM_sk_shift(type, st) \
+        ((type *)sk_shift(st))
+#define SKM_sk_pop(type, st) \
+        ((type *)sk_pop(st))
+#define SKM_sk_sort(type, st) \
+        sk_sort(st)
+#define SKM_sk_is_sorted(type, st) \
+        sk_is_sorted(st)
+
+#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
+#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set)
+
+#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+        ASN1_seq_pack(st, i2d_func, buf, len)
+#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+        ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func)
+
+#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
+
+#endif
+
+/* This block of defines is updated by util/mkstack.pl, please do not touch! */
+#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
+#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
+#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
+#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
+#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
+#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
+#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
+#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
+#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
+#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
+
+#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
+#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
+#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
+#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
+#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
+#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
+#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
+#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
+#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
+#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
+
+#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
+#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
+#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
+#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
+#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
+#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
+#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
+#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
+#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
+#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
+
+#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
+#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
+#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
+#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
+#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
+#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
+#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
+#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
+#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
+#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
+
+#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
+#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
+#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
+#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
+#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
+#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
+#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
+#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
+#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
+#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
+
+#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
+#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
+#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
+#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
+#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
+#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
+#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
+#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
+#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
+#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
+
+#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
+#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
+#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
+#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
+#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
+#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
+#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
+#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
+#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
+#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
+
+#define sk_BIO_new(st) SKM_sk_new(BIO, (st))
+#define sk_BIO_new_null() SKM_sk_new_null(BIO)
+#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
+#define sk_BIO_num(st) SKM_sk_num(BIO, (st))
+#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
+#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
+#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
+#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
+#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
+#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
+#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
+#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
+#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
+#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
+#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
+#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
+#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
+#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
+#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
+#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
+
+#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
+#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
+#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
+#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
+#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
+#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
+#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
+#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
+
+#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
+#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
+#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
+#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
+#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
+#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
+#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
+#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
+#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
+#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
+#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
+#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
+#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
+#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
+#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
+
+#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
+#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
+#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
+#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
+#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
+#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
+#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
+#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
+#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
+#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
+#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
+#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
+#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
+#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
+#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
+#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
+#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
+
+#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
+#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
+#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
+#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
+#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
+#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
+
+#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
+#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
+#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
+#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
+#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
+#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
+#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
+#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
+#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
+#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
+
+#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
+#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
+#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
+#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
+#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
+#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
+#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
+#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
+#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
+#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
+#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
+#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
+#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
+#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
+#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
+#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
+#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
+
+#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
+#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
+#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
+#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
+#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
+#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
+#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
+#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
+#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
+#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
+#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
+#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
+#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
+#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
+#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
+#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
+#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
+#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
+#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
+#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
+
+#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
+#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
+#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
+#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
+#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
+#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
+#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
+#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
+#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
+#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
+
+#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
+#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
+#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
+#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
+#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
+#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
+#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
+#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
+#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
+#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
+
+#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
+#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
+#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
+#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
+#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
+#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
+#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
+#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
+#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
+#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
+
+#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
+#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
+#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
+#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
+#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
+#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
+#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
+#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
+#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
+#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
+
+#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
+#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
+#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
+#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
+#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
+#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
+#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
+#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
+#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
+#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
+
+#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
+#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
+#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
+#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
+#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
+#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
+#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
+#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
+#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
+#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
+
+#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
+#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
+#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
+#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
+#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
+#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
+#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
+#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
+#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
+#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
+
+#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
+#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
+#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
+#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
+#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
+#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
+#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
+#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
+#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
+#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
+
+#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
+#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
+#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
+#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
+#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
+#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
+#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
+#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
+#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
+#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
+
+#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
+#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
+#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
+#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
+#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
+#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
+#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
+#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
+#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
+#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
+
+#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
+#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
+#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
+#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
+#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
+#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
+#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
+#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
+#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
+#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
+#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
+#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
+#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
+#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
+#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
+#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
+
+#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
+#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
+#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
+#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
+#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
+#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
+#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
+#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
+#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
+#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
+#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
+#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
+#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
+#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
+#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
+#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
+#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
+
+#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
+#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
+#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
+#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
+#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
+#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
+#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
+#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
+#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
+#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
+
+#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
+#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
+#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
+#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
+#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
+#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
+#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
+#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
+
+#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
+#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
+#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
+#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
+#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
+#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
+#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
+#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
+
+#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
+#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
+#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
+#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
+#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
+#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
+#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
+#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
+
+#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
+#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
+#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
+#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
+#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
+#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
+#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
+#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
+#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
+#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
+
+#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
+#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
+#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
+#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
+#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
+#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
+#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
+#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
+#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
+#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
+#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
+#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
+#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
+#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
+#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
+#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
+#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
+#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
+#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
+#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
+
+#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
+#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
+#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
+#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
+#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
+#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
+#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
+#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
+#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
+#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
+
+#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
+#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
+#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
+#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
+#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
+#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
+#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
+#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
+#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
+#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
+
+#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
+#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
+#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
+#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
+#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
+#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
+#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
+#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
+#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
+#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
+#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
+#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
+#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
+#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
+#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
+#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
+#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
+
+#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
+#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
+#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
+#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
+#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
+#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
+#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
+#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
+#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
+#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
+
+#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
+#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
+#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
+#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
+#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
+#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
+#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
+#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
+#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
+#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
+
+#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
+#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
+#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
+#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
+#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
+#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
+#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
+#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
+#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
+#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
+#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
+#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
+#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
+#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
+#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
+#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
+#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
+
+#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
+#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
+#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
+#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
+#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
+#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
+#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
+#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
+#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
+#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
+#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
+#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
+#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
+#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
+#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
+#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
+#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
+#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
+#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
+#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
+
+#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
+#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
+#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
+#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
+#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
+#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
+#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
+#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
+#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
+#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
+#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
+#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
+#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
+#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
+#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
+#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
+#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
+#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
+#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
+#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
+
+#define sk_X509_new(st) SKM_sk_new(X509, (st))
+#define sk_X509_new_null() SKM_sk_new_null(X509)
+#define sk_X509_free(st) SKM_sk_free(X509, (st))
+#define sk_X509_num(st) SKM_sk_num(X509, (st))
+#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
+#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
+#define sk_X509_zero(st) SKM_sk_zero(X509, (st))
+#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
+#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
+#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
+#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
+#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
+#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
+#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
+#define sk_X509_dup(st) SKM_sk_dup(X509, st)
+#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
+#define sk_X509_shift(st) SKM_sk_shift(X509, (st))
+#define sk_X509_pop(st) SKM_sk_pop(X509, (st))
+#define sk_X509_sort(st) SKM_sk_sort(X509, (st))
+#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
+
+#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
+#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
+#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
+#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
+#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
+#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
+#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
+#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
+#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
+#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
+
+#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
+#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
+#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
+#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
+#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
+#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
+#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
+#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
+#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
+#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
+#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
+#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
+#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
+#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
+#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
+#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
+#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
+
+#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
+#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
+#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
+#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
+#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
+#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
+#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
+#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
+#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
+#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
+
+#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
+#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
+#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
+#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
+#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
+#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
+#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
+#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
+#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
+#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
+#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
+#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
+#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
+#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
+#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
+#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
+#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
+#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
+#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
+#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
+
+#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
+#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
+#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
+#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
+#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
+#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
+#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
+#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
+#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
+#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
+
+#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
+#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
+#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
+#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
+#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
+#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
+#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
+#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
+#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
+#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
+#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
+#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
+#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
+#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
+#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
+#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
+#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
+#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
+#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
+#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
+
+#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
+#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
+#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
+#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
+#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
+#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
+#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
+#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
+#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
+#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
+
+#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
+#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
+#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
+#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
+#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
+#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
+#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
+#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
+#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
+#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
+#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
+#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
+#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
+#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
+#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
+#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
+#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
+#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
+#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
+#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
+
+#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
+#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
+#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
+#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
+#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
+#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
+#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
+#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
+#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
+#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
+
+#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
+#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
+#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
+#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
+#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
+#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
+#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
+#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
+#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
+#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
+#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
+#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
+#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
+#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
+#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
+#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
+#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
+
+#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
+#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
+#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
+#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
+#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
+#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
+#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
+#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
+#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
+#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
+
+#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
+#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
+#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
+#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
+#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
+#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
+#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
+#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
+#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
+#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
+#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
+#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
+#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
+#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
+#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
+#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
+#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
+
+#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
+#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
+#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
+#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
+#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
+#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
+#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
+#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
+#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
+#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
+#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
+#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
+#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
+#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
+#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
+#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
+#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
+
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+        SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+        SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
+        SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
+        SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
+
+#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+
+#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+        SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+/* End of util/mkstack.pl block, you may now edit :-) */
+
+#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/src/lib/libcrypto/stack/stack.c b/src/lib/libcrypto/stack/stack.c
new file mode 100644
index 0000000000..c7173eb6ab
--- /dev/null
+++ b/src/lib/libcrypto/stack/stack.c
@@ -0,0 +1,340 @@
+/* crypto/stack/stack.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Code for stacks
+ * Author - Eric Young v 1.0
+ * 1.2 eay 12-Mar-97 -  Modified sk_find so that it _DOES_ return the
+ *                      lowest index for the searched item.
+ *
+ * 1.1 eay - Take from netdb and added to SSLeay
+ *
+ * 1.0 eay - First version 29/07/92
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/stack.h>
+
+#undef MIN_NODES
+#define MIN_NODES       4
+
+const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT;
+
+#include <errno.h>
+
+int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
+                (const char * const *, const char * const *)
+        {
+        int (*old)(const char * const *,const char * const *)=sk->comp;
+
+        if (sk->comp != c)
+                sk->sorted=0;
+        sk->comp=c;
+
+        return old;
+        }
+
+STACK *sk_dup(STACK *sk)
+        {
+        STACK *ret;
+        char **s;
+
+        if ((ret=sk_new(sk->comp)) == NULL) goto err;
+        s=(char **)OPENSSL_realloc((char *)ret->data,
+                (unsigned int)sizeof(char *)*sk->num_alloc);
+        if (s == NULL) goto err;
+        ret->data=s;
+
+        ret->num=sk->num;
+        memcpy(ret->data,sk->data,sizeof(char *)*sk->num);
+        ret->sorted=sk->sorted;
+        ret->num_alloc=sk->num_alloc;
+        ret->comp=sk->comp;
+        return(ret);
+err:
+        if(ret)
+                sk_free(ret);
+        return(NULL);
+        }
+
+STACK *sk_new_null(void)
+        {
+        return sk_new((int (*)(const char * const *, const char * const *))0);
+        }
+
+STACK *sk_new(int (*c)(const char * const *, const char * const *))
+        {
+        STACK *ret;
+        int i;
+
+        if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
+                goto err;
+        if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
+                goto err;
+        for (i=0; i<MIN_NODES; i++)
+                ret->data[i]=NULL;
+        ret->comp=c;
+        ret->num_alloc=MIN_NODES;
+        ret->num=0;
+        ret->sorted=0;
+        return(ret);
+err:
+        if(ret)
+                OPENSSL_free(ret);
+        return(NULL);
+        }
+
+int sk_insert(STACK *st, char *data, int loc)
+        {
+        char **s;
+
+        if(st == NULL) return 0;
+        if (st->num_alloc <= st->num+1)
+                {
+                s=(char **)OPENSSL_realloc((char *)st->data,
+                        (unsigned int)sizeof(char *)*st->num_alloc*2);
+                if (s == NULL)
+                        return(0);
+                st->data=s;
+                st->num_alloc*=2;
+                }
+        if ((loc >= (int)st->num) || (loc < 0))
+                st->data[st->num]=data;
+        else
+                {
+                int i;
+                char **f,**t;
+
+                f=(char **)st->data;
+                t=(char **)&(st->data[1]);
+                for (i=st->num; i>=loc; i--)
+                        t[i]=f[i];
+                        
+#ifdef undef /* no memmove on sunos :-( */
+                memmove( (char *)&(st->data[loc+1]),
+                        (char *)&(st->data[loc]),
+                        sizeof(char *)*(st->num-loc));
+#endif
+                st->data[loc]=data;
+                }
+        st->num++;
+        st->sorted=0;
+        return(st->num);
+        }
+
+char *sk_delete_ptr(STACK *st, char *p)
+        {
+        int i;
+
+        for (i=0; i<st->num; i++)
+                if (st->data[i] == p)
+                        return(sk_delete(st,i));
+        return(NULL);
+        }
+
+char *sk_delete(STACK *st, int loc)
+        {
+        char *ret;
+        int i,j;
+
+        if(!st || (loc < 0) || (loc >= st->num)) return NULL;
+
+        ret=st->data[loc];
+        if (loc != st->num-1)
+                {
+                j=st->num-1;
+                for (i=loc; i<j; i++)
+                        st->data[i]=st->data[i+1];
+                /* In theory memcpy is not safe for this
+                 * memcpy( &(st->data[loc]),
+                 *      &(st->data[loc+1]),
+                 *      sizeof(char *)*(st->num-loc-1));
+                 */
+                }
+        st->num--;
+        return(ret);
+        }
+
+int sk_find(STACK *st, char *data)
+        {
+        char **r;
+        int i;
+        int (*comp_func)(const void *,const void *);
+        if(st == NULL) return -1;
+
+        if (st->comp == NULL)
+                {
+                for (i=0; i<st->num; i++)
+                        if (st->data[i] == data)
+                                return(i);
+                return(-1);
+                }
+        sk_sort(st);
+        if (data == NULL) return(-1);
+        /* This (and the "qsort" below) are the two places in OpenSSL
+         * where we need to convert from our standard (type **,type **)
+         * compare callback type to the (void *,void *) type required by
+         * bsearch. However, the "data" it is being called(back) with are
+         * not (type *) pointers, but the *pointers* to (type *) pointers,
+         * so we get our extra level of pointer dereferencing that way. */
+        comp_func=(int (*)(const void *,const void *))(st->comp);
+        r=(char **)bsearch(&data,(char *)st->data,
+                st->num,sizeof(char *), comp_func);
+        if (r == NULL) return(-1);
+        i=(int)(r-st->data);
+        for ( ; i>0; i--)
+                /* This needs a cast because the type being pointed to from
+                 * the "&" expressions are (char *) rather than (const char *).
+                 * For an explanation, read:
+                 * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */
+                if ((*st->comp)((const char * const *)&(st->data[i-1]),
+                                (const char * const *)&data) < 0)
+                        break;
+        return(i);
+        }
+
+int sk_push(STACK *st, char *data)
+        {
+        return(sk_insert(st,data,st->num));
+        }
+
+int sk_unshift(STACK *st, char *data)
+        {
+        return(sk_insert(st,data,0));
+        }
+
+char *sk_shift(STACK *st)
+        {
+        if (st == NULL) return(NULL);
+        if (st->num <= 0) return(NULL);
+        return(sk_delete(st,0));
+        }
+
+char *sk_pop(STACK *st)
+        {
+        if (st == NULL) return(NULL);
+        if (st->num <= 0) return(NULL);
+        return(sk_delete(st,st->num-1));
+        }
+
+void sk_zero(STACK *st)
+        {
+        if (st == NULL) return;
+        if (st->num <= 0) return;
+        memset((char *)st->data,0,sizeof(st->data)*st->num);
+        st->num=0;
+        }
+
+void sk_pop_free(STACK *st, void (*func)(void *))
+        {
+        int i;
+
+        if (st == NULL) return;
+        for (i=0; i<st->num; i++)
+                if (st->data[i] != NULL)
+                        func(st->data[i]);
+        sk_free(st);
+        }
+
+void sk_free(STACK *st)
+        {
+        if (st == NULL) return;
+        if (st->data != NULL) OPENSSL_free(st->data);
+        OPENSSL_free(st);
+        }
+
+int sk_num(const STACK *st)
+{
+        if(st == NULL) return -1;
+        return st->num;
+}
+
+char *sk_value(const STACK *st, int i)
+{
+        if(!st || (i < 0) || (i >= st->num)) return NULL;
+        return st->data[i];
+}
+
+char *sk_set(STACK *st, int i, char *value)
+{
+        if(!st || (i < 0) || (i >= st->num)) return NULL;
+        return (st->data[i] = value);
+}
+
+void sk_sort(STACK *st)
+        {
+        if (st && !st->sorted)
+                {
+                int (*comp_func)(const void *,const void *);
+
+                /* same comment as in sk_find ... previously st->comp was declared
+                 * as a (void*,void*) callback type, but this made the population
+                 * of the callback pointer illogical - our callbacks compare
+                 * type** with type**, so we leave the casting until absolutely
+                 * necessary (ie. "now"). */
+                comp_func=(int (*)(const void *,const void *))(st->comp);
+                qsort(st->data,st->num,sizeof(char *), comp_func);
+                st->sorted=1;
+                }
+        }
+
+int sk_is_sorted(const STACK *st)
+        {
+        if (!st)
+                return 1;
+        return st->sorted;
+        }
diff --git a/src/lib/libcrypto/stack/stack.h b/src/lib/libcrypto/stack/stack.h
new file mode 100644
index 0000000000..7570b85fe8
--- /dev/null
+++ b/src/lib/libcrypto/stack/stack.h
@@ -0,0 +1,108 @@
+/* crypto/stack/stack.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_STACK_H
+#define HEADER_STACK_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct stack_st
+        {
+        int num;
+        char **data;
+        int sorted;
+
+        int num_alloc;
+        int (*comp)(const char * const *, const char * const *);
+        } STACK;
+
+#define M_sk_num(sk)            ((sk) ? (sk)->num:-1)
+#define M_sk_value(sk,n)        ((sk) ? (sk)->data[n] : NULL)
+
+int sk_num(const STACK *);
+char *sk_value(const STACK *, int);
+
+char *sk_set(STACK *, int, char *);
+
+STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
+STACK *sk_new_null(void);
+void sk_free(STACK *);
+void sk_pop_free(STACK *st, void (*func)(void *));
+int sk_insert(STACK *sk,char *data,int where);
+char *sk_delete(STACK *st,int loc);
+char *sk_delete_ptr(STACK *st, char *p);
+int sk_find(STACK *st,char *data);
+int sk_push(STACK *st,char *data);
+int sk_unshift(STACK *st,char *data);
+char *sk_shift(STACK *st);
+char *sk_pop(STACK *st);
+void sk_zero(STACK *st);
+int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
+                        const char * const *)))
+                        (const char * const *, const char * const *);
+STACK *sk_dup(STACK *st);
+void sk_sort(STACK *st);
+int sk_is_sorted(const STACK *st);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/txt_db/Makefile.ssl b/src/lib/libcrypto/txt_db/Makefile.ssl
new file mode 100644
index 0000000000..6221dfae4d
--- /dev/null
+++ b/src/lib/libcrypto/txt_db/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/txt_db/Makefile
+#
+
+DIR=    txt_db
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= txt_db.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+txt_db.o: ../../e_os.h ../../include/openssl/bio.h
+txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h txt_db.c
diff --git a/src/lib/libcrypto/txt_db/txt_db.c b/src/lib/libcrypto/txt_db/txt_db.c
new file mode 100644
index 0000000000..58b300b00b
--- /dev/null
+++ b/src/lib/libcrypto/txt_db/txt_db.c
@@ -0,0 +1,383 @@
+/* crypto/txt_db/txt_db.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/txt_db.h>
+
+#undef BUFSIZE
+#define BUFSIZE 512
+
+const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT;
+
+TXT_DB *TXT_DB_read(BIO *in, int num)
+        {
+        TXT_DB *ret=NULL;
+        int er=1;
+        int esc=0;
+        long ln=0;
+        int i,add,n;
+        int size=BUFSIZE;
+        int offset=0;
+        char *p,**pp,*f;
+        BUF_MEM *buf=NULL;
+
+        if ((buf=BUF_MEM_new()) == NULL) goto err;
+        if (!BUF_MEM_grow(buf,size)) goto err;
+
+        if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
+                goto err;
+        ret->num_fields=num;
+        ret->index=NULL;
+        ret->qual=NULL;
+        if ((ret->data=sk_new_null()) == NULL)
+                goto err;
+        if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
+                goto err;
+        if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL)
+                goto err;
+        for (i=0; i<num; i++)
+                {
+                ret->index[i]=NULL;
+                ret->qual[i]=NULL;
+                }
+
+        add=(num+1)*sizeof(char *);
+        buf->data[size-1]='\0';
+        offset=0;
+        for (;;)
+                {
+                if (offset != 0)
+                        {
+                        size+=BUFSIZE;
+                        if (!BUF_MEM_grow_clean(buf,size)) goto err;
+                        }
+                buf->data[offset]='\0';
+                BIO_gets(in,&(buf->data[offset]),size-offset);
+                ln++;
+                if (buf->data[offset] == '\0') break;
+                if ((offset == 0) && (buf->data[0] == '#')) continue;
+                i=strlen(&(buf->data[offset]));
+                offset+=i;
+                if (buf->data[offset-1] != '\n')
+                        continue;
+                else
+                        {
+                        buf->data[offset-1]='\0'; /* blat the '\n' */
+                        if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
+                        offset=0;
+                        }
+                pp=(char **)p;
+                p+=add;
+                n=0;
+                pp[n++]=p;
+                i=0;
+                f=buf->data;
+
+                esc=0;
+                for (;;)
+                        {
+                        if (*f == '\0') break;
+                        if (*f == '\t')
+                                {
+                                if (esc)
+                                        p--;
+                                else
+                                        {       
+                                        *(p++)='\0';
+                                        f++;
+                                        if (n >=  num) break;
+                                        pp[n++]=p;
+                                        continue;
+                                        }
+                                }
+                        esc=(*f == '\\');
+                        *(p++)= *(f++);
+                        }
+                *(p++)='\0';
+                if ((n != num) || (*f != '\0'))
+                        {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
+                        fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
+#endif
+                        er=2;
+                        goto err;
+                        }
+                pp[n]=p;
+                if (!sk_push(ret->data,(char *)pp))
+                        {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)   /* temporaty fix :-( */
+                        fprintf(stderr,"failure in sk_push\n");
+#endif
+                        er=2;
+                        goto err;
+                        }
+                }
+        er=0;
+err:
+        BUF_MEM_free(buf);
+        if (er)
+                {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+                if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
+#endif
+                if (ret->data != NULL) sk_free(ret->data);
+                if (ret->index != NULL) OPENSSL_free(ret->index);
+                if (ret->qual != NULL) OPENSSL_free(ret->qual);
+                if (ret != NULL) OPENSSL_free(ret);
+                return(NULL);
+                }
+        else
+                return(ret);
+        }
+
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
+        {
+        char **ret;
+        LHASH *lh;
+
+        if (idx >= db->num_fields)
+                {
+                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
+                return(NULL);
+                }
+        lh=db->index[idx];
+        if (lh == NULL)
+                {
+                db->error=DB_ERROR_NO_INDEX;
+                return(NULL);
+                }
+        ret=(char **)lh_retrieve(lh,value);
+        db->error=DB_ERROR_OK;
+        return(ret);
+        }
+
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(),
+                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
+        {
+        LHASH *idx;
+        char *r;
+        int i,n;
+
+        if (field >= db->num_fields)
+                {
+                db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
+                return(0);
+                }
+        if ((idx=lh_new(hash,cmp)) == NULL)
+                {
+                db->error=DB_ERROR_MALLOC;
+                return(0);
+                }
+        n=sk_num(db->data);
+        for (i=0; i<n; i++)
+                {
+                r=(char *)sk_value(db->data,i);
+                if ((qual != NULL) && (qual(r) == 0)) continue;
+                if ((r=lh_insert(idx,r)) != NULL)
+                        {
+                        db->error=DB_ERROR_INDEX_CLASH;
+                        db->arg1=sk_find(db->data,r);
+                        db->arg2=i;
+                        lh_free(idx);
+                        return(0);
+                        }
+                }
+        if (db->index[field] != NULL) lh_free(db->index[field]);
+        db->index[field]=idx;
+        db->qual[field]=qual;
+        return(1);
+        }
+
+long TXT_DB_write(BIO *out, TXT_DB *db)
+        {
+        long i,j,n,nn,l,tot=0;
+        char *p,**pp,*f;
+        BUF_MEM *buf=NULL;
+        long ret= -1;
+
+        if ((buf=BUF_MEM_new()) == NULL)
+                goto err;
+        n=sk_num(db->data);
+        nn=db->num_fields;
+        for (i=0; i<n; i++)
+                {
+                pp=(char **)sk_value(db->data,i);
+
+                l=0;
+                for (j=0; j<nn; j++)
+                        {
+                        if (pp[j] != NULL)
+                                l+=strlen(pp[j]);
+                        }
+                if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
+
+                p=buf->data;
+                for (j=0; j<nn; j++)
+                        {
+                        f=pp[j];
+                        if (f != NULL)
+                                for (;;) 
+                                        {
+                                        if (*f == '\0') break;
+                                        if (*f == '\t') *(p++)='\\';
+                                        *(p++)= *(f++);
+                                        }
+                        *(p++)='\t';
+                        }
+                p[-1]='\n';
+                j=p-buf->data;
+                if (BIO_write(out,buf->data,(int)j) != j)
+                        goto err;
+                tot+=j;
+                }
+        ret=tot;
+err:
+        if (buf != NULL) BUF_MEM_free(buf);
+        return(ret);
+        }
+
+int TXT_DB_insert(TXT_DB *db, char **row)
+        {
+        int i;
+        char **r;
+
+        for (i=0; i<db->num_fields; i++)
+                {
+                if (db->index[i] != NULL)
+                        {
+                        if ((db->qual[i] != NULL) &&
+                                (db->qual[i](row) == 0)) continue;
+                        r=(char **)lh_retrieve(db->index[i],row);
+                        if (r != NULL)
+                                {
+                                db->error=DB_ERROR_INDEX_CLASH;
+                                db->arg1=i;
+                                db->arg_row=r;
+                                goto err;
+                                }
+                        }
+                }
+        /* We have passed the index checks, now just append and insert */
+        if (!sk_push(db->data,(char *)row))
+                {
+                db->error=DB_ERROR_MALLOC;
+                goto err;
+                }
+
+        for (i=0; i<db->num_fields; i++)
+                {
+                if (db->index[i] != NULL)
+                        {
+                        if ((db->qual[i] != NULL) &&
+                                (db->qual[i](row) == 0)) continue;
+                        lh_insert(db->index[i],row);
+                        }
+                }
+        return(1);
+err:
+        return(0);
+        }
+
+void TXT_DB_free(TXT_DB *db)
+        {
+        int i,n;
+        char **p,*max;
+
+        if(db == NULL)
+            return;
+
+        if (db->index != NULL)
+                {
+                for (i=db->num_fields-1; i>=0; i--)
+                        if (db->index[i] != NULL) lh_free(db->index[i]);
+                OPENSSL_free(db->index);
+                }
+        if (db->qual != NULL)
+                OPENSSL_free(db->qual);
+        if (db->data != NULL)
+                {
+                for (i=sk_num(db->data)-1; i>=0; i--)
+                        {
+                        /* check if any 'fields' have been allocated
+                         * from outside of the initial block */
+                        p=(char **)sk_value(db->data,i);
+                        max=p[db->num_fields]; /* last address */
+                        if (max == NULL) /* new row */
+                                {
+                                for (n=0; n<db->num_fields; n++)
+                                        if (p[n] != NULL) OPENSSL_free(p[n]);
+                                }
+                        else
+                                {
+                                for (n=0; n<db->num_fields; n++)
+                                        {
+                                        if (((p[n] < (char *)p) || (p[n] > max))
+                                                && (p[n] != NULL))
+                                                OPENSSL_free(p[n]);
+                                        }
+                                }
+                        OPENSSL_free(sk_value(db->data,i));
+                        }
+                sk_free(db->data);
+                }
+        OPENSSL_free(db);
+        }
diff --git a/src/lib/libcrypto/txt_db/txt_db.h b/src/lib/libcrypto/txt_db/txt_db.h
new file mode 100644
index 0000000000..563392aeff
--- /dev/null
+++ b/src/lib/libcrypto/txt_db/txt_db.h
@@ -0,0 +1,108 @@
+/* crypto/txt_db/txt_db.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_TXT_DB_H
+#define HEADER_TXT_DB_H
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+
+#define DB_ERROR_OK                     0
+#define DB_ERROR_MALLOC                 1
+#define DB_ERROR_INDEX_CLASH            2
+#define DB_ERROR_INDEX_OUT_OF_RANGE     3
+#define DB_ERROR_NO_INDEX               4
+#define DB_ERROR_INSERT_INDEX_CLASH     5
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct txt_db_st
+        {
+        int num_fields;
+        STACK /* char ** */ *data;
+        LHASH **index;
+        int (**qual)();
+        long error;
+        long arg1;
+        long arg2;
+        char **arg_row;
+        } TXT_DB;
+
+#ifndef OPENSSL_NO_BIO
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+#else
+TXT_DB *TXT_DB_read(char *in, int num);
+long TXT_DB_write(char *out, TXT_DB *db);
+#endif
+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(),
+                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
+void TXT_DB_free(TXT_DB *db);
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
+int TXT_DB_insert(TXT_DB *db,char **value);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/ui/Makefile.ssl b/src/lib/libcrypto/ui/Makefile.ssl
new file mode 100644
index 0000000000..ba46951d1c
--- /dev/null
+++ b/src/lib/libcrypto/ui/Makefile.ssl
@@ -0,0 +1,117 @@
+#
+# OpenSSL/crypto/ui/Makefile
+#
+
+DIR=    ui
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= uitest.c
+TEST=
+APPS=
+
+COMPATSRC= ui_compat.c
+COMPATOBJ= ui_compat.o
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)
+LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ui.h ui_compat.h
+HEADER= $(EXHEADER) ui_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ui_compat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_compat.o: ../../include/openssl/opensslconf.h
+ui_compat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_compat.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ui_compat.o: ui_compat.c
+ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_err.o: ../../include/openssl/ui.h ui_err.c
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h
+ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_openssl.o: ../../include/openssl/opensslv.h
+ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c
+ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ui_util.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_util.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_util.o: ui_util.c
diff --git a/src/lib/libcrypto/ui/ui.h b/src/lib/libcrypto/ui/ui.h
new file mode 100644
index 0000000000..735a2d988e
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui.h
@@ -0,0 +1,387 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_H
+#define HEADER_UI_H
+
+#include <openssl/crypto.h>
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* The UI type is a holder for a specific user interface session.  It can
+   contain an illimited number of informational or error strings as well
+   as things to prompt for, both passwords (noecho mode) and others (echo
+   mode), and verification of the same.  All of these are called strings,
+   and are further described below. */
+typedef struct ui_st UI;
+
+/* All instances of UI have a reference to a method structure, which is a
+   ordered vector of functions that implement the lower level things to do.
+   There is an instruction on the implementation further down, in the section
+   for method implementors. */
+typedef struct ui_method_st UI_METHOD;
+
+
+/* All the following functions return -1 or NULL on error and in some cases
+   (UI_process()) -2 if interrupted or in some other way cancelled.
+   When everything is fine, they return 0, a positive value or a non-NULL
+   pointer, all depending on their purpose. */
+
+/* Creators and destructor.   */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/* The following functions are used to add strings to be printed and prompt
+   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
+   and UI_{add,dup}_input_boolean.
+
+   UI_{add,dup}_<function>_string have the following meanings:
+        add     add a text or prompt string.  The pointers given to these
+                functions are used verbatim, no copying is done.
+        dup     make a copy of the text or prompt string, then add the copy
+                to the collection of strings in the user interface.
+        <function>
+                The function is a name for the functionality that the given
+                string shall be used for.  It can be one of:
+                        input   use the string as data prompt.
+                        verify  use the string as verification prompt.  This
+                                is used to verify a previous input.
+                        info    use the string for informational output.
+                        error   use the string for error output.
+   Honestly, there's currently no difference between info and error for the
+   moment.
+
+   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+   and are typically used when one wants to prompt for a yes/no response.
+
+
+   All of the functions in this group take a UI and a prompt string.
+   The string input and verify addition functions also take a flag argument,
+   a buffer for the result to end up with, a minimum input size and a maximum
+   input size (the result buffer MUST be large enough to be able to contain
+   the maximum number of characters).  Additionally, the verify addition
+   functions takes another buffer to compare the result against.
+   The boolean input functions take an action description string (which should
+   be safe to ignore if the expected user action is obvious, for example with
+   a dialog box with an OK button and a Cancel button), a string of acceptable
+   characters to mean OK and to mean Cancel.  The two last strings are checked
+   to make sure they don't have common characters.  Additionally, the same
+   flag argument as for the string input is taken, as well as a result buffer.
+   The result buffer is required to be at least one byte long.  Depending on
+   the answer, the first character from the OK or the Cancel character strings
+   will be stored in the first byte of the result buffer.  No NUL will be
+   added, so the result is *not* a string.
+
+   On success, the all return an index of the added information.  That index
+   is usefull when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize, const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize, const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+        const char *ok_chars, const char *cancel_chars,
+        int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+        const char *ok_chars, const char *cancel_chars,
+        int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags.  They can be or'ed together. */
+/* Use to have echoing of input */
+#define UI_INPUT_FLAG_ECHO              0x01
+/* Use a default password.  Where that password is found is completely
+   up to the application, it might for example be in the user data set
+   with UI_add_user_data().  It is not recommended to have more than
+   one input in each UI being marked with this flag, or the application
+   might get confused. */
+#define UI_INPUT_FLAG_DEFAULT_PWD       0x02
+
+/* The user of these routines may want to define flags of their own.  The core
+   UI won't look at those, but will pass them on to the method routines.  They
+   must use higher bits so they don't get confused with the UI bits above.
+   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+   example of use is this:
+
+        #define MY_UI_FLAG1     (0x01 << UI_INPUT_FLAG_USER_BASE)
+
+*/
+#define UI_INPUT_FLAG_USER_BASE 16
+
+
+/* The following function helps construct a prompt.  object_desc is a
+   textual short description of the object, for example "pass phrase",
+   and object_name is the name of the object (might be a card name or
+   a file name.
+   The returned string shall always be allocated on the heap with
+   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+
+   If the ui_method doesn't contain a pointer to a user-defined prompt
+   constructor, a default string is built, looking like this:
+
+        "Enter {object_desc} for {object_name}:"
+
+   So, if object_desc has the value "pass phrase" and object_name has
+   the value "foo.key", the resulting string is:
+
+        "Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+        const char *object_desc, const char *object_name);
+
+
+/* The following function is used to store a pointer to user-specific data.
+   Any previous such pointer will be returned and replaced.
+
+   For callback purposes, this function makes a lot more sense than using
+   ex_data, since the latter requires that different parts of OpenSSL or
+   applications share the same ex_data index.
+
+   Note that the UI_OpenSSL() method completely ignores the user data.
+   Other methods may not, however.  */
+void *UI_add_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well.  */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/* Give a user interface parametrised control commands.  This can be used to
+   send down an integer, a data pointer or a function pointer, as well as
+   be used to get information from a UI. */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+
+/* The commands */
+/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+   OpenSSL error stack before printing any info or added error messages and
+   before any prompting. */
+#define UI_CTRL_PRINT_ERRORS            1
+/* Check if a UI_process() is possible to do again with the same instance of
+   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+   if not. */
+#define UI_CTRL_IS_REDOABLE             2
+
+
+/* Some methods may use extra data */
+#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
+#define UI_get_app_data(s)             UI_get_ex_data(s,0)
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int UI_set_ex_data(UI *r,int idx,void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+
+/* ---------- For method writers ---------- */
+/* A method contains a number of functions that implement the low level
+   of the User Interface.  The functions are:
+
+        an opener       This function starts a session, maybe by opening
+                        a channel to a tty, or by opening a window.
+        a writer        This function is called to write a given string,
+                        maybe to the tty, maybe as a field label in a
+                        window.
+        a flusher       This function is called to flush everything that
+                        has been output so far.  It can be used to actually
+                        display a dialog box after it has been built.
+        a reader        This function is called to read a given prompt,
+                        maybe from the tty, maybe from a field in a
+                        window.  Note that it's called wth all string
+                        structures, not only the prompt ones, so it must
+                        check such things itself.
+        a closer        This function closes the session, maybe by closing
+                        the channel to the tty, or closing the window.
+
+   All these functions are expected to return:
+
+        0       on error.
+        1       on success.
+        -1      on out-of-band events, for example if some prompting has
+                been canceled (by pressing Ctrl-C, for example).  This is
+                only checked when returned by the flusher or the reader.
+
+   The way this is used, the opener is first called, then the writer for all
+   strings, then the flusher, then the reader for all strings and finally the
+   closer.  Note that if you want to prompt from a terminal or other command
+   line interface, the best is to have the reader also write the prompts
+   instead of having the writer do it.  If you want to prompt from a dialog
+   box, the writer can be used to build up the contents of the box, and the
+   flusher to actually display the box and run the event loop until all data
+   has been given, after which the reader only grabs the given data and puts
+   them back into the UI strings.
+
+   All method functions take a UI as argument.  Additionally, the writer and
+   the reader take a UI_STRING.
+*/
+
+/* The UI_STRING type is the data structure that contains all the needed info
+   about a string or a prompt, including test data for a verification prompt.
+*/
+DECLARE_STACK_OF(UI_STRING)
+typedef struct ui_string_st UI_STRING;
+
+/* The different types of strings that are currently supported.
+   This is only needed by method authors. */
+enum UI_string_types
+        {
+        UIT_NONE=0,
+        UIT_PROMPT,             /* Prompt for a string */
+        UIT_VERIFY,             /* Prompt for a string and verify */
+        UIT_BOOLEAN,            /* Prompt for a yes/no response */
+        UIT_INFO,               /* Send info to the user */
+        UIT_ERROR               /* Send an error message to the user */
+        };
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
+int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
+int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
+int (*UI_method_get_opener(UI_METHOD *method))(UI*);
+int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
+int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
+int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
+int (*UI_method_get_closer(UI_METHOD *method))(UI*);
+
+/* The following functions are helpers for method writers to access relevant
+   data from a UI_STRING. */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/* Return the optional action string to output (the boolean promtp instruction) */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+/* Return the string to test the result against.  Only useful with verifies. */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_UI_strings(void);
+
+/* Error codes for the UI functions. */
+
+/* Function codes. */
+#define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
+#define UI_F_GENERAL_ALLOCATE_PROMPT                     109
+#define UI_F_GENERAL_ALLOCATE_STRING                     100
+#define UI_F_UI_CTRL                                     111
+#define UI_F_UI_DUP_ERROR_STRING                         101
+#define UI_F_UI_DUP_INFO_STRING                          102
+#define UI_F_UI_DUP_INPUT_BOOLEAN                        110
+#define UI_F_UI_DUP_INPUT_STRING                         103
+#define UI_F_UI_DUP_VERIFY_STRING                        106
+#define UI_F_UI_GET0_RESULT                              107
+#define UI_F_UI_NEW_METHOD                               104
+#define UI_F_UI_SET_RESULT                               105
+
+/* Reason codes. */
+#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
+#define UI_R_INDEX_TOO_LARGE                             102
+#define UI_R_INDEX_TOO_SMALL                             103
+#define UI_R_NO_RESULT_BUFFER                            105
+#define UI_R_RESULT_TOO_LARGE                            100
+#define UI_R_RESULT_TOO_SMALL                            101
+#define UI_R_UNKNOWN_CONTROL_COMMAND                     106
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/ui/ui_compat.h b/src/lib/libcrypto/ui/ui_compat.h
new file mode 100644
index 0000000000..b35c9bb7fd
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_compat.h
@@ -0,0 +1,83 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_COMPAT_H
+#define HEADER_UI_COMPAT_H
+
+#include <openssl/opensslconf.h>
+#include <openssl/ui.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* The following functions were previously part of the DES section,
+   and are provided here for backward compatibility reasons. */
+
+#define des_read_pw_string(b,l,p,v) \
+        _ossl_old_des_read_pw_string((b),(l),(p),(v))
+#define des_read_pw(b,bf,s,p,v) \
+        _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
+
+int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/ui/ui_err.c b/src/lib/libcrypto/ui/ui_err.c
new file mode 100644
index 0000000000..39a62ae737
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_err.c
@@ -0,0 +1,111 @@
+/* crypto/ui/ui_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA UI_str_functs[]=
+        {
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0),   "GENERAL_ALLOCATE_BOOLEAN"},
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0),    "GENERAL_ALLOCATE_PROMPT"},
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0),    "GENERAL_ALLOCATE_STRING"},
+{ERR_PACK(0,UI_F_UI_CTRL,0),    "UI_ctrl"},
+{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0),        "UI_dup_error_string"},
+{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0), "UI_dup_info_string"},
+{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0),       "UI_dup_input_boolean"},
+{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0),        "UI_dup_input_string"},
+{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0),       "UI_dup_verify_string"},
+{ERR_PACK(0,UI_F_UI_GET0_RESULT,0),     "UI_get0_result"},
+{ERR_PACK(0,UI_F_UI_NEW_METHOD,0),      "UI_new_method"},
+{ERR_PACK(0,UI_F_UI_SET_RESULT,0),      "UI_set_result"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA UI_str_reasons[]=
+        {
+{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS    ,"common ok and cancel characters"},
+{UI_R_INDEX_TOO_LARGE                    ,"index too large"},
+{UI_R_INDEX_TOO_SMALL                    ,"index too small"},
+{UI_R_NO_RESULT_BUFFER                   ,"no result buffer"},
+{UI_R_RESULT_TOO_LARGE                   ,"result too large"},
+{UI_R_RESULT_TOO_SMALL                   ,"result too small"},
+{UI_R_UNKNOWN_CONTROL_COMMAND            ,"unknown control command"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_UI_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_UI,UI_str_functs);
+                ERR_load_strings(ERR_LIB_UI,UI_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
new file mode 100644
index 0000000000..dbc9711a2d
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -0,0 +1,902 @@
+/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_locl.h"
+#include "cryptlib.h"
+
+IMPLEMENT_STACK_OF(UI_STRING_ST)
+
+static const UI_METHOD *default_UI_meth=NULL;
+
+UI *UI_new(void)
+        {
+        return(UI_new_method(NULL));
+        }
+
+UI *UI_new_method(const UI_METHOD *method)
+        {
+        UI *ret;
+
+        ret=(UI *)OPENSSL_malloc(sizeof(UI));
+        if (ret == NULL)
+                {
+                UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        if (method == NULL)
+                ret->meth=UI_get_default_method();
+        else
+                ret->meth=method;
+
+        ret->strings=NULL;
+        ret->user_data=NULL;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+        return ret;
+        }
+
+static void free_string(UI_STRING *uis)
+        {
+        if (uis->flags & OUT_STRING_FREEABLE)
+                {
+                OPENSSL_free((char *)uis->out_string);
+                switch(uis->type)
+                        {
+                case UIT_BOOLEAN:
+                        OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+                        OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+                        OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+                        break;
+                default:
+                        break;
+                        }
+                }
+        OPENSSL_free(uis);
+        }
+
+void UI_free(UI *ui)
+        {
+        if (ui == NULL)
+                return;
+        sk_UI_STRING_pop_free(ui->strings,free_string);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+        OPENSSL_free(ui);
+        }
+
+static int allocate_string_stack(UI *ui)
+        {
+        if (ui->strings == NULL)
+                {
+                ui->strings=sk_UI_STRING_new_null();
+                if (ui->strings == NULL)
+                        {
+                        return -1;
+                        }
+                }
+        return 0;
+        }
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+        int prompt_freeable, enum UI_string_types type, int input_flags,
+        char *result_buf)
+        {
+        UI_STRING *ret = NULL;
+
+        if (prompt == NULL)
+                {
+                UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);
+                }
+        else if ((type == UIT_PROMPT || type == UIT_VERIFY
+                         || type == UIT_BOOLEAN) && result_buf == NULL)
+                {
+                UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);
+                }
+        else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))
+                {
+                ret->out_string=prompt;
+                ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;
+                ret->input_flags=input_flags;
+                ret->type=type;
+                ret->result_buf=result_buf;
+                }
+        return ret;
+        }
+
+static int general_allocate_string(UI *ui, const char *prompt,
+        int prompt_freeable, enum UI_string_types type, int input_flags,
+        char *result_buf, int minsize, int maxsize, const char *test_buf)
+        {
+        int ret = -1;
+        UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                type, input_flags, result_buf);
+
+        if (s)
+                {
+                if (allocate_string_stack(ui) >= 0)
+                        {
+                        s->_.string_data.result_minsize=minsize;
+                        s->_.string_data.result_maxsize=maxsize;
+                        s->_.string_data.test_buf=test_buf;
+                        ret=sk_UI_STRING_push(ui->strings, s);
+                        /* sk_push() returns 0 on error.  Let's addapt that */
+                        if (ret <= 0) ret--;
+                        }
+                else
+                        free_string(s);
+                }
+        return ret;
+        }
+
+static int general_allocate_boolean(UI *ui,
+        const char *prompt, const char *action_desc,
+        const char *ok_chars, const char *cancel_chars,
+        int prompt_freeable, enum UI_string_types type, int input_flags,
+        char *result_buf)
+        {
+        int ret = -1;
+        UI_STRING *s;
+        const char *p;
+
+        if (ok_chars == NULL)
+                {
+                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
+                }
+        else if (cancel_chars == NULL)
+                {
+                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
+                }
+        else
+                {
+                for(p = ok_chars; *p; p++)
+                        {
+                        if (strchr(cancel_chars, *p))
+                                {
+                                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+                                        UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+                                }
+                        }
+
+                s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                        type, input_flags, result_buf);
+
+                if (s)
+                        {
+                        if (allocate_string_stack(ui) >= 0)
+                                {
+                                s->_.boolean_data.action_desc = action_desc;
+                                s->_.boolean_data.ok_chars = ok_chars;
+                                s->_.boolean_data.cancel_chars = cancel_chars;
+                                ret=sk_UI_STRING_push(ui->strings, s);
+                                /* sk_push() returns 0 on error.
+                                   Let's addapt that */
+                                if (ret <= 0) ret--;
+                                }
+                        else
+                                free_string(s);
+                        }
+                }
+        return ret;
+        }
+
+/* Returns the index to the place in the stack or -1 for error.  Uses a
+   direct reference to the prompt.  */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize)
+        {
+        return general_allocate_string(ui, prompt, 0,
+                UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
+        }
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize)
+        {
+        char *prompt_copy=NULL;
+
+        if (prompt)
+                {
+                prompt_copy=BUF_strdup(prompt);
+                if (prompt_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+        
+        return general_allocate_string(ui, prompt_copy, 1,
+                UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
+        }
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize, const char *test_buf)
+        {
+        return general_allocate_string(ui, prompt, 0,
+                UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
+        }
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+        char *result_buf, int minsize, int maxsize, const char *test_buf)
+        {
+        char *prompt_copy=NULL;
+
+        if (prompt)
+                {
+                prompt_copy=BUF_strdup(prompt);
+                if (prompt_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                }
+        
+        return general_allocate_string(ui, prompt_copy, 1,
+                UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
+        }
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+        const char *ok_chars, const char *cancel_chars,
+        int flags, char *result_buf)
+        {
+        return general_allocate_boolean(ui, prompt, action_desc,
+                ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);
+        }
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+        const char *ok_chars, const char *cancel_chars,
+        int flags, char *result_buf)
+        {
+        char *prompt_copy = NULL;
+        char *action_desc_copy = NULL;
+        char *ok_chars_copy = NULL;
+        char *cancel_chars_copy = NULL;
+
+        if (prompt)
+                {
+                prompt_copy=BUF_strdup(prompt);
+                if (prompt_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        
+        if (action_desc)
+                {
+                action_desc_copy=BUF_strdup(action_desc);
+                if (action_desc_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        
+        if (ok_chars)
+                {
+                ok_chars_copy=BUF_strdup(ok_chars);
+                if (ok_chars_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        
+        if (cancel_chars)
+                {
+                cancel_chars_copy=BUF_strdup(cancel_chars);
+                if (cancel_chars_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        
+        return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
+                result_buf);
+ err:
+        if (prompt_copy) OPENSSL_free(prompt_copy);
+        if (action_desc_copy) OPENSSL_free(action_desc_copy);
+        if (ok_chars_copy) OPENSSL_free(ok_chars_copy);
+        if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);
+        return -1;
+        }
+
+int UI_add_info_string(UI *ui, const char *text)
+        {
+        return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+                NULL);
+        }
+
+int UI_dup_info_string(UI *ui, const char *text)
+        {
+        char *text_copy=NULL;
+
+        if (text)
+                {
+                text_copy=BUF_strdup(text);
+                if (text_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                }
+
+        return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                0, 0, NULL);
+        }
+
+int UI_add_error_string(UI *ui, const char *text)
+        {
+        return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+                NULL);
+        }
+
+int UI_dup_error_string(UI *ui, const char *text)
+        {
+        char *text_copy=NULL;
+
+        if (text)
+                {
+                text_copy=BUF_strdup(text);
+                if (text_copy == NULL)
+                        {
+                        UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);
+                        return -1;
+                        }
+                }
+        return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                0, 0, NULL);
+        }
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+        const char *object_name)
+        {
+        char *prompt = NULL;
+
+        if (ui->meth->ui_construct_prompt)
+                prompt = ui->meth->ui_construct_prompt(ui,
+                        object_desc, object_name);
+        else
+                {
+                char prompt1[] = "Enter ";
+                char prompt2[] = " for ";
+                char prompt3[] = ":";
+                int len = 0;
+
+                if (object_desc == NULL)
+                        return NULL;
+                len = sizeof(prompt1) - 1 + strlen(object_desc);
+                if (object_name)
+                        len += sizeof(prompt2) - 1 + strlen(object_name);
+                len += sizeof(prompt3) - 1;
+
+                prompt = (char *)OPENSSL_malloc(len + 1);
+                BUF_strlcpy(prompt, prompt1, len + 1);
+                BUF_strlcat(prompt, object_desc, len + 1);
+                if (object_name)
+                        {
+                        BUF_strlcat(prompt, prompt2, len + 1);
+                        BUF_strlcat(prompt, object_name, len + 1);
+                        }
+                BUF_strlcat(prompt, prompt3, len + 1);
+                }
+        return prompt;
+        }
+
+void *UI_add_user_data(UI *ui, void *user_data)
+        {
+        void *old_data = ui->user_data;
+        ui->user_data = user_data;
+        return old_data;
+        }
+
+void *UI_get0_user_data(UI *ui)
+        {
+        return ui->user_data;
+        }
+
+const char *UI_get0_result(UI *ui, int i)
+        {
+        if (i < 0)
+                {
+                UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);
+                return NULL;
+                }
+        if (i >= sk_UI_STRING_num(ui->strings))
+                {
+                UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);
+                return NULL;
+                }
+        return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+        }
+
+static int print_error(const char *str, size_t len, UI *ui)
+        {
+        UI_STRING uis;
+
+        memset(&uis, 0, sizeof(uis));
+        uis.type = UIT_ERROR;
+        uis.out_string = str;
+
+        if (ui->meth->ui_write_string
+                && !ui->meth->ui_write_string(ui, &uis))
+                return -1;
+        return 0;
+        }
+
+int UI_process(UI *ui)
+        {
+        int i, ok=0;
+
+        if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
+                return -1;
+
+        if (ui->flags & UI_FLAG_PRINT_ERRORS)
+                ERR_print_errors_cb(
+                        (int (*)(const char *, size_t, void *))print_error,
+                        (void *)ui);
+
+        for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
+                {
+                if (ui->meth->ui_write_string
+                        && !ui->meth->ui_write_string(ui,
+                                sk_UI_STRING_value(ui->strings, i)))
+                        {
+                        ok=-1;
+                        goto err;
+                        }
+                }
+
+        if (ui->meth->ui_flush)
+                switch(ui->meth->ui_flush(ui))
+                        {
+                case -1: /* Interrupt/Cancel/something... */
+                        ok = -2;
+                        goto err;
+                case 0: /* Errors */
+                        ok = -1;
+                        goto err;
+                default: /* Success */
+                        ok = 0;
+                        break;
+                        }
+
+        for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
+                {
+                if (ui->meth->ui_read_string)
+                        {
+                        switch(ui->meth->ui_read_string(ui,
+                                sk_UI_STRING_value(ui->strings, i)))
+                                {
+                        case -1: /* Interrupt/Cancel/something... */
+                                ok = -2;
+                                goto err;
+                        case 0: /* Errors */
+                                ok = -1;
+                                goto err;
+                        default: /* Success */
+                                ok = 0;
+                                break;
+                                }
+                        }
+                }
+ err:
+        if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
+                return -1;
+        return ok;
+        }
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)())
+        {
+        if (ui == NULL)
+                {
+                UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return -1;
+                }
+        switch(cmd)
+                {
+        case UI_CTRL_PRINT_ERRORS:
+                {
+                int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
+                if (i)
+                        ui->flags |= UI_FLAG_PRINT_ERRORS;
+                else
+                        ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+                return save_flag;
+                }
+        case UI_CTRL_IS_REDOABLE:
+                return !!(ui->flags & UI_FLAG_REDOABLE);
+        default:
+                break;
+                }
+        UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);
+        return -1;
+        }
+
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *UI_get_ex_data(UI *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+void UI_set_default_method(const UI_METHOD *meth)
+        {
+        default_UI_meth=meth;
+        }
+
+const UI_METHOD *UI_get_default_method(void)
+        {
+        if (default_UI_meth == NULL)
+                {
+                default_UI_meth=UI_OpenSSL();
+                }
+        return default_UI_meth;
+        }
+
+const UI_METHOD *UI_get_method(UI *ui)
+        {
+        return ui->meth;
+        }
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+        {
+        ui->meth=meth;
+        return ui->meth;
+        }
+
+
+UI_METHOD *UI_create_method(char *name)
+        {
+        UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
+
+        if (ui_method)
+                memset(ui_method, 0, sizeof(*ui_method));
+        ui_method->name = BUF_strdup(name);
+        return ui_method;
+        }
+
+/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
+   (that is, it hasn't been allocated using UI_create_method(), you deserve
+   anything Murphy can throw at you and more!  You have been warned. */
+void UI_destroy_method(UI_METHOD *ui_method)
+        {
+        OPENSSL_free(ui_method->name);
+        ui_method->name = NULL;
+        OPENSSL_free(ui_method);
+        }
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
+        {
+        if (method)
+                {
+                method->ui_open_session = opener;
+                return 0;
+                }
+        else
+                return -1;
+        }
+
+int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
+        {
+        if (method)
+                {
+                method->ui_write_string = writer;
+                return 0;
+                }
+        else
+                return -1;
+        }
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))
+        {
+        if (method)
+                {
+                method->ui_flush = flusher;
+                return 0;
+                }
+        else
+                return -1;
+        }
+
+int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
+        {
+        if (method)
+                {
+                method->ui_read_string = reader;
+                return 0;
+                }
+        else
+                return -1;
+        }
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
+        {
+        if (method)
+                {
+                method->ui_close_session = closer;
+                return 0;
+                }
+        else
+                return -1;
+        }
+
+int (*UI_method_get_opener(UI_METHOD *method))(UI*)
+        {
+        if (method)
+                return method->ui_open_session;
+        else
+                return NULL;
+        }
+
+int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)
+        {
+        if (method)
+                return method->ui_write_string;
+        else
+                return NULL;
+        }
+
+int (*UI_method_get_flusher(UI_METHOD *method))(UI*)
+        {
+        if (method)
+                return method->ui_flush;
+        else
+                return NULL;
+        }
+
+int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)
+        {
+        if (method)
+                return method->ui_read_string;
+        else
+                return NULL;
+        }
+
+int (*UI_method_get_closer(UI_METHOD *method))(UI*)
+        {
+        if (method)
+                return method->ui_close_session;
+        else
+                return NULL;
+        }
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+        {
+        if (!uis)
+                return UIT_NONE;
+        return uis->type;
+        }
+
+int UI_get_input_flags(UI_STRING *uis)
+        {
+        if (!uis)
+                return 0;
+        return uis->input_flags;
+        }
+
+const char *UI_get0_output_string(UI_STRING *uis)
+        {
+        if (!uis)
+                return NULL;
+        return uis->out_string;
+        }
+
+const char *UI_get0_action_string(UI_STRING *uis)
+        {
+        if (!uis)
+                return NULL;
+        switch(uis->type)
+                {
+        case UIT_PROMPT:
+        case UIT_BOOLEAN:
+                return uis->_.boolean_data.action_desc;
+        default:
+                return NULL;
+                }
+        }
+
+const char *UI_get0_result_string(UI_STRING *uis)
+        {
+        if (!uis)
+                return NULL;
+        switch(uis->type)
+                {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+                return uis->result_buf;
+        default:
+                return NULL;
+                }
+        }
+
+const char *UI_get0_test_string(UI_STRING *uis)
+        {
+        if (!uis)
+                return NULL;
+        switch(uis->type)
+                {
+        case UIT_VERIFY:
+                return uis->_.string_data.test_buf;
+        default:
+                return NULL;
+                }
+        }
+
+int UI_get_result_minsize(UI_STRING *uis)
+        {
+        if (!uis)
+                return -1;
+        switch(uis->type)
+                {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+                return uis->_.string_data.result_minsize;
+        default:
+                return -1;
+                }
+        }
+
+int UI_get_result_maxsize(UI_STRING *uis)
+        {
+        if (!uis)
+                return -1;
+        switch(uis->type)
+                {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+                return uis->_.string_data.result_maxsize;
+        default:
+                return -1;
+                }
+        }
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+        {
+        int l = strlen(result);
+
+        ui->flags &= ~UI_FLAG_REDOABLE;
+
+        if (!uis)
+                return -1;
+        switch (uis->type)
+                {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+                {
+                char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
+                char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
+
+                BIO_snprintf(number1, sizeof(number1), "%d",
+                        uis->_.string_data.result_minsize);
+                BIO_snprintf(number2, sizeof(number2), "%d",
+                        uis->_.string_data.result_maxsize);
+
+                if (l < uis->_.string_data.result_minsize)
+                        {
+                        ui->flags |= UI_FLAG_REDOABLE;
+                        UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);
+                        ERR_add_error_data(5,"You must type in ",
+                                number1," to ",number2," characters");
+                        return -1;
+                        }
+                if (l > uis->_.string_data.result_maxsize)
+                        {
+                        ui->flags |= UI_FLAG_REDOABLE;
+                        UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);
+                        ERR_add_error_data(5,"You must type in ",
+                                number1," to ",number2," characters");
+                        return -1;
+                        }
+                }
+
+                if (!uis->result_buf)
+                        {
+                        UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
+                        return -1;
+                        }
+
+                BUF_strlcpy(uis->result_buf, result,
+                            uis->_.string_data.result_maxsize + 1);
+                break;
+        case UIT_BOOLEAN:
+                {
+                const char *p;
+
+                if (!uis->result_buf)
+                        {
+                        UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
+                        return -1;
+                        }
+
+                uis->result_buf[0] = '\0';
+                for(p = result; *p; p++)
+                        {
+                        if (strchr(uis->_.boolean_data.ok_chars, *p))
+                                {
+                                uis->result_buf[0] =
+                                        uis->_.boolean_data.ok_chars[0];
+                                break;
+                                }
+                        if (strchr(uis->_.boolean_data.cancel_chars, *p))
+                                {
+                                uis->result_buf[0] =
+                                        uis->_.boolean_data.cancel_chars[0];
+                                break;
+                                }
+                        }
+        default:
+                break;
+                }
+                }
+        return 0;
+        }
diff --git a/src/lib/libcrypto/ui/ui_locl.h b/src/lib/libcrypto/ui/ui_locl.h
new file mode 100644
index 0000000000..7d3a75a619
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_locl.h
@@ -0,0 +1,148 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_LOCL_H
+#define HEADER_UI_LOCL_H
+
+#include <openssl/ui.h>
+
+struct ui_method_st
+        {
+        char *name;
+
+        /* All the functions return 1 or non-NULL for success and 0 or NULL
+           for failure */
+
+        /* Open whatever channel for this, be it the console, an X window
+           or whatever.
+           This function should use the ex_data structure to save
+           intermediate data. */
+        int (*ui_open_session)(UI *ui);
+
+        int (*ui_write_string)(UI *ui, UI_STRING *uis);
+
+        /* Flush the output.  If a GUI dialog box is used, this function can
+           be used to actually display it. */
+        int (*ui_flush)(UI *ui);
+
+        int (*ui_read_string)(UI *ui, UI_STRING *uis);
+
+        int (*ui_close_session)(UI *ui);
+
+        /* Construct a prompt in a user-defined manner.  object_desc is a
+           textual short description of the object, for example "pass phrase",
+           and object_name is the name of the object (might be a card name or
+           a file name.
+           The returned string shall always be allocated on the heap with
+           OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */
+        char *(*ui_construct_prompt)(UI *ui, const char *object_desc,
+                const char *object_name);
+        };
+
+struct ui_string_st
+        {
+        enum UI_string_types type; /* Input */
+        const char *out_string; /* Input */
+        int input_flags;        /* Flags from the user */
+
+        /* The following parameters are completely irrelevant for UIT_INFO,
+           and can therefore be set to 0 or NULL */
+        char *result_buf;       /* Input and Output: If not NULL, user-defined
+                                   with size in result_maxsize.  Otherwise, it
+                                   may be allocated by the UI routine, meaning
+                                   result_minsize is going to be overwritten.*/
+        union
+                {
+                struct
+                        {
+                        int result_minsize;     /* Input: minimum required
+                                                   size of the result.
+                                                */
+                        int result_maxsize;     /* Input: maximum permitted
+                                                   size of the result */
+
+                        const char *test_buf;   /* Input: test string to verify
+                                                   against */
+                        } string_data;
+                struct
+                        {
+                        const char *action_desc; /* Input */
+                        const char *ok_chars; /* Input */
+                        const char *cancel_chars; /* Input */
+                        } boolean_data;
+                } _;
+
+#define OUT_STRING_FREEABLE 0x01
+        int flags;              /* flags for internal use */
+        };
+
+struct ui_st
+        {
+        const UI_METHOD *meth;
+        STACK_OF(UI_STRING) *strings; /* We might want to prompt for more
+                                         than one thing at a time, and
+                                         with different echoing status.  */
+        void *user_data;
+        CRYPTO_EX_DATA ex_data;
+
+#define UI_FLAG_REDOABLE        0x0001
+#define UI_FLAG_PRINT_ERRORS    0x0100
+        int flags;
+        };
+
+#endif
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
new file mode 100644
index 0000000000..75318d48a1
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -0,0 +1,673 @@
+/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) and others
+ * for the OpenSSL project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* The lowest level part of this file was previously in crypto/des/read_pwd.c,
+ * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+
+#include <openssl/e_os2.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+# ifdef OPENSSL_UNISTD
+#  include OPENSSL_UNISTD
+# else
+#  include <unistd.h>
+# endif
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+# if defined(_POSIX_VERSION)
+
+#  define SIGACTION
+#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#   define TERMIOS
+#  endif
+
+# endif
+#endif
+
+#ifdef WIN16TTY
+# undef OPENSSL_SYS_WIN16
+# undef WIN16
+# undef _WINDOWS
+# include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "ui_locl.h"
+#include "cryptlib.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
+# include <starlet.h>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+# include <windows.h>
+#ifndef OPENSSL_SYS_WINCE
+# include <wincon.h>
+#endif
+#endif
+
+
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+# define TERMIOS
+# undef  TERMIO
+# undef  SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+# undef  TERMIOS
+# define TERMIO
+# undef  SGTTY
+#endif
+
+#ifdef _LIBC
+# undef  TERMIOS
+# define TERMIO
+# undef  SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)
+# undef  TERMIOS
+# undef  TERMIO
+# define SGTTY
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+#undef TERMIOS
+#undef TERMIO
+#undef SGTTY
+#endif
+
+#ifdef TERMIOS
+# include <termios.h>
+# define TTY_STRUCT             struct termios
+# define TTY_FLAGS              c_lflag
+# define TTY_get(tty,data)      tcgetattr(tty,data)
+# define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+# include <termio.h>
+# define TTY_STRUCT             struct termio
+# define TTY_FLAGS              c_lflag
+# define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
+# define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+# include <sgtty.h>
+# define TTY_STRUCT             struct sgttyb
+# define TTY_FLAGS              sg_flags
+# define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
+# define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
+# include <sys/ioctl.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+# include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# include <ssdef.h>
+# include <iodef.h>
+# include <ttdef.h>
+# include <descrip.h>
+struct IOSB {
+        short iosb$w_value;
+        short iosb$w_count;
+        long  iosb$l_info;
+        };
+#endif
+
+#ifdef OPENSSL_SYS_SUNOS
+        typedef int sig_atomic_t;
+#endif
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ *                                      <appro@fy.chalmers.se>
+ */
+# define TTY_STRUCT int
+#endif
+
+#ifndef NX509_SIG
+# define NX509_SIG 32
+#endif
+
+
+/* Define globals.  They are protected by a lock */
+#ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+#else
+static void (*savsig[NX509_SIG])(int );
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal,"TT");
+static long tty_orig[3], tty_new[3]; /* XXX   Is there any guarantee that this will always suffice for the actual structures? */
+static long status;
+static unsigned short channel = 0;
+#else
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+static UI_METHOD ui_openssl =
+        {
+        "OpenSSL default user interface",
+        open_console,
+        write_string,
+        NULL,                   /* No flusher is needed for command lines */
+        read_string,
+        close_console,
+        NULL
+        };
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void)
+        {
+        return &ui_openssl;
+        }
+
+/* The following function makes sure that info and error strings are printed
+   before any prompt. */
+static int write_string(UI *ui, UI_STRING *uis)
+        {
+        switch (UI_get_string_type(uis))
+                {
+        case UIT_ERROR:
+        case UIT_INFO:
+                fputs(UI_get0_output_string(uis), tty_out);
+                fflush(tty_out);
+                break;
+        default:
+                break;
+                }
+        return 1;
+        }
+
+static int read_string(UI *ui, UI_STRING *uis)
+        {
+        int ok = 0;
+
+        switch (UI_get_string_type(uis))
+                {
+        case UIT_BOOLEAN:
+                fputs(UI_get0_output_string(uis), tty_out);
+                fputs(UI_get0_action_string(uis), tty_out);
+                fflush(tty_out);
+                return read_string_inner(ui, uis,
+                        UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);
+        case UIT_PROMPT:
+                fputs(UI_get0_output_string(uis), tty_out);
+                fflush(tty_out);
+                return read_string_inner(ui, uis,
+                        UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);
+        case UIT_VERIFY:
+                fprintf(tty_out,"Verifying - %s",
+                        UI_get0_output_string(uis));
+                fflush(tty_out);
+                if ((ok = read_string_inner(ui, uis,
+                        UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0)
+                        return ok;
+                if (strcmp(UI_get0_result_string(uis),
+                        UI_get0_test_string(uis)) != 0)
+                        {
+                        fprintf(tty_out,"Verify failure\n");
+                        fflush(tty_out);
+                        return 0;
+                        }
+                break;
+        default:
+                break;
+                }
+        return 1;
+        }
+
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static void read_till_nl(FILE *in)
+        {
+#define SIZE 4
+        char buf[SIZE+1];
+
+        do      {
+                fgets(buf,SIZE,in);
+                } while (strchr(buf,'\n') == NULL);
+        }
+
+static volatile sig_atomic_t intr_signal;
+#endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+        {
+        static int ps;
+        int ok;
+        char result[BUFSIZ];
+        int maxsize = BUFSIZ-1;
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+        char *p;
+
+        intr_signal=0;
+        ok=0;
+        ps=0;
+
+        pushsig();
+        ps=1;
+
+        if (!echo && !noecho_console(ui))
+                goto error;
+        ps=2;
+
+        result[0]='\0';
+#ifdef OPENSSL_SYS_MSDOS
+        if (!echo)
+                {
+                noecho_fgets(result,maxsize,tty_in);
+                p=result; /* FIXME: noecho_fgets doesn't return errors */
+                }
+        else
+                p=fgets(result,maxsize,tty_in);
+#else
+        p=fgets(result,maxsize,tty_in);
+#endif
+        if(!p)
+                goto error;
+        if (feof(tty_in)) goto error;
+        if (ferror(tty_in)) goto error;
+        if ((p=(char *)strchr(result,'\n')) != NULL)
+                {
+                if (strip_nl)
+                        *p='\0';
+                }
+        else
+                read_till_nl(tty_in);
+        if (UI_set_result(ui, uis, result) >= 0)
+                ok=1;
+
+error:
+        if (intr_signal == SIGINT)
+                ok=-1;
+        if (!echo) fprintf(tty_out,"\n");
+        if (ps >= 2 && !echo && !echo_console(ui))
+                ok=0;
+
+        if (ps >= 1)
+                popsig();
+#else
+        ok=1;
+#endif
+
+        OPENSSL_cleanse(result,BUFSIZ);
+        return ok;
+        }
+
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int open_console(UI *ui)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_UI);
+        is_a_tty = 1;
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS)
+        tty_in=stdin;
+        tty_out=stderr;
+#else
+#  ifdef OPENSSL_SYS_MSDOS
+#    define DEV_TTY "con"
+#  else
+#    define DEV_TTY "/dev/tty"
+#  endif
+        if ((tty_in=fopen(DEV_TTY,"r")) == NULL)
+                tty_in=stdin;
+        if ((tty_out=fopen(DEV_TTY,"w")) == NULL)
+                tty_out=stderr;
+#endif
+
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+        if (TTY_get(fileno(tty_in),&tty_orig) == -1)
+                {
+#ifdef ENOTTY
+                if (errno == ENOTTY)
+                        is_a_tty=0;
+                else
+#endif
+#ifdef EINVAL
+                /* Ariel Glenn ariel@columbia.edu reports that solaris
+                 * can return EINVAL instead.  This should be ok */
+                if (errno == EINVAL)
+                        is_a_tty=0;
+                else
+#endif
+                        return 0;
+                }
+#endif
+#ifdef OPENSSL_SYS_VMS
+        status = sys$assign(&terminal,&channel,0,0);
+        if (status != SS$_NORMAL)
+                return 0;
+        status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return 0;
+#endif
+        return 1;
+        }
+
+static int noecho_console(UI *ui)
+        {
+#ifdef TTY_FLAGS
+        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+        tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+        if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
+                return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return 0;
+#endif
+        return 1;
+        }
+
+static int echo_console(UI *ui)
+        {
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+        tty_new.TTY_FLAGS |= ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+        if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
+                return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return 0;
+#endif
+        return 1;
+        }
+
+static int close_console(UI *ui)
+        {
+        if (tty_in != stdin) fclose(tty_in);
+        if (tty_out != stderr) fclose(tty_out);
+#ifdef OPENSSL_SYS_VMS
+        status = sys$dassgn(channel);
+#endif
+        CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+
+        return 1;
+        }
+
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+        {
+        int i;
+#ifdef SIGACTION
+        struct sigaction sa;
+
+        memset(&sa,0,sizeof sa);
+        sa.sa_handler=recsig;
+#endif
+
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGKILL
+                if (i == SIGKILL) /* We can't make any action on that. */
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&sa,&savsig[i]);
+#else
+                savsig[i]=signal(i,recsig);
+#endif
+                }
+
+#ifdef SIGWINCH
+        signal(SIGWINCH,SIG_DFL);
+#endif
+        }
+
+static void popsig(void)
+        {
+        int i;
+
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&savsig[i],NULL);
+#else
+                signal(i,savsig[i]);
+#endif
+                }
+        }
+
+static void recsig(int i)
+        {
+        intr_signal=i;
+        }
+#endif
+
+/* Internal functions specific for Windows */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+        {
+        int i;
+        char *p;
+
+        p=buf;
+        for (;;)
+                {
+                if (size == 0)
+                        {
+                        *p='\0';
+                        break;
+                        }
+                size--;
+#ifdef WIN16TTY
+                i=_inchar();
+#else
+                i=getch();
+#endif
+                if (i == '\r') i='\n';
+                *(p++)=i;
+                if (i == '\n')
+                        {
+                        *p='\0';
+                        break;
+                        }
+                }
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+                {
+                        HANDLE inh;
+                        inh = GetStdHandle(STD_INPUT_HANDLE);
+                        FlushConsoleInputBuffer(inh);
+                }
+#endif
+        return(strlen(buf));
+        }
+#endif
diff --git a/src/lib/libcrypto/ui/ui_util.c b/src/lib/libcrypto/ui/ui_util.c
new file mode 100644
index 0000000000..46bc8c1a9a
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_util.c
@@ -0,0 +1,91 @@
+/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui.h>
+
+int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
+        {
+        char buff[BUFSIZ];
+        int ret;
+
+        ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return(ret);
+        }
+
+int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
+        {
+        int ok = 0;
+        UI *ui;
+
+        if (size < 1)
+                return -1;
+
+        ui = UI_new();
+        if (ui)
+                {
+                ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
+                if (ok >= 0 && verify)
+                        ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
+                                buf);
+                if (ok >= 0)
+                        ok=UI_process(ui);
+                UI_free(ui);
+                }
+        if (ok > 0)
+                ok = 0;
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 4222bef6d6..56fb7446e0 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8                        3252	EXIST::FUNCTION:AES
 FIPS_mode_set                           3253    EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_selftest_dsa                       3254    EXIST:OPENSSL_FIPS:FUNCTION:
 EVP_aes_256_cfb8                        3255    EXIST::FUNCTION:AES
-FIPS_allow_md5                          3256    NOEXIST::FUNCTION:
+FIPS_allow_md5                          3256    EXIST:OPENSSL_FIPS:FUNCTION:
 DES_ede3_cfb_encrypt                    3257    EXIST::FUNCTION:DES
 EVP_des_ede3_cfb8                       3258    EXIST::FUNCTION:DES
 FIPS_rand_seeded                        3259    EXIST:OPENSSL_FIPS:FUNCTION:
@@ -2837,7 +2837,7 @@ FIPS_dsa_check                          3278	EXIST:OPENSSL_FIPS:FUNCTION:
 AES_cfb1_encrypt                        3279    EXIST::FUNCTION:AES
 EVP_des_ede3_cfb1                       3280    EXIST::FUNCTION:DES
 FIPS_rand_check                         3281    EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_md5_allowed                        3282    NOEXIST::FUNCTION:
+FIPS_md5_allowed                        3282    EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_mode                               3283    EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_selftest_failed                    3284    EXIST:OPENSSL_FIPS:FUNCTION:
 sk_is_sorted                            3285    EXIST::FUNCTION:
@@ -2867,41 +2867,3 @@ PROXY_CERT_INFO_EXTENSION_it            3307	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
 PROXY_CERT_INFO_EXTENSION_it            3307    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 PROXY_POLICY_free                       3308    EXIST::FUNCTION:
 PROXY_POLICY_new                        3309    EXIST::FUNCTION:
-BN_MONT_CTX_set_locked                  3310    EXIST::FUNCTION:
-FIPS_selftest_rng                       3311    EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_sha384                              3312    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-EVP_sha512                              3313    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-EVP_sha224                              3314    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-EVP_sha256                              3315    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-FIPS_selftest_hmac                      3316    EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_corrupt_rng                        3317    EXIST:OPENSSL_FIPS:FUNCTION:
-BN_mod_exp_mont_consttime               3318    EXIST::FUNCTION:
-RSA_X931_hash_id                        3319    EXIST::FUNCTION:RSA
-RSA_padding_check_X931                  3320    EXIST::FUNCTION:RSA
-RSA_verify_PKCS1_PSS                    3321    EXIST::FUNCTION:RSA
-RSA_padding_add_X931                    3322    EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_PSS               3323    EXIST::FUNCTION:RSA
-PKCS1_MGF1                              3324    EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq                    3325    EXIST:OPENSSL_FIPS:FUNCTION:
-RSA_X931_generate_key                   3326    EXIST:OPENSSL_FIPS:FUNCTION:RSA
-BN_X931_derive_prime                    3327    EXIST:OPENSSL_FIPS:FUNCTION:
-BN_X931_generate_prime                  3328    EXIST:OPENSSL_FIPS:FUNCTION:
-RSA_X931_derive                         3329    EXIST:OPENSSL_FIPS:FUNCTION:RSA
-SHA512_Update                           3356    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA256_Init                             3479    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA224                                  3510    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA384_Update                           3551    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA224_Final                            3560    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA224_Update                           3562    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA512_Final                            3581    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA224_Init                             3631    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA512_Init                             3633    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA256                                  3654    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA256_Transform                        3664    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA512                                  3669    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA512_Transform                        3675    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA256_Final                            3712    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-SHA384_Init                             3737    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA384_Final                            3740    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA384                                  3745    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-SHA256_Update                           3765    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index 05a6086164..957264c6b5 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -10,20 +10,6 @@ $OPTIONS="";
 $ssl_version="";
 $banner="\t\@echo Building OpenSSL";
 
-local $zlib_opt = 0;    # 0 = no zlib, 1 = static, 2 = dynamic
-local $zlib_lib = "";
-
-my $fips_canister_path = "";
-my $fips_premain_dso_exe_path = "";
-my $fips_premain_c_path = "";
-my $fips_sha1_exe_path = "";
-
-my $fipslibdir = "";
-my $baseaddr = "";
-
-my $ex_l_libs = "";
-
-
 open(IN,"<Makefile") || die "unable to open Makefile!\n";
 while(<IN>) {
     $ssl_version=$1 if (/^VERSION=(.*)$/);
@@ -38,7 +24,6 @@ $infile="MINFO";
 
 %ops=(
         "VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
-        "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",
         "VC-CE",   "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
         "VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
         "VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
@@ -58,7 +43,6 @@ $infile="MINFO";
         );
 
 $platform="";
-my $xcflags="";
 foreach (@ARGV)
         {
         if (!&read_options && !defined($ops{$_}))
@@ -120,12 +104,8 @@ $inc_def="outinc";
 $tmp_def="tmp";
 
 $mkdir="-mkdir";
-$mkcanister="ld -r -o";
-
-$ex_build_targets = "";
 
 ($ssl,$crypto)=("ssl","crypto");
-$cryptocompat = "";
 $ranlib="echo ranlib";
 
 $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -160,10 +140,6 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
         $NT = 1 if $platform eq "VC-NT";
         require 'VC-32.pl';
         }
-elsif ($platform eq "VC-WIN32-GMAKE")
-        {
-        require 'VC-32-GMAKE.pl';
-        }
 elsif ($platform eq "VC-CE")
         {
         require 'VC-CE.pl';
@@ -234,8 +210,6 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
 
 $bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
 
-$cflags= "$xcflags$cflags" if $xcflags ne "";
-
 $cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
 $cflags.=" -DOPENSSL_NO_AES"  if $no_aes;
 $cflags.=" -DOPENSSL_NO_RC2"  if $no_rc2;
@@ -265,9 +239,6 @@ $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
 $cflags.=" -DOPENSSL_FIPS"    if $fips;
 #$cflags.=" -DRSAref"  if $rsaref ne "";
 
-$cflags.= " -DZLIB" if $zlib_opt;
-$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-
 ## if ($unix)
 ##      { $cflags="$c_flags" if ($c_flags ne ""); }
 ##else
@@ -275,7 +246,6 @@ $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
 
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
 
-
 %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
                   "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
 
@@ -292,135 +262,6 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
 
 $INSTALLTOP =~ s|/|$o|g;
 
-#############################################
-# We parse in input file and 'store' info for later printing.
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
-        {
-        chop;
-
-        ($key,$val)=/^([^=]+)=(.*)/;
-        if ($key eq "RELATIVE_DIRECTORY")
-                {
-                if ($lib ne "")
-                        {
-                        if ($fips && $dir =~ /^fips/)
-                                {
-                                $uc = "FIPS";
-                                }
-                        else
-                                {
-                                $uc=$lib;
-                                $uc =~ s/^lib(.*)\.a/$1/;
-                                $uc =~ tr/a-z/A-Z/;
-                                }
-                        if (($uc ne "FIPS") || $fips_canister_build)
-                                {
-                                $lib_nam{$uc}=$uc;
-                                $lib_obj{$uc}.=$libobj." ";
-                                }
-                        }
-                last if ($val eq "FINISHED");
-                $lib="";
-                $libobj="";
-                $dir=$val;
-                }
-
-        if ($key eq "KRB5_INCLUDES")
-                { $cflags .= " $val";}
-
-        if ($key eq "ZLIB_INCLUDE")
-                { $cflags .= " $val" if $val ne "";}
-
-        if ($key eq "LIBZLIB")
-                { $zlib_lib = "$val" if $val ne "";}
-
-        if ($key eq "LIBKRB5")
-                { $ex_libs .= " $val" if $val ne "";}
-
-        if ($key eq "TEST")
-                { $test.=&var_add($dir,$val); }
-
-        if (($key eq "PROGS") || ($key eq "E_OBJ"))
-                { $e_exe.=&var_add($dir,$val); }
-
-        if ($key eq "LIB")
-                {
-                $lib=$val;
-                $lib =~ s/^.*\/([^\/]+)$/$1/;
-                }
-
-        if ($key eq "EXHEADER")
-                { $exheader.=&var_add($dir,$val); }
-
-        if ($key eq "HEADER")
-                { $header.=&var_add($dir,$val); }
-
-        if ($key eq "LIBOBJ")
-                { $libobj=&var_add($dir,$val); }
-
-        if ($key eq "FIPSLIBDIR")
-                { $fipslibdir=$val;}
-
-        if ($key eq "BASEADDR")
-                { $baseaddr=$val;}
-
-        if (!($_=<IN>))
-                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
-        }
-close(IN);
-
-if ($fips_canister_path eq "")
-        {
-        $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
-        }
-
-if ($fips_premain_c_path eq "")
-        {
-        $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
-        }
-
-if ($fips)
-        {
-        if ($fips_sha1_exe_path eq "")
-                {
-                $fips_sha1_exe_path =
-                        "\$(BIN_D)${o}fips_standalone_sha1$exep";
-                }
-        }
-        else
-        {
-        $fips_sha1_exe_path = "";
-        }
-
-if ($fips_premain_dso_exe_path eq "")
-        {
-        $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
-        }
-
-#       $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
-
-if ($fips)
-        {
-        if (!$shlib)
-                {
-                $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
-                $ex_l_libs .= " \$(O_FIPSCANISTER)";
-                }
-        if ($fipslibdir eq "")
-                {
-                open (IN, "util/fipslib_path.txt") || fipslib_error();
-                $fipslibdir = <IN>;
-                chomp $fipslibdir;
-                close IN;
-                }
-        fips_check_files($fipslibdir,
-                        "fipscanister.o", "fipscanister.o.sha1",
-                        "fips_premain.c", "fips_premain.c.sha1");
-        }
-        
-
 $defs= <<"EOF";
 # This makefile has been automatically generated from the OpenSSL distribution.
 # This single makefile will build the complete OpenSSL distribution and
@@ -445,7 +286,6 @@ if ($platform eq "VC-CE")
 !INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
 
 EOF
-        $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
         }
 
 $defs.= <<"EOF";
@@ -468,8 +308,6 @@ EX_LIBS=$ex_libs
 SRC_D=$src_dir
 
 LINK=$link
-PERL=perl
-FIPSLINK=\$(PERL) util${o}fipslink.pl
 LFLAGS=$lflags
 
 BN_ASM_OBJ=$bn_asm_obj
@@ -501,9 +339,6 @@ TMP_D=$tmp_dir
 INC_D=$inc_dir
 INCO_D=$inc_dir${o}openssl
 
-# Directory containing FIPS module
-
-
 CP=$cp
 RM=$rm
 RANLIB=$ranlib
@@ -511,18 +346,6 @@ MKDIR=$mkdir
 MKLIB=$bin_dir$mklib
 MLFLAGS=$mlflags
 ASM=$bin_dir$asm
-MKCANISTER=$mkcanister
-
-# FIPS validated module and support file locations
-
-E_PREMAIN_DSO=fips_premain_dso
-
-FIPSLIB_D=$fipslibdir
-BASEADDR=$baseaddr
-FIPS_PREMAIN_SRC=$fips_premain_c_path
-O_FIPSCANISTER=$fips_canister_path
-FIPS_SHA1_EXE=$fips_sha1_exe_path
-PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
 
 ######################################################
 # You should not need to touch anything below this point
@@ -554,7 +377,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
 L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
 L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
 
-L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
+L_LIBS= \$(L_SSL) \$(L_CRYPTO)
 
 ######################################################
 # Don't touch anything below this point
@@ -564,13 +387,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
 APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
 LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
 SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
 
 #############################################
 EOF
 
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
 
 banner:
 $banner
@@ -656,6 +479,57 @@ printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
 printf OUT "#endif\n";
 close(OUT);
 
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+
+        if ($key eq "LIBOBJ")
+                { $libobj=&var_add($dir,$val); }
+
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+
 # Strip of trailing ' '
 foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
 $test=&clean_up_ws($test);
@@ -680,29 +554,6 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
 $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
 
-# Special case rules for fips_start and fips_end fips_premain_dso
-
-if ($fips)
-        {
-        if ($fips_canister_build)
-                {
-                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
-                        "fips-1.0${o}fips_canister.c",
-                        "-DFIPS_START \$(SHLIB_CFLAGS)");
-                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
-                        "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
-                }
-        $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
-                "fips-1.0${o}sha${o}fips_standalone_sha1.c",
-                "\$(SHLIB_CFLAGS)");
-        $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
-                "fips-1.0${o}sha${o}fips_sha1dgst.c",
-                "\$(SHLIB_CFLAGS)") unless $fips_canister_build;
-        $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
-                "fips-1.0${o}fips_premain.c",
-                "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
-        }
-
 foreach (values %lib_nam)
         {
         $lib_obj=$lib_obj{$_};
@@ -779,42 +630,16 @@ foreach (split(/\s+/,$test))
         }
 
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-
+$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
 
 if ($fips)
         {
-        if ($shlib)
-                {
-                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
-                        "\$(O_CRYPTO)",
-                        "$crypto",
-                        $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
-                }
-        else
-                {
-                $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
-                        "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
-                        "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-                }
+        $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep");
         }
-        else
-        {
-        $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
-                                                        "\$(SO_CRYPTO)");
-        }
-
-
-if ($fips)
+else
         {
-        $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
-        $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
-        
-        $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+        $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
         }
-
-        $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
-
 print $defs;
 
 if ($platform eq "linux-elf") {
@@ -1110,24 +935,6 @@ sub read_options
         elsif (/^shlib$/)       { $shlib=1; }
         elsif (/^dll$/)         { $shlib=1; }
         elsif (/^shared$/)      { } # We just need to ignore it for now...
-        elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
-        elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }
-        elsif (/^--with-krb5-flavor=(.*)$/)
-                {
-                my $krb5_flavor = $1;
-                if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
-                        {
-                        $xcflags="-DKRB5_HEIMDAL $xcflags";
-                        }
-                elsif ($krb5_flavor =~ /^MIT/i)
-                        {
-                        $xcflags="-DKRB5_MIT $xcflags";
-                        if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
-                                {
-                                $xcflags="-DKRB5_MIT_OLD11 $xcflags"
-                                }
-                        }
-                }
         elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
         elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
         elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
@@ -1135,31 +942,3 @@ sub read_options
         else { return(0); }
         return(1);
         }
-
-sub fipslib_error
-        {
-        print STDERR "***FIPS module directory sanity check failed***\n";
-        print STDERR "FIPS module build failed, or was deleted\n";
-        print STDERR "Please rebuild FIPS module.\n"; 
-        exit 1;
-        }
-
-sub fips_check_files
-        {
-        my $dir = shift @_;
-        my $ret = 1;
-        if (!-d $dir)
-                {
-                print STDERR "FIPS module directory $dir does not exist\n";
-                fipslib_error();
-                }
-        foreach (@_)
-                {
-                if (!-f "$dir${o}$_")
-                        {
-                        print STDERR "FIPS module file $_ does not exist!\n";
-                        $ret = 0;
-                        }
-                }
-        fipslib_error() if ($ret == 0);
-        }
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
index 6c1e53bb14..9918c3d549 100644
--- a/src/lib/libcrypto/util/mkdef.pl
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                          "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
-                         "SHA256", "SHA512", "RIPEMD",
+                         "RIPEMD",
                          "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
                          # Envelope "algorithms"
                          "EVP", "X509", "ASN1_TYPEDEFS",
@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
 $crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
-$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";
+$crypto.=" fips/fips.h fips/rand/fips_rand.h";
 
 my $symhacks="crypto/symhacks.h";
 
@@ -864,9 +864,6 @@ sub do_defs
                         $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
                         $a .= ",RSA" if($s =~ /RSAPrivateKey/);
                         $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
-                        # SHA2 algorithms only defined in FIPS mode for
-                        # OpenSSL 0.9.7
-                        $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);
 
                         $platform{$s} =
                             &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
@@ -1014,7 +1011,7 @@ sub is_valid
 {
         my ($keywords_txt,$platforms) = @_;
         my (@keywords) = split /,/,$keywords_txt;
-        my ($falsesum, $truesum) = (0, 1);
+        my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords));
 
         # Param: one keyword
         sub recognise
@@ -1082,7 +1079,7 @@ sub is_valid
                 if ($k =~ /^!(.*)$/) {
                         $falsesum += &recognise($1,$platforms);
                 } else {
-                        $truesum *= &recognise($k,$platforms);
+                        $truesum += &recognise($k,$platforms);
                 }
         }
         print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl
new file mode 100644
index 0000000000..60e534807e
--- /dev/null
+++ b/src/lib/libcrypto/util/mkerr.pl
@@ -0,0 +1,630 @@
+#!/usr/local/bin/perl -w
+
+my $config = "crypto/err/openssl.ec";
+my $debug = 0;
+my $rebuild = 0;
+my $static = 1;
+my $recurse = 0;
+my $reindex = 0;
+my $dowrite = 0;
+my $staticloader = "";
+
+while (@ARGV) {
+        my $arg = $ARGV[0];
+        if($arg eq "-conf") {
+                shift @ARGV;
+                $config = shift @ARGV;
+        } elsif($arg eq "-debug") {
+                $debug = 1;
+                shift @ARGV;
+        } elsif($arg eq "-rebuild") {
+                $rebuild = 1;
+                shift @ARGV;
+        } elsif($arg eq "-recurse") {
+                $recurse = 1;
+                shift @ARGV;
+        } elsif($arg eq "-reindex") {
+                $reindex = 1;
+                shift @ARGV;
+        } elsif($arg eq "-nostatic") {
+                $static = 0;
+                shift @ARGV;
+        } elsif($arg eq "-staticloader") {
+                $staticloader = "static ";
+                shift @ARGV;
+        } elsif($arg eq "-write") {
+                $dowrite = 1;
+                shift @ARGV;
+        } else {
+                last;
+        }
+}
+
+if($recurse) {
+        @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips/*.c>,
+                   <fips/*/*.c>);
+} else {
+        @source = @ARGV;
+}
+
+# Read in the config file
+
+open(IN, "<$config") || die "Can't open config file $config";
+
+# Parse config file
+
+while(<IN>)
+{
+        if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+                $hinc{$1} = $2;
+                $libinc{$2} = $1;
+                $cskip{$3} = $1;
+                if($3 ne "NONE") {
+                        $csrc{$1} = $3;
+                        $fmax{$1} = 99;
+                        $rmax{$1} = 99;
+                        $fnew{$1} = 0;
+                        $rnew{$1} = 0;
+                }
+        } elsif (/^F\s+(\S+)/) {
+        # Add extra function with $1
+        } elsif (/^R\s+(\S+)\s+(\S+)/) {
+                $rextra{$1} = $2;
+                $rcodes{$1} = $2;
+        }
+}
+
+close IN;
+
+# Scan each header file in turn and make a list of error codes
+# and function names
+
+while (($hdr, $lib) = each %libinc)
+{
+        next if($hdr eq "NONE");
+        print STDERR "Scanning header file $hdr\n" if $debug; 
+        my $line = "", $def= "", $linenr = 0, $gotfile = 0;
+        if (open(IN, "<$hdr")) {
+            $gotfile = 1;
+            while(<IN>) {
+                $linenr++;
+                print STDERR "line: $linenr\r" if $debug;
+
+                last if(/BEGIN\s+ERROR\s+CODES/);
+                if ($line ne '') {
+                    $_ = $line . $_;
+                    $line = '';
+                }
+
+                if (/\\$/) {
+                    $line = $_;
+                    next;
+                }
+
+                $cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
+                if ($cpp) {
+                    $cpp = 0 if /^#.*endif/;
+                    next;
+                }
+
+                next if (/^\#/);                      # skip preprocessor directives
+
+                s/\/\*.*?\*\///gs;                   # ignore comments
+                s/{[^{}]*}//gs;                      # ignore {} blocks
+
+                if (/\{|\/\*/) { # Add a } so editor works...
+                    $line = $_;
+                } else {
+                    $def .= $_;
+                }
+            }
+        }
+
+        print STDERR "                                  \r" if $debug;
+        $defnr = 0;
+        foreach (split /;/, $def) {
+            $defnr++;
+            print STDERR "def: $defnr\r" if $debug;
+
+            s/^[\n\s]*//g;
+            s/[\n\s]*$//g;
+            next if(/typedef\W/);
+            if (/\(\*(\w*)\([^\)]+/) {
+                my $name = $1;
+                $name =~ tr/[a-z]/[A-Z]/;
+                $ftrans{$name} = $1;
+            } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s){
+                # K&R C
+                next ;
+            } elsif (/\w+\W+\w+\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) {
+                while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) {
+                    s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
+                    s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
+                }
+                s/\(void\)//;
+                /(\w+(\{[0-9]+\})?)\W*\(\)/s;
+                my $name = $1;
+                $name =~ tr/[a-z]/[A-Z]/;
+                $ftrans{$name} = $1;
+            } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) {
+                print STDERR "Header $hdr: cannot parse: $_;\n";
+            }
+        }
+
+        print STDERR "                                  \r" if $debug;
+
+        next if $reindex;
+
+        # Scan function and reason codes and store them: keep a note of the
+        # maximum code used.
+
+        if ($gotfile) {
+            while(<IN>) {
+                if(/^\#define\s+(\S+)\s+(\S+)/) {
+                        $name = $1;
+                        $code = $2;
+                        next if $name =~ /^${lib}err/;
+                        unless($name =~ /^${lib}_([RF])_(\w+)$/) {
+                                print STDERR "Invalid error code $name\n";
+                                next;
+                        }
+                        if($1 eq "R") {
+                                $rcodes{$name} = $code;
+                                if(!(exists $rextra{$name}) &&
+                                         ($code > $rmax{$lib}) ) {
+                                        $rmax{$lib} = $code;
+                                }
+                        } else {
+                                if($code > $fmax{$lib}) {
+                                        $fmax{$lib} = $code;
+                                }
+                                $fcodes{$name} = $code;
+                        }
+                }
+            }
+        }
+        close IN;
+}
+
+# Scan each C source file and look for function and reason codes
+# This is done by looking for strings that "look like" function or
+# reason codes: basically anything consisting of all upper case and
+# numerics which has _F_ or _R_ in it and which has the name of an
+# error library at the start. This seems to work fine except for the
+# oddly named structure BIO_F_CTX which needs to be ignored.
+# If a code doesn't exist in list compiled from headers then mark it
+# with the value "X" as a place holder to give it a value later.
+# Store all function and reason codes found in %ufcodes and %urcodes
+# so all those unreferenced can be printed out.
+
+
+print STDERR "Files loaded: " if $debug;
+foreach $file (@source) {
+        # Don't parse the error source file.
+        next if exists $cskip{$file};
+        print STDERR $file if $debug;
+        open(IN, "<$file") || die "Can't open source file $file\n";
+        while(<IN>) {
+                if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
+                        next unless exists $csrc{$2};
+                        next if($1 eq "BIO_F_BUFFER_CTX");
+                        $ufcodes{$1} = 1;
+                        if(!exists $fcodes{$1}) {
+                                $fcodes{$1} = "X";
+                                $fnew{$2}++;
+                        }
+                        $notrans{$1} = 1 unless exists $ftrans{$3};
+                }
+                if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
+                        next unless exists $csrc{$2};
+                        $urcodes{$1} = 1;
+                        if(!exists $rcodes{$1}) {
+                                $rcodes{$1} = "X";
+                                $rnew{$2}++;
+                        }
+                } 
+        }
+        close IN;
+}
+print STDERR "\n" if $debug;
+
+# Now process each library in turn.
+
+foreach $lib (keys %csrc)
+{
+        my $hfile = $hinc{$lib};
+        my $cfile = $csrc{$lib};
+        if(!$fnew{$lib} && !$rnew{$lib}) {
+                print STDERR "$lib:\t\tNo new error codes\n";
+                next unless $rebuild;
+        } else {
+                print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
+                print STDERR " $rnew{$lib} New Reasons.\n";
+                next unless $dowrite;
+        }
+
+        # If we get here then we have some new error codes so we
+        # need to rebuild the header file and C file.
+
+        # Make a sorted list of error and reason codes for later use.
+
+        my @function = sort grep(/^${lib}_/,keys %fcodes);
+        my @reasons = sort grep(/^${lib}_/,keys %rcodes);
+
+        # Rewrite the header file
+
+        if (open(IN, "<$hfile")) {
+            # Copy across the old file
+            while(<IN>) {
+                push @out, $_;
+                last if (/BEGIN ERROR CODES/);
+            }
+            close IN;
+        } else {
+            push @out,
+"/* ====================================================================\n",
+" * Copyright (c) 2001-2005 The OpenSSL Project.  All rights reserved.\n",
+" *\n",
+" * Redistribution and use in source and binary forms, with or without\n",
+" * modification, are permitted provided that the following conditions\n",
+" * are met:\n",
+" *\n",
+" * 1. Redistributions of source code must retain the above copyright\n",
+" *    notice, this list of conditions and the following disclaimer. \n",
+" *\n",
+" * 2. Redistributions in binary form must reproduce the above copyright\n",
+" *    notice, this list of conditions and the following disclaimer in\n",
+" *    the documentation and/or other materials provided with the\n",
+" *    distribution.\n",
+" *\n",
+" * 3. All advertising materials mentioning features or use of this\n",
+" *    software must display the following acknowledgment:\n",
+" *    \"This product includes software developed by the OpenSSL Project\n",
+" *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
+" *\n",
+" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
+" *    endorse or promote products derived from this software without\n",
+" *    prior written permission. For written permission, please contact\n",
+" *    openssl-core\@openssl.org.\n",
+" *\n",
+" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
+" *    nor may \"OpenSSL\" appear in their names without prior written\n",
+" *    permission of the OpenSSL Project.\n",
+" *\n",
+" * 6. Redistributions of any form whatsoever must retain the following\n",
+" *    acknowledgment:\n",
+" *    \"This product includes software developed by the OpenSSL Project\n",
+" *    for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
+" *\n",
+" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
+" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
+" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
+" * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
+" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
+" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
+" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
+" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
+" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
+" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
+" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
+" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
+" * ====================================================================\n",
+" *\n",
+" * This product includes cryptographic software written by Eric Young\n",
+" * (eay\@cryptsoft.com).  This product includes software written by Tim\n",
+" * Hudson (tjh\@cryptsoft.com).\n",
+" *\n",
+" */\n",
+"\n",
+"#ifndef HEADER_${lib}_ERR_H\n",
+"#define HEADER_${lib}_ERR_H\n",
+"\n",
+"/* BEGIN ERROR CODES */\n";
+        }
+        open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
+
+        print OUT @out;
+        undef @out;
+        print OUT <<"EOF";
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+EOF
+        if($static) {
+                print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
+
+EOF
+        } else {
+                print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
+${staticloader}void ERR_unload_${lib}_strings(void);
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
+#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
+
+EOF
+        }
+        print OUT <<"EOF";
+/* Error codes for the $lib functions. */
+
+/* Function codes. */
+EOF
+
+        foreach $i (@function) {
+                $z=6-int(length($i)/8);
+                if($fcodes{$i} eq "X") {
+                        $fcodes{$i} = ++$fmax{$lib};
+                        print STDERR "New Function code $i\n" if $debug;
+                }
+                printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
+        }
+
+        print OUT "\n/* Reason codes. */\n";
+
+        foreach $i (@reasons) {
+                $z=6-int(length($i)/8);
+                if($rcodes{$i} eq "X") {
+                        $rcodes{$i} = ++$rmax{$lib};
+                        print STDERR "New Reason code   $i\n" if $debug;
+                }
+                printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
+        }
+        print OUT <<"EOF";
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+EOF
+        close OUT;
+
+        # Rewrite the C source file containing the error details.
+
+        # First, read any existing reason string definitions:
+        my %err_reason_strings;
+        if (open(IN,"<$cfile")) {
+                while (<IN>) {
+                        if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
+                                $err_reason_strings{$1} = $2;
+                        }
+                }
+                close(IN);
+        }
+
+        my $hincf;
+        if($static) {
+                $hfile =~ /([^\/]+)$/;
+                $hincf = "<openssl/$1>";
+        } else {
+                $hincf = "\"$hfile\"";
+        }
+
+
+        open (OUT,">$cfile") || die "Can't open $cfile for writing";
+
+        print OUT <<"EOF";
+/* $cfile */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core\@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay\@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh\@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include $hincf
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ${lib}_str_functs[]=
+        {
+EOF
+        # Add each function code: if a function name is found then use it.
+        foreach $i (@function) {
+                my $fn;
+                $i =~ /^${lib}_F_(\S+)$/;
+                $fn = $1;
+                if(exists $ftrans{$fn}) {
+                        $fn = $ftrans{$fn};
+                }
+                print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n";
+        }
+        print OUT <<"EOF";
+{0,NULL}
+        };
+
+static ERR_STRING_DATA ${lib}_str_reasons[]=
+        {
+EOF
+        # Add each reason code.
+        foreach $i (@reasons) {
+                my $rn;
+                my $nspc = 0;
+                if (exists $err_reason_strings{$i}) {
+                        $rn = $err_reason_strings{$i};
+                } else {
+                        $i =~ /^${lib}_R_(\S+)$/;
+                        $rn = $1;
+                        $rn =~ tr/_[A-Z]/ [a-z]/;
+                }
+                $nspc = 40 - length($i) unless length($i) > 40;
+                $nspc = " " x $nspc;
+                print OUT "{${i}${nspc},\"$rn\"},\n";
+        }
+if($static) {
+        print OUT <<"EOF";
+{0,NULL}
+        };
+
+#endif
+
+${staticloader}void ERR_load_${lib}_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);
+                ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);
+#endif
+
+                }
+        }
+EOF
+} else {
+        print OUT <<"EOF";
+{0,NULL}
+        };
+
+#endif
+
+#ifdef ${lib}_LIB_NAME
+static ERR_STRING_DATA ${lib}_lib_name[]=
+        {
+{0      ,${lib}_LIB_NAME},
+{0,NULL}
+        };
+#endif
+
+
+static int ${lib}_lib_error_code=0;
+static int ${lib}_error_init=1;
+
+${staticloader}void ERR_load_${lib}_strings(void)
+        {
+        if (${lib}_lib_error_code == 0)
+                ${lib}_lib_error_code=ERR_get_next_error_library();
+
+        if (${lib}_error_init)
+                {
+                ${lib}_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
+                ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+                ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
+                ERR_load_strings(0,${lib}_lib_name);
+#endif
+                }
+        }
+
+${staticloader}void ERR_unload_${lib}_strings(void)
+        {
+        if (${lib}_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
+                ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+                ERR_unload_strings(0,${lib}_lib_name);
+#endif
+                ${lib}_error_init=1;
+                }
+        }
+
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
+        {
+        if (${lib}_lib_error_code == 0)
+                ${lib}_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
+        }
+EOF
+
+}
+
+        close OUT;
+        undef %err_reason_strings;
+}
+
+if($debug && defined(%notrans)) {
+        print STDERR "The following function codes were not translated:\n";
+        foreach(sort keys %notrans)
+        {
+                print STDERR "$_\n";
+        }
+}
+
+# Make a list of unreferenced function and reason codes
+
+foreach (keys %fcodes) {
+        push (@funref, $_) unless exists $ufcodes{$_};
+}
+
+foreach (keys %rcodes) {
+        push (@runref, $_) unless exists $urcodes{$_};
+}
+
+if($debug && defined(@funref) ) {
+        print STDERR "The following function codes were not referenced:\n";
+        foreach(sort @funref)
+        {
+                print STDERR "$_\n";
+        }
+}
+
+if($debug && defined(@runref) ) {
+        print STDERR "The following reason codes were not referenced:\n";
+        foreach(sort @runref)
+        {
+                print STDERR "$_\n";
+        }
+}
diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl
index bc78510f56..928a274303 100644
--- a/src/lib/libcrypto/util/mkfiles.pl
+++ b/src/lib/libcrypto/util/mkfiles.pl
@@ -51,15 +51,14 @@ my @dirs = (
 "crypto/ocsp",
 "crypto/ui",
 "crypto/krb5",
-"fips-1.0",
-"fips-1.0/aes",
-"fips-1.0/des",
-"fips-1.0/dsa",
-"fips-1.0/dh",
-"fips-1.0/hmac",
-"fips-1.0/rand",
-"fips-1.0/rsa",
-"fips-1.0/sha",
+"fips",
+"fips/aes",
+"fips/des",
+"fips/dsa",
+"fips/dh",
+"fips/rand",
+"fips/rsa",
+"fips/sha1",
 "ssl",
 "apps",
 "test",
diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl
index 182732d959..c8653cecc3 100644
--- a/src/lib/libcrypto/util/mklink.pl
+++ b/src/lib/libcrypto/util/mklink.pl
@@ -14,16 +14,13 @@
 # not contain symbolic links and that the parent of / is never referenced.
 # Apart from this, this script should be able to handle even the most
 # pathological cases.
-#
-
-use Cwd;
 
 my $from = shift;
 my @files = @ARGV;
 
 my @from_path = split(/[\\\/]/, $from);
-my $pwd = getcwd();
-chomp($pwd);
+my $pwd = `pwd`;
+chop($pwd);
 my @pwd_path = split(/[\\\/]/, $pwd);
 
 my @to_path = ();
diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl
new file mode 100644
index 0000000000..0ca9eb6a76
--- /dev/null
+++ b/src/lib/libcrypto/util/mkstack.pl
@@ -0,0 +1,125 @@
+#!/usr/local/bin/perl -w
+
+# This is a utility that searches out "DECLARE_STACK_OF()"
+# declarations in .h and .c files, and updates/creates/replaces
+# the corresponding macro declarations in crypto/stack/safestack.h.
+# As it's not generally possible to have macros that generate macros,
+# we need to control this from the "outside", here in this script.
+#
+# Geoff Thorpe, June, 2000 (with massive Perl-hacking
+#                           help from Steve Robb)
+
+my $safestack = "crypto/stack/safestack";
+
+my $do_write;
+while (@ARGV) {
+        my $arg = $ARGV[0];
+        if($arg eq "-write") {
+                $do_write = 1;
+        }
+        shift @ARGV;
+}
+
+
+@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>);
+foreach $file (@source) {
+        next if -l $file;
+
+        # Open the .c/.h file for reading
+        open(IN, "< $file") || die "Can't open $file for reading: $!";
+
+        while(<IN>) {
+                if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
+                        push @stacklst, $1;
+                } if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
+                        push @asn1setlst, $1;
+                } if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
+                        push @p12stklst, $1;
+                }
+        }
+        close(IN);
+}
+
+
+
+my $old_stackfile = "";
+my $new_stackfile = "";
+my $inside_block = 0;
+my $type_thing;
+
+open(IN, "< $safestack.h") || die "Can't open input file: $!";
+while(<IN>) {
+        $old_stackfile .= $_;
+
+        if (m|^/\* This block of defines is updated by util/mkstack.pl, please do not touch! \*/|) {
+                $inside_block = 1;
+        }
+        if (m|^/\* End of util/mkstack.pl block, you may now edit :-\) \*/|) {
+                $inside_block = 0;
+        } elsif ($inside_block == 0) {
+                $new_stackfile .= $_;
+        }
+        next if($inside_block != 1);
+        $new_stackfile .= "/* This block of defines is updated by util/mkstack.pl, please do not touch! */";
+                
+        foreach $type_thing (sort @stacklst) {
+                $new_stackfile .= <<EOF;
+
+#define sk_${type_thing}_new(st) SKM_sk_new($type_thing, (st))
+#define sk_${type_thing}_new_null() SKM_sk_new_null($type_thing)
+#define sk_${type_thing}_free(st) SKM_sk_free($type_thing, (st))
+#define sk_${type_thing}_num(st) SKM_sk_num($type_thing, (st))
+#define sk_${type_thing}_value(st, i) SKM_sk_value($type_thing, (st), (i))
+#define sk_${type_thing}_set(st, i, val) SKM_sk_set($type_thing, (st), (i), (val))
+#define sk_${type_thing}_zero(st) SKM_sk_zero($type_thing, (st))
+#define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val))
+#define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val))
+#define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val))
+#define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i))
+#define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr))
+#define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i))
+#define sk_${type_thing}_set_cmp_func(st, cmp) SKM_sk_set_cmp_func($type_thing, (st), (cmp))
+#define sk_${type_thing}_dup(st) SKM_sk_dup($type_thing, st)
+#define sk_${type_thing}_pop_free(st, free_func) SKM_sk_pop_free($type_thing, (st), (free_func))
+#define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st))
+#define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st))
+#define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st))
+#define sk_${type_thing}_is_sorted(st) SKM_sk_is_sorted($type_thing, (st))
+EOF
+        }
+        foreach $type_thing (sort @asn1setlst) {
+                $new_stackfile .= <<EOF;
+
+#define d2i_ASN1_SET_OF_${type_thing}(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \\
+        SKM_ASN1_SET_OF_d2i($type_thing, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_${type_thing}(st, pp, i2d_func, ex_tag, ex_class, is_set) \\
+        SKM_ASN1_SET_OF_i2d($type_thing, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_${type_thing}(st, i2d_func, buf, len) \\
+        SKM_ASN1_seq_pack($type_thing, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_${type_thing}(buf, len, d2i_func, free_func) \\
+        SKM_ASN1_seq_unpack($type_thing, (buf), (len), (d2i_func), (free_func))
+EOF
+        }
+        foreach $type_thing (sort @p12stklst) {
+                $new_stackfile .= <<EOF;
+
+#define PKCS12_decrypt_d2i_${type_thing}(algor, d2i_func, free_func, pass, passlen, oct, seq) \\
+        SKM_PKCS12_decrypt_d2i($type_thing, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+EOF
+        }
+        $new_stackfile .= "/* End of util/mkstack.pl block, you may now edit :-) */\n";
+        $inside_block = 2;
+}
+
+
+if ($new_stackfile eq $old_stackfile) {
+        print "No changes to $safestack.h.\n";
+        exit 0; # avoid unnecessary rebuild
+}
+
+if ($do_write) {
+        print "Writing new $safestack.h.\n";
+        open OUT, ">$safestack.h" || die "Can't open output file";
+        print OUT $new_stackfile;
+        close OUT;
+}
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
index 28869c868d..897ae9d824 100644
--- a/src/lib/libcrypto/util/pl/BC-32.pl
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -51,7 +51,7 @@ $lfile='';
 $shlib_ex_obj="";
 $app_ex_obj="c0x32.obj"; 
 
-$asm='nasmw -f obj -d__omf__';
+$asm='nasmw -f obj';
 $asm.=" /Zi" if $debug;
 $afile='-o';
 
@@ -106,13 +106,9 @@ sub do_lib_rule
         $ret.="$target: $objs\n";
         if (!$shlib)
                 {
-                $ret.=<<___;
-        -\$(RM) $lfile$target
-        \$(MKLIB) $lfile$target \@&&!
-+\$(**: = &^
-+)
-!
-___
+                #               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ret.="\techo LIB $<\n";    
+                $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n";
                 }
         else
                 {
diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl
index 8dbeaa7a08..75d72ebbcb 100644
--- a/src/lib/libcrypto/util/pl/OS2-EMX.pl
+++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl
@@ -68,7 +68,6 @@ if (!$no_asm && !$fips)
         $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
         $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
         $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
-        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
         }
 
 if ($shlib)
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index 4e97dfa9af..cf689b9feb 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -3,28 +3,15 @@
 #
 
 $ssl=   "ssleay32";
-
-if ($fips && !$shlib)
-        {
-        $crypto="libeayfips32";
-        $crypto_compat = "libeaycompat32.lib";
-        }
-else
-        {
-        $crypto="libeay32";
-        }
+$crypto="libeay32";
 
 $o='\\';
 $cp='copy nul+';        # Timestamps get stuffed otherwise
 $rm='del';
 
-$zlib_lib="zlib1.lib";
-
 # C compiler stuff
 $cc='cl';
-$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
-$cflags.=' -D_CRT_SECURE_NO_DEPRECATE';         # shut up VC8
-$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';        # shut up VC8
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
 
@@ -113,56 +100,25 @@ $cflags.=" /Fd$out_def";
 
 sub do_lib_rule
         {
-        local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
+        local($objs,$target,$name,$shlib)=@_;
         local($ret,$Name);
 
         $taget =~ s/\//$o/g if $o ne '/';
         ($Name=$name) =~ tr/a-z/A-Z/;
-        my $base_arg;
-        if ($base_addr ne "")
-                {
-                $base_arg= " /base:$base_addr";
-                }
-        else
-                {
-                $base_arg = "";
-                }
-
 
 #       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
         if (!$shlib)
                 {
 #               $ret.="\t\$(RM) \$(O_$Name)\n";
-                $ret.="$target: $objs\n";
                 $ex =' advapi32.lib';
-                $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
                 $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
                 }
         else
                 {
                 local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-                $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
-                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
-                if ($fips && $target =~ /O_CRYPTO/)
-                        {
-                        $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
-                        $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
-                        $ret.="\tSET FIPS_LINK=\$(LINK)\n";
-                        $ret.="\tSET FIPS_CC=\$(CC)\n";
-                        $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-                        $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
-                        $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-                        $ret.="\tSET FIPS_TARGET=$target\n";
-                        $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
-                        $ret.="/def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs ";
-                        $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
-                        }
-                else
-                        {
-                        $ret.="$target: $objs\n";
-                        $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
-                        }
+                $ex.=' wsock32.lib gdi32.lib advapi32.lib';
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
                 }
         $ret.="\n";
         return($ret);
@@ -170,51 +126,20 @@ sub do_lib_rule
 
 sub do_link_rule
         {
-        local($target,$files,$dep_libs,$libs,$standalone)=@_;
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
         local($ret,$_);
+        
         $file =~ s/\//$o/g if $o ne '/';
         $n=&bname($targer);
         $ret.="$target: $files $dep_libs\n";
-        if ($standalone)
-                {
-                $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
-                $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
-                $ret.="$files $libs\n<<\n";
-                }
-        elsif ($fips && !$shlib)
+        $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+        $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
+        if (defined $sha1file)
                 {
-                $ret.="\tSET FIPS_LINK=\$(LINK)\n";
-                $ret.="\tSET FIPS_CC=\$(CC)\n";
-                $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-                $ret.="\tSET PREMAIN_DSO_EXE=\n";
-                $ret.="\tSET FIPS_TARGET=$target\n";
-                $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-                $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                $ret.="  \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
-                $ret.="  \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+                $ret.="  $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
                 }
-        else
-                {
-                $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
-                $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
-                }
-        $ret.="\n";
-        return($ret);
-        }
-
-sub do_rlink_rule
-        {
-        local($target,$files,$dep_libs,$libs)=@_;
-        local($ret,$_);
-
-        $file =~ s/\//$o/g if $o ne '/';
-        $n=&bname($targer);
-        $ret.="$target: $files $dep_libs\n";
-        $ret.="  \$(MKCANISTER) $target <<\n";
-        $ret.="INPUT($files)\n<<\n";
         $ret.="\n";
         return($ret);
         }
 
-
 1;
diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl
index 546d1ec186..657e4e264e 100644
--- a/src/lib/libcrypto/util/pod2man.pl
+++ b/src/lib/libcrypto/util/pod2man.pl
@@ -425,7 +425,6 @@ if ($name ne 'something') {
             }
             next if /^=cut\b/;  # DB_File and Net::Ping have =cut before NAME
             next if /^=pod\b/;  # It is OK to have =pod before NAME
-            next if /^=for\s+comment\b/;  # It is OK to have =for comment before NAME
             die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
         }
         die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl
index 4778c5ab01..e9d5aa8938 100644
--- a/src/lib/libcrypto/util/selftest.pl
+++ b/src/lib/libcrypto/util/selftest.pl
@@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {
 }
 
 $cversion=`$cc -v 2>&1`;
-$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
+$cversion=`$cc -V 2>&1` if $cversion =~ "usage";
 $cversion=`$cc -V |head -1` if $cversion =~ "Error";
 $cversion=`$cc --version` if $cversion eq "";
 $cversion =~ s/Reading specs.*\n//;
@@ -130,21 +130,15 @@ if (system("make 2>&1 | tee make.log") > 255) {
     goto err;
 }
 
-# Not sure why this is here.  The tests themselves can detect if their
-# particular feature isn't included, and should therefore skip themselves.
-# To skip *all* tests just because one algorithm isn't included is like
-# shooting mosquito with an elephant gun...
-#                   -- Richard Levitte, inspired by problem report 1089
-#
-#$_=$options;
-#s/no-asm//;
-#s/no-shared//;
-#s/no-krb5//;
-#if (/no-/)
-#{
-#    print OUT "Test skipped.\n";
-#    goto err;
-#}
+$_=$options;
+s/no-asm//;
+s/no-shared//;
+s/no-krb5//;
+if (/no-/)
+{
+    print OUT "Test skipped.\n";
+    goto err;
+}
 
 print "Running make test...\n";
 if (system("make test 2>&1 | tee maketest.log") > 255)
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
new file mode 100644
index 0000000000..3a3452536c
--- /dev/null
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -0,0 +1,594 @@
+#
+# SSLeay/crypto/x509/Makefile
+#
+
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
+        x509name.c x509_v3.c x509_ext.c x509_att.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        x509_trs.c by_file.c by_dir.c 
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+        x509_set.o x509cset.o x509rset.o x509_err.o \
+        x509name.o x509_v3.o x509_ext.o x509_att.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        x509_trs.o by_file.o by_dir.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+by_dir.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+by_dir.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+by_dir.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+by_dir.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+by_dir.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+by_dir.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../cryptlib.h by_dir.c
+by_file.o: ../../e_os.h ../../include/openssl/aes.h
+by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_file.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+by_file.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+by_file.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+by_file.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+by_file.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
+x509_att.o: ../../e_os.h ../../include/openssl/aes.h
+x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_att.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_att.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_att.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_att.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_att.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_att.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_att.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c
+x509_cmp.o: ../../e_os.h ../../include/openssl/aes.h
+x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_cmp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_cmp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_cmp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_cmp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_cmp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c
+x509_d2.o: ../../e_os.h ../../include/openssl/aes.h
+x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_d2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_d2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x509_d2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
+x509_def.o: ../../e_os.h ../../include/openssl/aes.h
+x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_def.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_def.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_def.o: ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_def.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_def.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_def.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../cryptlib.h x509_def.c
+x509_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x509_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_err.o: x509_err.c
+x509_ext.o: ../../e_os.h ../../include/openssl/aes.h
+x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_ext.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_ext.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_ext.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c
+x509_lu.o: ../../e_os.h ../../include/openssl/aes.h
+x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_lu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_lu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_lu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
+x509_obj.o: ../../e_os.h ../../include/openssl/aes.h
+x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_obj.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_obj.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_obj.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_obj.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_obj.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_obj.o: ../cryptlib.h x509_obj.c
+x509_r2x.o: ../../e_os.h ../../include/openssl/aes.h
+x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_r2x.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_r2x.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_r2x.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_r2x.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_r2x.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_r2x.o: ../cryptlib.h x509_r2x.c
+x509_req.o: ../../e_os.h ../../include/openssl/aes.h
+x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_req.o: ../cryptlib.h x509_req.c
+x509_set.o: ../../e_os.h ../../include/openssl/aes.h
+x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_set.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_set.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_set.o: ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_set.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_set.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_set.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_set.o: ../cryptlib.h x509_set.c
+x509_trs.o: ../../e_os.h ../../include/openssl/aes.h
+x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_trs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_trs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_trs.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_trs.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_trs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_trs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_trs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c
+x509_txt.o: ../../e_os.h ../../include/openssl/aes.h
+x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_txt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_txt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_txt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_txt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_txt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_txt.o: ../cryptlib.h x509_txt.c
+x509_v3.o: ../../e_os.h ../../include/openssl/aes.h
+x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_v3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_v3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_v3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
+x509_vfy.o: ../../e_os.h ../../include/openssl/aes.h
+x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c
+x509cset.o: ../../e_os.h ../../include/openssl/aes.h
+x509cset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509cset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509cset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509cset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509cset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509cset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509cset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509cset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509cset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509cset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509cset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509cset.o: ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/aes.h
+x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509name.o: ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509name.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509name.o: ../cryptlib.h x509name.c
+x509rset.o: ../../e_os.h ../../include/openssl/aes.h
+x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509rset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509rset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509rset.o: ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509rset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509rset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509rset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509rset.o: ../cryptlib.h x509rset.c
+x509spki.o: ../../e_os.h ../../include/openssl/aes.h
+x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509spki.o: ../cryptlib.h x509spki.c
+x509type.o: ../../e_os.h ../../include/openssl/aes.h
+x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509type.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509type.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509type.o: ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509type.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509type.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509type.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509type.o: ../cryptlib.h x509type.c
+x_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
new file mode 100644
index 0000000000..6207340472
--- /dev/null
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -0,0 +1,381 @@
+/* crypto/x509/by_dir.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef MAC_OS_pre_X
+# include <stat.h>
+#else
+# include <sys/stat.h>
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+
+typedef struct lookup_dir_st
+        {
+        BUF_MEM *buffer;
+        int num_dirs;
+        char **dirs;
+        int *dirs_type;
+        int num_dirs_alloced;
+        } BY_DIR;
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+        char **ret);
+static int new_dir(X509_LOOKUP *lu);
+static void free_dir(X509_LOOKUP *lu);
+static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
+static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
+        X509_OBJECT *ret);
+X509_LOOKUP_METHOD x509_dir_lookup=
+        {
+        "Load certs from files in a directory",
+        new_dir,                /* new */
+        free_dir,               /* free */
+        NULL,                   /* init */
+        NULL,                   /* shutdown */
+        dir_ctrl,               /* ctrl */
+        get_cert_by_subject,    /* get_by_subject */
+        NULL,                   /* get_by_issuer_serial */
+        NULL,                   /* get_by_fingerprint */
+        NULL,                   /* get_by_alias */
+        };
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
+        {
+        return(&x509_dir_lookup);
+        }
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+             char **retp)
+        {
+        int ret=0;
+        BY_DIR *ld;
+        char *dir;
+
+        ld=(BY_DIR *)ctx->method_data;
+
+        switch (cmd)
+                {
+        case X509_L_ADD_DIR:
+                if (argl == X509_FILETYPE_DEFAULT)
+                        {
+                        ret=add_cert_dir(ld,X509_get_default_cert_dir(),
+                                X509_FILETYPE_PEM);
+                        if (!ret)
+                                {
+                                X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
+                                }
+                        else
+                                {
+                                dir=(char *)Getenv(X509_get_default_cert_dir_env());
+                                ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+                                }
+                        }
+                else
+                        ret=add_cert_dir(ld,argp,(int)argl);
+                break;
+                }
+        return(ret);
+        }
+
+static int new_dir(X509_LOOKUP *lu)
+        {
+        BY_DIR *a;
+
+        if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
+                return(0);
+        if ((a->buffer=BUF_MEM_new()) == NULL)
+                {
+                OPENSSL_free(a);
+                return(0);
+                }
+        a->num_dirs=0;
+        a->dirs=NULL;
+        a->dirs_type=NULL;
+        a->num_dirs_alloced=0;
+        lu->method_data=(char *)a;
+        return(1);
+        }
+
+static void free_dir(X509_LOOKUP *lu)
+        {
+        BY_DIR *a;
+        int i;
+
+        a=(BY_DIR *)lu->method_data;
+        for (i=0; i<a->num_dirs; i++)
+                if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
+        if (a->dirs != NULL) OPENSSL_free(a->dirs);
+        if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
+        if (a->buffer != NULL) BUF_MEM_free(a->buffer);
+        OPENSSL_free(a);
+        }
+
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
+        {
+        int j,len;
+        int *ip;
+        const char *s,*ss,*p;
+        char **pp;
+
+        if (dir == NULL || !*dir)
+            {
+            X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
+            return 0;
+            }
+
+        s=dir;
+        p=s;
+        for (;;)
+                {
+                if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
+                        {
+                        ss=s;
+                        s=p+1;
+                        len=(int)(p-ss);
+                        if (len == 0) continue;
+                        for (j=0; j<ctx->num_dirs; j++)
+                                if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+                                        continue;
+                        if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
+                                {
+                                ctx->num_dirs_alloced+=10;
+                                pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
+                                        sizeof(char *));
+                                ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
+                                        sizeof(int));
+                                if ((pp == NULL) || (ip == NULL))
+                                        {
+                                        X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
+                                        return(0);
+                                        }
+                                memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
+                                        sizeof(char *));
+                                memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
+                                        sizeof(int));
+                                if (ctx->dirs != NULL)
+                                        OPENSSL_free(ctx->dirs);
+                                if (ctx->dirs_type != NULL)
+                                        OPENSSL_free(ctx->dirs_type);
+                                ctx->dirs=pp;
+                                ctx->dirs_type=ip;
+                                }
+                        ctx->dirs_type[ctx->num_dirs]=type;
+                        ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
+                        if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
+                        strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
+                        ctx->dirs[ctx->num_dirs][len]='\0';
+                        ctx->num_dirs++;
+                        }
+                if (*p == '\0') break;
+                p++;
+                }
+        return(1);
+        }
+
+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+             X509_OBJECT *ret)
+        {
+        BY_DIR *ctx;
+        union   {
+                struct  {
+                        X509 st_x509;
+                        X509_CINF st_x509_cinf;
+                        } x509;
+                struct  {
+                        X509_CRL st_crl;
+                        X509_CRL_INFO st_crl_info;
+                        } crl;
+                } data;
+        int ok=0;
+        int i,j,k;
+        unsigned long h;
+        BUF_MEM *b=NULL;
+        struct stat st;
+        X509_OBJECT stmp,*tmp;
+        const char *postfix="";
+
+        if (name == NULL) return(0);
+
+        stmp.type=type;
+        if (type == X509_LU_X509)
+                {
+                data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
+                data.x509.st_x509_cinf.subject=name;
+                stmp.data.x509= &data.x509.st_x509;
+                postfix="";
+                }
+        else if (type == X509_LU_CRL)
+                {
+                data.crl.st_crl.crl= &data.crl.st_crl_info;
+                data.crl.st_crl_info.issuer=name;
+                stmp.data.crl= &data.crl.st_crl;
+                postfix="r";
+                }
+        else
+                {
+                X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
+                goto finish;
+                }
+
+        if ((b=BUF_MEM_new()) == NULL)
+                {
+                X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
+                goto finish;
+                }
+        
+        ctx=(BY_DIR *)xl->method_data;
+
+        h=X509_NAME_hash(name);
+        for (i=0; i<ctx->num_dirs; i++)
+                {
+                j=strlen(ctx->dirs[i])+1+8+6+1+1;
+                if (!BUF_MEM_grow(b,j))
+                        {
+                        X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
+                        goto finish;
+                        }
+                k=0;
+                for (;;)
+                        {
+                        char c = '/';
+#ifdef OPENSSL_SYS_VMS
+                        c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
+                        if (c != ':' && c != '>' && c != ']')
+                                {
+                                /* If no separator is present, we assume the
+                                   directory specifier is a logical name, and
+                                   add a colon.  We really should use better
+                                   VMS routines for merging things like this,
+                                   but this will do for now...
+                                   -- Richard Levitte */
+                                c = ':';
+                                }
+                        else
+                                {
+                                c = '\0';
+                                }
+#endif
+                        if (c == '\0')
+                                {
+                                /* This is special.  When c == '\0', no
+                                   directory separator should be added. */
+                                BIO_snprintf(b->data,b->max,
+                                        "%s%08lx.%s%d",ctx->dirs[i],h,
+                                        postfix,k);
+                                }
+                        else
+                                {
+                                BIO_snprintf(b->data,b->max,
+                                        "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
+                                        postfix,k);
+                                }
+                        k++;
+                        if (stat(b->data,&st) < 0)
+                                break;
+                        /* found one. */
+                        if (type == X509_LU_X509)
+                                {
+                                if ((X509_load_cert_file(xl,b->data,
+                                        ctx->dirs_type[i])) == 0)
+                                        break;
+                                }
+                        else if (type == X509_LU_CRL)
+                                {
+                                if ((X509_load_crl_file(xl,b->data,
+                                        ctx->dirs_type[i])) == 0)
+                                        break;
+                                }
+                        /* else case will caught higher up */
+                        }
+
+                /* we have added it to the cache so now pull
+                 * it out again */
+                CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+                j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
+                if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
+                else tmp = NULL;
+                CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+
+                if (tmp != NULL)
+                        {
+                        ok=1;
+                        ret->type=tmp->type;
+                        memcpy(&ret->data,&tmp->data,sizeof(ret->data));
+                        /* If we were going to up the reference count,
+                         * we would need to do it on a perl 'type'
+                         * basis */
+        /*              CRYPTO_add(&tmp->data.x509->references,1,
+                                CRYPTO_LOCK_X509);*/
+                        goto finish;
+                        }
+                }
+finish:
+        if (b != NULL) BUF_MEM_free(b);
+        return(ok);
+        }
+
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
new file mode 100644
index 0000000000..a5e0d4aefa
--- /dev/null
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -0,0 +1,300 @@
+/* crypto/x509/by_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#ifndef OPENSSL_NO_STDIO
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+        long argl, char **ret);
+X509_LOOKUP_METHOD x509_file_lookup=
+        {
+        "Load file into cache",
+        NULL,           /* new */
+        NULL,           /* free */
+        NULL,           /* init */
+        NULL,           /* shutdown */
+        by_file_ctrl,   /* ctrl */
+        NULL,           /* get_by_subject */
+        NULL,           /* get_by_issuer_serial */
+        NULL,           /* get_by_fingerprint */
+        NULL,           /* get_by_alias */
+        };
+
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
+        {
+        return(&x509_file_lookup);
+        }
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+             char **ret)
+        {
+        int ok=0;
+        char *file;
+
+        switch (cmd)
+                {
+        case X509_L_FILE_LOAD:
+                if (argl == X509_FILETYPE_DEFAULT)
+                        {
+                        file = (char *)Getenv(X509_get_default_cert_file_env());
+                        if (file)
+                                ok = (X509_load_cert_crl_file(ctx,file,
+                                              X509_FILETYPE_PEM) != 0);
+
+                        else
+                                ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+                                              X509_FILETYPE_PEM) != 0);
+
+                        if (!ok)
+                                {
+                                X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+                                }
+                        }
+                else
+                        {
+                        if(argl == X509_FILETYPE_PEM)
+                                ok = (X509_load_cert_crl_file(ctx,argp,
+                                        X509_FILETYPE_PEM) != 0);
+                        else
+                                ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
+                        }
+                break;
+                }
+        return(ok);
+        }
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
+        {
+        int ret=0;
+        BIO *in=NULL;
+        int i,count=0;
+        X509 *x=NULL;
+
+        if (file == NULL) return(1);
+        in=BIO_new(BIO_s_file_internal());
+
+        if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
+                {
+                X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
+                goto err;
+                }
+
+        if (type == X509_FILETYPE_PEM)
+                {
+                for (;;)
+                        {
+                        x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
+                        if (x == NULL)
+                                {
+                                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                                        PEM_R_NO_START_LINE) && (count > 0))
+                                        {
+                                        ERR_clear_error();
+                                        break;
+                                        }
+                                else
+                                        {
+                                        X509err(X509_F_X509_LOAD_CERT_FILE,
+                                                ERR_R_PEM_LIB);
+                                        goto err;
+                                        }
+                                }
+                        i=X509_STORE_add_cert(ctx->store_ctx,x);
+                        if (!i) goto err;
+                        count++;
+                        X509_free(x);
+                        x=NULL;
+                        }
+                ret=count;
+                }
+        else if (type == X509_FILETYPE_ASN1)
+                {
+                x=d2i_X509_bio(in,NULL);
+                if (x == NULL)
+                        {
+                        X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                i=X509_STORE_add_cert(ctx->store_ctx,x);
+                if (!i) goto err;
+                ret=i;
+                }
+        else
+                {
+                X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
+                goto err;
+                }
+err:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+        {
+        int ret=0;
+        BIO *in=NULL;
+        int i,count=0;
+        X509_CRL *x=NULL;
+
+        if (file == NULL) return(1);
+        in=BIO_new(BIO_s_file_internal());
+
+        if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
+                {
+                X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
+                goto err;
+                }
+
+        if (type == X509_FILETYPE_PEM)
+                {
+                for (;;)
+                        {
+                        x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
+                        if (x == NULL)
+                                {
+                                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                                        PEM_R_NO_START_LINE) && (count > 0))
+                                        {
+                                        ERR_clear_error();
+                                        break;
+                                        }
+                                else
+                                        {
+                                        X509err(X509_F_X509_LOAD_CRL_FILE,
+                                                ERR_R_PEM_LIB);
+                                        goto err;
+                                        }
+                                }
+                        i=X509_STORE_add_crl(ctx->store_ctx,x);
+                        if (!i) goto err;
+                        count++;
+                        X509_CRL_free(x);
+                        x=NULL;
+                        }
+                ret=count;
+                }
+        else if (type == X509_FILETYPE_ASN1)
+                {
+                x=d2i_X509_CRL_bio(in,NULL);
+                if (x == NULL)
+                        {
+                        X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
+                        goto err;
+                        }
+                i=X509_STORE_add_crl(ctx->store_ctx,x);
+                if (!i) goto err;
+                ret=i;
+                }
+        else
+                {
+                X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
+                goto err;
+                }
+err:
+        if (x != NULL) X509_CRL_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+        STACK_OF(X509_INFO) *inf;
+        X509_INFO *itmp;
+        BIO *in;
+        int i, count = 0;
+        if(type != X509_FILETYPE_PEM)
+                return X509_load_cert_file(ctx, file, type);
+        in = BIO_new_file(file, "r");
+        if(!in) {
+                X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
+                return 0;
+        }
+        inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+        BIO_free(in);
+        if(!inf) {
+                X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
+                return 0;
+        }
+        for(i = 0; i < sk_X509_INFO_num(inf); i++) {
+                itmp = sk_X509_INFO_value(inf, i);
+                if(itmp->x509) {
+                        X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+                        count++;
+                }
+                if(itmp->crl) {
+                        X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+                        count++;
+                }
+        }
+        sk_X509_INFO_pop_free(inf, X509_INFO_free);
+        return count;
+}
+
+
+#endif /* OPENSSL_NO_STDIO */
+
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
new file mode 100644
index 0000000000..e8c1a59cf2
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509.h
@@ -0,0 +1,1259 @@
+/* crypto/x509/x509.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_X509_H
+#define HEADER_X509_H
+
+#include <openssl/symhacks.h>
+#ifndef OPENSSL_NO_BUFFER
+#include <openssl/buffer.h>
+#endif
+#ifndef OPENSSL_NO_EVP
+#include <openssl/evp.h>
+#endif
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/safestack.h>
+
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
+#endif
+#include <openssl/e_os2.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_SYS_WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef X509_NAME
+#endif
+
+#define X509_FILETYPE_PEM       1
+#define X509_FILETYPE_ASN1      2
+#define X509_FILETYPE_DEFAULT   3
+
+#define X509v3_KU_DIGITAL_SIGNATURE     0x0080
+#define X509v3_KU_NON_REPUDIATION       0x0040
+#define X509v3_KU_KEY_ENCIPHERMENT      0x0020
+#define X509v3_KU_DATA_ENCIPHERMENT     0x0010
+#define X509v3_KU_KEY_AGREEMENT         0x0008
+#define X509v3_KU_KEY_CERT_SIGN         0x0004
+#define X509v3_KU_CRL_SIGN              0x0002
+#define X509v3_KU_ENCIPHER_ONLY         0x0001
+#define X509v3_KU_DECIPHER_ONLY         0x8000
+#define X509v3_KU_UNDEF                 0xffff
+
+typedef struct X509_objects_st
+        {
+        int nid;
+        int (*a2i)();
+        int (*i2a)();
+        } X509_OBJECTS;
+
+struct X509_algor_st
+        {
+        ASN1_OBJECT *algorithm;
+        ASN1_TYPE *parameter;
+        } /* X509_ALGOR */;
+
+DECLARE_STACK_OF(X509_ALGOR)
+DECLARE_ASN1_SET_OF(X509_ALGOR)
+
+typedef struct X509_val_st
+        {
+        ASN1_TIME *notBefore;
+        ASN1_TIME *notAfter;
+        } X509_VAL;
+
+typedef struct X509_pubkey_st
+        {
+        X509_ALGOR *algor;
+        ASN1_BIT_STRING *public_key;
+        EVP_PKEY *pkey;
+        } X509_PUBKEY;
+
+typedef struct X509_sig_st
+        {
+        X509_ALGOR *algor;
+        ASN1_OCTET_STRING *digest;
+        } X509_SIG;
+
+typedef struct X509_name_entry_st
+        {
+        ASN1_OBJECT *object;
+        ASN1_STRING *value;
+        int set;
+        int size;       /* temp variable */
+        } X509_NAME_ENTRY;
+
+DECLARE_STACK_OF(X509_NAME_ENTRY)
+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
+
+/* we always keep X509_NAMEs in 2 forms. */
+struct X509_name_st
+        {
+        STACK_OF(X509_NAME_ENTRY) *entries;
+        int modified;   /* true if 'bytes' needs to be built */
+#ifndef OPENSSL_NO_BUFFER
+        BUF_MEM *bytes;
+#else
+        char *bytes;
+#endif
+        unsigned long hash; /* Keep the hash around for lookups */
+        } /* X509_NAME */;
+
+DECLARE_STACK_OF(X509_NAME)
+
+#define X509_EX_V_NETSCAPE_HACK         0x8000
+#define X509_EX_V_INIT                  0x0001
+typedef struct X509_extension_st
+        {
+        ASN1_OBJECT *object;
+        ASN1_BOOLEAN critical;
+        ASN1_OCTET_STRING *value;
+        } X509_EXTENSION;
+
+DECLARE_STACK_OF(X509_EXTENSION)
+DECLARE_ASN1_SET_OF(X509_EXTENSION)
+
+/* a sequence of these are used */
+typedef struct x509_attributes_st
+        {
+        ASN1_OBJECT *object;
+        int single; /* 0 for a set, 1 for a single item (which is wrong) */
+        union   {
+                char            *ptr;
+/* 0 */         STACK_OF(ASN1_TYPE) *set;
+/* 1 */         ASN1_TYPE       *single;
+                } value;
+        } X509_ATTRIBUTE;
+
+DECLARE_STACK_OF(X509_ATTRIBUTE)
+DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
+
+
+typedef struct X509_req_info_st
+        {
+        ASN1_ENCODING enc;
+        ASN1_INTEGER *version;
+        X509_NAME *subject;
+        X509_PUBKEY *pubkey;
+        /*  d=2 hl=2 l=  0 cons: cont: 00 */
+        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+        } X509_REQ_INFO;
+
+typedef struct X509_req_st
+        {
+        X509_REQ_INFO *req_info;
+        X509_ALGOR *sig_alg;
+        ASN1_BIT_STRING *signature;
+        int references;
+        } X509_REQ;
+
+typedef struct x509_cinf_st
+        {
+        ASN1_INTEGER *version;          /* [ 0 ] default of v1 */
+        ASN1_INTEGER *serialNumber;
+        X509_ALGOR *signature;
+        X509_NAME *issuer;
+        X509_VAL *validity;
+        X509_NAME *subject;
+        X509_PUBKEY *key;
+        ASN1_BIT_STRING *issuerUID;             /* [ 1 ] optional in v2 */
+        ASN1_BIT_STRING *subjectUID;            /* [ 2 ] optional in v2 */
+        STACK_OF(X509_EXTENSION) *extensions;   /* [ 3 ] optional in v3 */
+        } X509_CINF;
+
+/* This stuff is certificate "auxiliary info"
+ * it contains details which are useful in certificate
+ * stores and databases. When used this is tagged onto
+ * the end of the certificate itself
+ */
+
+typedef struct x509_cert_aux_st
+        {
+        STACK_OF(ASN1_OBJECT) *trust;           /* trusted uses */
+        STACK_OF(ASN1_OBJECT) *reject;          /* rejected uses */
+        ASN1_UTF8STRING *alias;                 /* "friendly name" */
+        ASN1_OCTET_STRING *keyid;               /* key id of private key */
+        STACK_OF(X509_ALGOR) *other;            /* other unspecified info */
+        } X509_CERT_AUX;
+
+struct x509_st
+        {
+        X509_CINF *cert_info;
+        X509_ALGOR *sig_alg;
+        ASN1_BIT_STRING *signature;
+        int valid;
+        int references;
+        char *name;
+        CRYPTO_EX_DATA ex_data;
+        /* These contain copies of various extension values */
+        long ex_pathlen;
+        unsigned long ex_flags;
+        unsigned long ex_kusage;
+        unsigned long ex_xkusage;
+        unsigned long ex_nscert;
+        ASN1_OCTET_STRING *skid;
+        struct AUTHORITY_KEYID_st *akid;
+#ifndef OPENSSL_NO_SHA
+        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+#endif
+        X509_CERT_AUX *aux;
+        } /* X509 */;
+
+DECLARE_STACK_OF(X509)
+DECLARE_ASN1_SET_OF(X509)
+
+/* This is used for a table of trust checking functions */
+
+typedef struct x509_trust_st {
+        int trust;
+        int flags;
+        int (*check_trust)(struct x509_trust_st *, X509 *, int);
+        char *name;
+        int arg1;
+        void *arg2;
+} X509_TRUST;
+
+DECLARE_STACK_OF(X509_TRUST)
+
+/* standard trust ids */
+
+#define X509_TRUST_DEFAULT      -1      /* Only valid in purpose settings */
+
+#define X509_TRUST_COMPAT       1
+#define X509_TRUST_SSL_CLIENT   2
+#define X509_TRUST_SSL_SERVER   3
+#define X509_TRUST_EMAIL        4
+#define X509_TRUST_OBJECT_SIGN  5
+#define X509_TRUST_OCSP_SIGN    6
+#define X509_TRUST_OCSP_REQUEST 7
+
+/* Keep these up to date! */
+#define X509_TRUST_MIN          1
+#define X509_TRUST_MAX          7
+
+
+/* trust_flags values */
+#define X509_TRUST_DYNAMIC      1
+#define X509_TRUST_DYNAMIC_NAME 2
+
+/* check_trust return codes */
+
+#define X509_TRUST_TRUSTED      1
+#define X509_TRUST_REJECTED     2
+#define X509_TRUST_UNTRUSTED    3
+
+/* Flags for X509_print_ex() */
+
+#define X509_FLAG_COMPAT                0
+#define X509_FLAG_NO_HEADER             1L
+#define X509_FLAG_NO_VERSION            (1L << 1)
+#define X509_FLAG_NO_SERIAL             (1L << 2)
+#define X509_FLAG_NO_SIGNAME            (1L << 3)
+#define X509_FLAG_NO_ISSUER             (1L << 4)
+#define X509_FLAG_NO_VALIDITY           (1L << 5)
+#define X509_FLAG_NO_SUBJECT            (1L << 6)
+#define X509_FLAG_NO_PUBKEY             (1L << 7)
+#define X509_FLAG_NO_EXTENSIONS         (1L << 8)
+#define X509_FLAG_NO_SIGDUMP            (1L << 9)
+#define X509_FLAG_NO_AUX                (1L << 10)
+#define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
+
+/* Flags specific to X509_NAME_print_ex() */    
+
+/* The field separator information */
+
+#define XN_FLAG_SEP_MASK        (0xf << 16)
+
+#define XN_FLAG_COMPAT          0               /* Traditional SSLeay: use old X509_NAME_print */
+#define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)       /* RFC2253 ,+ */
+#define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)       /* ,+ spaced: more readable */
+#define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)       /* ;+ spaced */
+#define XN_FLAG_SEP_MULTILINE   (4 << 16)       /* One line per field */
+
+#define XN_FLAG_DN_REV          (1 << 20)       /* Reverse DN order */
+
+/* How the field name is shown */
+
+#define XN_FLAG_FN_MASK         (0x3 << 21)
+
+#define XN_FLAG_FN_SN           0               /* Object short name */
+#define XN_FLAG_FN_LN           (1 << 21)       /* Object long name */
+#define XN_FLAG_FN_OID          (2 << 21)       /* Always use OIDs */
+#define XN_FLAG_FN_NONE         (3 << 21)       /* No field names */
+
+#define XN_FLAG_SPC_EQ          (1 << 23)       /* Put spaces round '=' */
+
+/* This determines if we dump fields we don't recognise:
+ * RFC2253 requires this.
+ */
+
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+#define XN_FLAG_FN_ALIGN        (1 << 25)       /* Align field names to 20 characters */
+
+/* Complete set of RFC2253 flags */
+
+#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+                        XN_FLAG_SEP_COMMA_PLUS | \
+                        XN_FLAG_DN_REV | \
+                        XN_FLAG_FN_SN | \
+                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+                        ASN1_STRFLGS_ESC_QUOTE | \
+                        XN_FLAG_SEP_CPLUS_SPC | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+                        ASN1_STRFLGS_ESC_MSB | \
+                        XN_FLAG_SEP_MULTILINE | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_LN | \
+                        XN_FLAG_FN_ALIGN)
+
+typedef struct X509_revoked_st
+        {
+        ASN1_INTEGER *serialNumber;
+        ASN1_TIME *revocationDate;
+        STACK_OF(X509_EXTENSION) /* optional */ *extensions;
+        int sequence; /* load sequence */
+        } X509_REVOKED;
+
+DECLARE_STACK_OF(X509_REVOKED)
+DECLARE_ASN1_SET_OF(X509_REVOKED)
+
+typedef struct X509_crl_info_st
+        {
+        ASN1_INTEGER *version;
+        X509_ALGOR *sig_alg;
+        X509_NAME *issuer;
+        ASN1_TIME *lastUpdate;
+        ASN1_TIME *nextUpdate;
+        STACK_OF(X509_REVOKED) *revoked;
+        STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
+        ASN1_ENCODING enc;
+        } X509_CRL_INFO;
+
+struct X509_crl_st
+        {
+        /* actual signature */
+        X509_CRL_INFO *crl;
+        X509_ALGOR *sig_alg;
+        ASN1_BIT_STRING *signature;
+        int references;
+        } /* X509_CRL */;
+
+DECLARE_STACK_OF(X509_CRL)
+DECLARE_ASN1_SET_OF(X509_CRL)
+
+typedef struct private_key_st
+        {
+        int version;
+        /* The PKCS#8 data types */
+        X509_ALGOR *enc_algor;
+        ASN1_OCTET_STRING *enc_pkey;    /* encrypted pub key */
+
+        /* When decrypted, the following will not be NULL */
+        EVP_PKEY *dec_pkey;
+
+        /* used to encrypt and decrypt */
+        int key_length;
+        char *key_data;
+        int key_free;   /* true if we should auto free key_data */
+
+        /* expanded version of 'enc_algor' */
+        EVP_CIPHER_INFO cipher;
+
+        int references;
+        } X509_PKEY;
+
+#ifndef OPENSSL_NO_EVP
+typedef struct X509_info_st
+        {
+        X509 *x509;
+        X509_CRL *crl;
+        X509_PKEY *x_pkey;
+
+        EVP_CIPHER_INFO enc_cipher;
+        int enc_len;
+        char *enc_data;
+
+        int references;
+        } X509_INFO;
+
+DECLARE_STACK_OF(X509_INFO)
+#endif
+
+/* The next 2 structures and their 8 routines were sent to me by
+ * Pat Richard <patr@x509.com> and are used to manipulate
+ * Netscapes spki structures - useful if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st
+        {
+        X509_PUBKEY *pubkey;
+        ASN1_IA5STRING *challenge;      /* challenge sent in atlas >= PR2 */
+        } NETSCAPE_SPKAC;
+
+typedef struct Netscape_spki_st
+        {
+        NETSCAPE_SPKAC *spkac;  /* signed public key and challenge */
+        X509_ALGOR *sig_algor;
+        ASN1_BIT_STRING *signature;
+        } NETSCAPE_SPKI;
+
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence
+        {
+        ASN1_OBJECT *type;
+        STACK_OF(X509) *certs;
+        } NETSCAPE_CERT_SEQUENCE;
+
+/* Unused (and iv length is wrong)
+typedef struct CBCParameter_st
+        {
+        unsigned char iv[8];
+        } CBC_PARAM;
+*/
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+X509_ALGOR *keyfunc;
+X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+ASN1_TYPE *salt;        /* Usually OCTET STRING but could be anything */
+ASN1_INTEGER *iter;
+ASN1_INTEGER *keylength;
+X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+
+/* PKCS#8 private key info structure */
+
+typedef struct pkcs8_priv_key_info_st
+        {
+        int broken;     /* Flag for various broken formats */
+#define PKCS8_OK                0
+#define PKCS8_NO_OCTET          1
+#define PKCS8_EMBEDDED_PARAM    2
+#define PKCS8_NS_DB             3
+        ASN1_INTEGER *version;
+        X509_ALGOR *pkeyalg;
+        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+        STACK_OF(X509_ATTRIBUTE) *attributes;
+        } PKCS8_PRIV_KEY_INFO;
+
+#ifdef  __cplusplus
+}
+#endif
+
+#include <openssl/x509_vfy.h>
+#include <openssl/pkcs7.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef SSLEAY_MACROS
+#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
+        a->signature,(char *)a->cert_info,r)
+#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
+        a->sig_alg,a->signature,(char *)a->req_info,r)
+#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
+        a->sig_alg, a->signature,(char *)a->crl,r)
+
+#define X509_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
+                x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
+#define X509_REQ_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
+                x->signature, (char *)x->req_info,pkey,md)
+#define X509_CRL_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
+                x->signature, (char *)x->crl,pkey,md)
+#define NETSCAPE_SPKI_sign(x,pkey,md) \
+        ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
+                x->signature, (char *)x->spkac,pkey,md)
+
+#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
+                (char *(*)())d2i_X509,(char *)x509)
+#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
+                (int (*)())i2d_X509_ATTRIBUTE, \
+                (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
+#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
+                (int (*)())i2d_X509_EXTENSION, \
+                (char *(*)())d2i_X509_EXTENSION,(char *)ex)
+#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
+                (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
+#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
+#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
+                (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
+#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
+
+#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
+                (char *(*)())d2i_X509_CRL,(char *)crl)
+#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
+                X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
+                (unsigned char **)(crl))
+#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
+                (unsigned char *)crl)
+#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
+                X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
+                (unsigned char **)(crl))
+#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
+                (unsigned char *)crl)
+
+#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
+                (char *(*)())d2i_PKCS7,(char *)p7)
+#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
+                PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
+                (unsigned char **)(p7))
+#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
+                (unsigned char *)p7)
+#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
+                PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
+                (unsigned char **)(p7))
+#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
+                (unsigned char *)p7)
+
+#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
+                (char *(*)())d2i_X509_REQ,(char *)req)
+#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
+                X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
+                (unsigned char **)(req))
+#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
+                (unsigned char *)req)
+#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
+                X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
+                (unsigned char **)(req))
+#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
+                (unsigned char *)req)
+
+#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
+                (char *(*)())d2i_RSAPublicKey,(char *)rsa)
+#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
+                (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
+
+#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
+                (unsigned char *)rsa)
+#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
+                (unsigned char *)rsa)
+
+#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
+                (unsigned char *)rsa)
+#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+                RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
+                (unsigned char **)(rsa))
+#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
+                (unsigned char *)rsa)
+
+#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
+                (unsigned char **)(dsa))
+#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
+                (unsigned char *)dsa)
+#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
+                (unsigned char **)(dsa))
+#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
+                (unsigned char *)dsa)
+
+#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
+                (char *(*)())d2i_X509_ALGOR,(char *)xn)
+
+#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
+                (char *(*)())d2i_X509_NAME,(char *)xn)
+#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
+                (int (*)())i2d_X509_NAME_ENTRY, \
+                (char *(*)())d2i_X509_NAME_ENTRY,\
+                (char *)ne)
+
+#define X509_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
+#define X509_NAME_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
+#ifndef PKCS7_ISSUER_AND_SERIAL_digest
+#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+                (char *)data,md,len)
+#endif
+#endif
+
+#define X509_EXT_PACK_UNKNOWN   1
+#define X509_EXT_PACK_STRING    2
+
+#define         X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
+/* #define      X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
+#define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
+#define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
+#define         X509_extract_key(x)     X509_get_pubkey(x) /*****/
+#define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
+#define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
+#define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+#define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
+#define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
+
+#define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+#define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+#define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+#define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
+#define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
+/* This one is only used so that a binary form can output, as in
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
+#define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
+
+
+const char *X509_verify_cert_error_string(long n);
+
+#ifndef SSLEAY_MACROS
+#ifndef OPENSSL_NO_EVP
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+
+NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
+char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+
+int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_digest(const X509 *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+int i2d_X509_fp(FILE *fp,X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
+int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
+int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
+int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+#endif
+X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+#endif
+
+#ifndef OPENSSL_NO_BIO
+X509 *d2i_X509_bio(BIO *bp,X509 **x509);
+int i2d_X509_bio(BIO *bp,X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
+int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
+int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
+int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+#endif
+
+X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+
+#endif /* !SSLEAY_MACROS */
+
+int             X509_cmp_time(ASN1_TIME *s, time_t *t);
+int             X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME *     X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *     X509_gmtime_adj(ASN1_TIME *s, long adj);
+
+const char *    X509_get_default_cert_area(void );
+const char *    X509_get_default_cert_dir(void );
+const char *    X509_get_default_cert_file(void );
+const char *    X509_get_default_cert_dir_env(void );
+const char *    X509_get_default_cert_file_env(void );
+const char *    X509_get_default_private_dir(void );
+
+X509_REQ *      X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+X509 *          X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
+
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
+
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int             X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *      X509_PUBKEY_get(X509_PUBKEY *key);
+int             X509_get_pubkey_parameters(EVP_PKEY *pkey,
+                                           STACK_OF(X509) *chain);
+int             i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
+EVP_PKEY *      d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
+                        long length);
+#ifndef OPENSSL_NO_RSA
+int             i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
+RSA *           d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
+                        long length);
+#endif
+#ifndef OPENSSL_NO_DSA
+int             i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
+DSA *           d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
+                        long length);
+#endif
+
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
+
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
+
+int             X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
+
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int X509_set_ex_data(X509 *r, int idx, void *arg);
+void *X509_get_ex_data(X509 *r, int idx);
+int             i2d_X509_AUX(X509 *a,unsigned char **pp);
+X509 *          d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
+unsigned char * X509_alias_get0(X509 *x, int *len);
+int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
+int X509_TRUST_set(int *t, int trust);
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
+void X509_trust_clear(X509 *x);
+void X509_reject_clear(X509 *x);
+
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+
+X509_PKEY *     X509_PKEY_new(void );
+void            X509_PKEY_free(X509_PKEY *a);
+int             i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
+X509_PKEY *     d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
+
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
+
+#ifndef OPENSSL_NO_EVP
+X509_INFO *     X509_INFO_new(void);
+void            X509_INFO_free(X509_INFO *a);
+char *          X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+
+int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
+        ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
+
+int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
+        unsigned char *md,unsigned int *len);
+
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+        ASN1_BIT_STRING *signature,
+        char *data,EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
+        unsigned char *md,unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+        ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+        ASN1_BIT_STRING *signature,
+        void *data, EVP_PKEY *pkey, const EVP_MD *type);
+#endif
+
+int             X509_set_version(X509 *x,long version);
+int             X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *  X509_get_serialNumber(X509 *x);
+int             X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *     X509_get_issuer_name(X509 *a);
+int             X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *     X509_get_subject_name(X509 *a);
+int             X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int             X509_set_notAfter(X509 *x, ASN1_TIME *tm);
+int             X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+EVP_PKEY *      X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
+int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
+
+int             X509_REQ_set_version(X509_REQ *x,long version);
+int             X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
+int             X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *      X509_REQ_get_pubkey(X509_REQ *req);
+int             X509_REQ_extension_nid(int nid);
+int *           X509_REQ_get_extension_nids(void);
+void            X509_REQ_set_extension_nids(int *nids);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+int X509_REQ_get_attr_count(const X509_REQ *req);
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
+                          int lastpos);
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+                          int lastpos);
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                        const ASN1_OBJECT *obj, int type,
+                        const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                        int nid, int type,
+                        const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                        const char *attrname, int type,
+                        const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+
+int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
+
+int             X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+unsigned long   X509_issuer_and_serial_hash(X509 *a);
+
+int             X509_issuer_name_cmp(const X509 *a, const X509 *b);
+unsigned long   X509_issuer_name_hash(X509 *a);
+
+int             X509_subject_name_cmp(const X509 *a, const X509 *b);
+unsigned long   X509_subject_name_hash(X509 *x);
+
+int             X509_cmp(const X509 *a, const X509 *b);
+int             X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+unsigned long   X509_NAME_hash(X509_NAME *x);
+
+int             X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+#ifndef OPENSSL_NO_FP_API
+int             X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
+int             X509_print_fp(FILE *bp,X509 *x);
+int             X509_CRL_print_fp(FILE *bp,X509_CRL *x);
+int             X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+#endif
+
+#ifndef OPENSSL_NO_BIO
+int             X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+int             X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
+int             X509_print(BIO *bp,X509 *x);
+int             X509_ocspid_print(BIO *bp,X509 *x);
+int             X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
+int             X509_CRL_print(BIO *bp,X509_CRL *x);
+int             X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
+int             X509_REQ_print(BIO *bp,X509_REQ *req);
+#endif
+
+int             X509_NAME_entry_count(X509_NAME *name);
+int             X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
+                        char *buf,int len);
+int             X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+                        char *buf,int len);
+
+/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+ * lastpos, search after that position on. */
+int             X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+int             X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
+                        int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int             X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
+                        int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
+                        unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                        unsigned char *bytes, int len, int loc, int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                const char *field, int type, const unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                        int type,unsigned char *bytes, int len);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                        const unsigned char *bytes, int len, int loc, int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                        ASN1_OBJECT *obj, int type,const unsigned char *bytes,
+                        int len);
+int             X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
+                        ASN1_OBJECT *obj);
+int             X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                        const unsigned char *bytes, int len);
+ASN1_OBJECT *   X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING *   X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+int             X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int             X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                                      int nid, int lastpos);
+int             X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                                      ASN1_OBJECT *obj,int lastpos);
+int             X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                                           int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc);
+
+int             X509_get_ext_count(X509 *x);
+int             X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+int             X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
+int             X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int             X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+int             X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
+
+int             X509_CRL_get_ext_count(X509_CRL *x);
+int             X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+int             X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
+int             X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int             X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+int             X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
+
+int             X509_REVOKED_get_ext_count(X509_REVOKED *x);
+int             X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+int             X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
+int             X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int             X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+int             X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                                                        unsigned long flags);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                        int nid, int crit, ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                        ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
+int             X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
+int             X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int             X509_EXTENSION_set_data(X509_EXTENSION *ex,
+                        ASN1_OCTET_STRING *data);
+ASN1_OBJECT *   X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int             X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                          int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+                          int lastpos);
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                         X509_ATTRIBUTE *attr);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+                        const ASN1_OBJECT *obj, int type,
+                        const unsigned char *bytes, int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+                        int nid, int type,
+                        const unsigned char *bytes, int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+                        const char *attrname, int type,
+                        const unsigned char *bytes, int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+             int atrtype, const void *data, int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+             const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                const char *atrname, int type, const unsigned char *bytes, int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+                                        int atrtype, void *data);
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+int             X509_verify_cert(X509_STORE_CTX *ctx);
+
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
+                                     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                                         unsigned char *salt, int saltlen);
+
+/* PKCS#8 utilities */
+
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+
+int X509_check_trust(X509 *x, int id, int flags);
+int X509_TRUST_get_count(void);
+X509_TRUST * X509_TRUST_get0(int idx);
+int X509_TRUST_get_by_id(int id);
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+                                        char *name, int arg1, void *arg2);
+void X509_TRUST_cleanup(void);
+int X509_TRUST_get_flags(X509_TRUST *xp);
+char *X509_TRUST_get0_name(X509_TRUST *xp);
+int X509_TRUST_get_trust(X509_TRUST *xp);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_X509_strings(void);
+
+/* Error codes for the X509 functions. */
+
+/* Function codes. */
+#define X509_F_ADD_CERT_DIR                              100
+#define X509_F_BY_FILE_CTRL                              101
+#define X509_F_DIR_CTRL                                  102
+#define X509_F_GET_CERT_BY_SUBJECT                       103
+#define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
+#define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
+#define X509_F_X509V3_ADD_EXT                            104
+#define X509_F_X509_ADD_ATTR                             135
+#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
+#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
+#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
+#define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
+#define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
+#define X509_F_X509_CHECK_PRIVATE_KEY                    128
+#define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+#define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+#define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+#define X509_F_X509_LOAD_CERT_CRL_FILE                   132
+#define X509_F_X509_LOAD_CERT_FILE                       111
+#define X509_F_X509_LOAD_CRL_FILE                        112
+#define X509_F_X509_NAME_ADD_ENTRY                       113
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
+#define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+#define X509_F_X509_NAME_ONELINE                         116
+#define X509_F_X509_NAME_PRINT                           117
+#define X509_F_X509_PRINT_FP                             118
+#define X509_F_X509_PUBKEY_GET                           119
+#define X509_F_X509_PUBKEY_SET                           120
+#define X509_F_X509_REQ_PRINT                            121
+#define X509_F_X509_REQ_PRINT_FP                         122
+#define X509_F_X509_REQ_TO_X509                          123
+#define X509_F_X509_STORE_ADD_CERT                       124
+#define X509_F_X509_STORE_ADD_CRL                        125
+#define X509_F_X509_STORE_CTX_INIT                       143
+#define X509_F_X509_STORE_CTX_NEW                        142
+#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
+#define X509_F_X509_TO_X509_REQ                          126
+#define X509_F_X509_TRUST_ADD                            133
+#define X509_F_X509_TRUST_SET                            141
+#define X509_F_X509_VERIFY_CERT                          127
+
+/* Reason codes. */
+#define X509_R_BAD_X509_FILETYPE                         100
+#define X509_R_BASE64_DECODE_ERROR                       118
+#define X509_R_CANT_CHECK_DH_KEY                         114
+#define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+#define X509_R_ERR_ASN1_LIB                              102
+#define X509_R_INVALID_DIRECTORY                         113
+#define X509_R_INVALID_FIELD_NAME                        119
+#define X509_R_INVALID_TRUST                             123
+#define X509_R_KEY_TYPE_MISMATCH                         115
+#define X509_R_KEY_VALUES_MISMATCH                       116
+#define X509_R_LOADING_CERT_DIR                          103
+#define X509_R_LOADING_DEFAULTS                          104
+#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+#define X509_R_SHOULD_RETRY                              106
+#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+#define X509_R_UNKNOWN_KEY_TYPE                          117
+#define X509_R_UNKNOWN_NID                               109
+#define X509_R_UNKNOWN_PURPOSE_ID                        121
+#define X509_R_UNKNOWN_TRUST_ID                          120
+#define X509_R_UNSUPPORTED_ALGORITHM                     111
+#define X509_R_WRONG_LOOKUP_TYPE                         112
+#define X509_R_WRONG_TYPE                                122
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
new file mode 100644
index 0000000000..0bae3d32a1
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -0,0 +1,326 @@
+/* crypto/x509/x509_att.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+        if (!x) return 0;
+        return(sk_X509_ATTRIBUTE_num(x));
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                          int lastpos)
+{
+        ASN1_OBJECT *obj;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-2);
+        return(X509at_get_attr_by_OBJ(x,obj,lastpos));
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+                          int lastpos)
+{
+        int n;
+        X509_ATTRIBUTE *ex;
+
+        if (sk == NULL) return(-1);
+        lastpos++;
+        if (lastpos < 0)
+                lastpos=0;
+        n=sk_X509_ATTRIBUTE_num(sk);
+        for ( ; lastpos < n; lastpos++)
+                {
+                ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
+                if (OBJ_cmp(ex->object,obj) == 0)
+                        return(lastpos);
+                }
+        return(-1);
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+                return NULL;
+        else
+                return sk_X509_ATTRIBUTE_value(x,loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+        X509_ATTRIBUTE *ret;
+
+        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+                return(NULL);
+        ret=sk_X509_ATTRIBUTE_delete(x,loc);
+        return(ret);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                         X509_ATTRIBUTE *attr)
+{
+        X509_ATTRIBUTE *new_attr=NULL;
+        STACK_OF(X509_ATTRIBUTE) *sk=NULL;
+
+        if ((x != NULL) && (*x == NULL))
+                {
+                if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
+                        goto err;
+                }
+        else
+                sk= *x;
+
+        if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
+                goto err2;
+        if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
+                goto err;
+        if ((x != NULL) && (*x == NULL))
+                *x=sk;
+        return(sk);
+err:
+        X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
+err2:
+        if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
+        if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
+        return(NULL);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+                        const ASN1_OBJECT *obj, int type,
+                        const unsigned char *bytes, int len)
+{
+        X509_ATTRIBUTE *attr;
+        STACK_OF(X509_ATTRIBUTE) *ret;
+        attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+        if(!attr) return 0;
+        ret = X509at_add1_attr(x, attr);
+        X509_ATTRIBUTE_free(attr);
+        return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+                        int nid, int type,
+                        const unsigned char *bytes, int len)
+{
+        X509_ATTRIBUTE *attr;
+        STACK_OF(X509_ATTRIBUTE) *ret;
+        attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+        if(!attr) return 0;
+        ret = X509at_add1_attr(x, attr);
+        X509_ATTRIBUTE_free(attr);
+        return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+                        const char *attrname, int type,
+                        const unsigned char *bytes, int len)
+{
+        X509_ATTRIBUTE *attr;
+        STACK_OF(X509_ATTRIBUTE) *ret;
+        attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+        if(!attr) return 0;
+        ret = X509at_add1_attr(x, attr);
+        X509_ATTRIBUTE_free(attr);
+        return ret;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+             int atrtype, const void *data, int len)
+{
+        ASN1_OBJECT *obj;
+        X509_ATTRIBUTE *ret;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                return(NULL);
+                }
+        ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
+        if (ret == NULL) ASN1_OBJECT_free(obj);
+        return(ret);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+             const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
+{
+        X509_ATTRIBUTE *ret;
+
+        if ((attr == NULL) || (*attr == NULL))
+                {
+                if ((ret=X509_ATTRIBUTE_new()) == NULL)
+                        {
+                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                }
+        else
+                ret= *attr;
+
+        if (!X509_ATTRIBUTE_set1_object(ret,obj))
+                goto err;
+        if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
+                goto err;
+        
+        if ((attr != NULL) && (*attr == NULL)) *attr=ret;
+        return(ret);
+err:
+        if ((attr == NULL) || (ret != *attr))
+                X509_ATTRIBUTE_free(ret);
+        return(NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                const char *atrname, int type, const unsigned char *bytes, int len)
+        {
+        ASN1_OBJECT *obj;
+        X509_ATTRIBUTE *nattr;
+
+        obj=OBJ_txt2obj(atrname, 0);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+                                                X509_R_INVALID_FIELD_NAME);
+                ERR_add_error_data(2, "name=", atrname);
+                return(NULL);
+                }
+        nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
+        ASN1_OBJECT_free(obj);
+        return nattr;
+        }
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+{
+        if ((attr == NULL) || (obj == NULL))
+                return(0);
+        ASN1_OBJECT_free(attr->object);
+        attr->object=OBJ_dup(obj);
+        return(1);
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
+{
+        ASN1_TYPE *ttmp;
+        ASN1_STRING *stmp;
+        int atype;
+        if (!attr) return 0;
+        if(attrtype & MBSTRING_FLAG) {
+                stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+                                                OBJ_obj2nid(attr->object));
+                if(!stmp) {
+                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+                        return 0;
+                }
+                atype = stmp->type;
+        } else {
+                if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
+                if(!ASN1_STRING_set(stmp, data, len)) goto err;
+                atype = attrtype;
+        }
+        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+        if(!(ttmp = ASN1_TYPE_new())) goto err;
+        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
+        attr->single = 0;
+        ASN1_TYPE_set(ttmp, atype, stmp);
+        return 1;
+        err:
+        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+}
+
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+{
+        if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
+        if(attr->value.single) return 1;
+        return 0;
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+        if (attr == NULL) return(NULL);
+        return(attr->object);
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+                                        int atrtype, void *data)
+{
+        ASN1_TYPE *ttmp;
+        ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+        if(!ttmp) return NULL;
+        if(atrtype != ASN1_TYPE_get(ttmp)){
+                X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+                return NULL;
+        }
+        return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+        if (attr == NULL) return(NULL);
+        if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
+        if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
+        else return attr->value.single;
+}
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
new file mode 100644
index 0000000000..030d0966fc
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -0,0 +1,440 @@
+/* crypto/x509/x509_cmp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+        {
+        int i;
+        X509_CINF *ai,*bi;
+
+        ai=a->cert_info;
+        bi=b->cert_info;
+        i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
+        if (i) return(i);
+        return(X509_NAME_cmp(ai->issuer,bi->issuer));
+        }
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_and_serial_hash(X509 *a)
+        {
+        unsigned long ret=0;
+        EVP_MD_CTX ctx;
+        unsigned char md[16];
+        char *f;
+
+        EVP_MD_CTX_init(&ctx);
+        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+        ret=strlen(f);
+        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+        EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
+        OPENSSL_free(f);
+        EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+                (unsigned long)a->cert_info->serialNumber->length);
+        EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
+        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                )&0xffffffffL;
+        EVP_MD_CTX_cleanup(&ctx);
+        return(ret);
+        }
+#endif
+        
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+        {
+        return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
+        }
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
+        {
+        return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
+        }
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+        {
+        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
+        }
+
+X509_NAME *X509_get_issuer_name(X509 *a)
+        {
+        return(a->cert_info->issuer);
+        }
+
+unsigned long X509_issuer_name_hash(X509 *x)
+        {
+        return(X509_NAME_hash(x->cert_info->issuer));
+        }
+
+X509_NAME *X509_get_subject_name(X509 *a)
+        {
+        return(a->cert_info->subject);
+        }
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+        {
+        return(a->cert_info->serialNumber);
+        }
+
+unsigned long X509_subject_name_hash(X509 *x)
+        {
+        return(X509_NAME_hash(x->cert_info->subject));
+        }
+
+#ifndef OPENSSL_NO_SHA
+/* Compare two certificates: they must be identical for
+ * this to work. NB: Although "cmp" operations are generally
+ * prototyped to take "const" arguments (eg. for use in
+ * STACKs), the way X509 handling is - these operations may
+ * involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point
+ * where the "depth-first" constification tree has to halt
+ * with an evil cast.
+ */
+int X509_cmp(const X509 *a, const X509 *b)
+{
+        /* ensure hash is valid */
+        X509_check_purpose((X509 *)a, -1, 0);
+        X509_check_purpose((X509 *)b, -1, 0);
+
+        return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+}
+#endif
+
+
+/* Case insensitive string comparision */
+static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+        int i;
+
+        if (a->length != b->length)
+                return (a->length - b->length);
+
+        for (i=0; i<a->length; i++)
+        {
+                int ca, cb;
+
+                ca = tolower(a->data[i]);
+                cb = tolower(b->data[i]);
+
+                if (ca != cb)
+                        return(ca-cb);
+        }
+        return 0;
+}
+
+/* Case insensitive string comparision with space normalization 
+ * Space normalization - ignore leading, trailing spaces, 
+ *       multiple spaces between characters are replaced by single space  
+ */
+static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+        unsigned char *pa = NULL, *pb = NULL;
+        int la, lb;
+        
+        la = a->length;
+        lb = b->length;
+        pa = a->data;
+        pb = b->data;
+
+        /* skip leading spaces */
+        while (la > 0 && isspace(*pa))
+        {
+                la--;
+                pa++;
+        }
+        while (lb > 0 && isspace(*pb))
+        {
+                lb--;
+                pb++;
+        }
+
+        /* skip trailing spaces */
+        while (la > 0 && isspace(pa[la-1]))
+                la--;
+        while (lb > 0 && isspace(pb[lb-1]))
+                lb--;
+
+        /* compare strings with space normalization */
+        while (la > 0 && lb > 0)
+        {
+                int ca, cb;
+
+                /* compare character */
+                ca = tolower(*pa);
+                cb = tolower(*pb);
+                if (ca != cb)
+                        return (ca - cb);
+
+                pa++; pb++;
+                la--; lb--;
+
+                if (la <= 0 || lb <= 0)
+                        break;
+
+                /* is white space next character ? */
+                if (isspace(*pa) && isspace(*pb))
+                {
+                        /* skip remaining white spaces */
+                        while (la > 0 && isspace(*pa))
+                        {
+                                la--;
+                                pa++;
+                        }
+                        while (lb > 0 && isspace(*pb))
+                        {
+                                lb--;
+                                pb++;
+                        }
+                }
+        }
+        if (la > 0 || lb > 0)
+                return la - lb;
+
+        return 0;
+}
+
+static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
+        {
+        int j;
+        j = a->length - b->length;
+        if (j)
+                return j;
+        return memcmp(a->data, b->data, a->length);
+        }
+
+#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
+
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+        {
+        int i,j;
+        X509_NAME_ENTRY *na,*nb;
+
+        unsigned long nabit, nbbit;
+
+        j = sk_X509_NAME_ENTRY_num(a->entries)
+                  - sk_X509_NAME_ENTRY_num(b->entries);
+        if (j)
+                return j;
+        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
+                {
+                na=sk_X509_NAME_ENTRY_value(a->entries,i);
+                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+                j=na->value->type-nb->value->type;
+                if (j)
+                        {
+                        nabit = ASN1_tag2bit(na->value->type);
+                        nbbit = ASN1_tag2bit(nb->value->type);
+                        if (!(nabit & STR_TYPE_CMP) ||
+                                !(nbbit & STR_TYPE_CMP))
+                                return j;
+                        j = asn1_string_memcmp(na->value, nb->value);
+                        }
+                else if (na->value->type == V_ASN1_PRINTABLESTRING)
+                        j=nocase_spacenorm_cmp(na->value, nb->value);
+                else if (na->value->type == V_ASN1_IA5STRING
+                        && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+                        j=nocase_cmp(na->value, nb->value);
+                else
+                        j = asn1_string_memcmp(na->value, nb->value);
+                if (j) return(j);
+                j=na->set-nb->set;
+                if (j) return(j);
+                }
+
+        /* We will check the object types after checking the values
+         * since the values will more often be different than the object
+         * types. */
+        for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
+                {
+                na=sk_X509_NAME_ENTRY_value(a->entries,i);
+                nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+                j=OBJ_cmp(na->object,nb->object);
+                if (j) return(j);
+                }
+        return(0);
+        }
+
+#ifndef OPENSSL_NO_MD5
+/* I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably efficient. */
+unsigned long X509_NAME_hash(X509_NAME *x)
+        {
+        unsigned long ret=0;
+        unsigned char md[16];
+        EVP_MD_CTX md_ctx;
+
+        /* Make sure X509_NAME structure contains valid cached encoding */
+        i2d_X509_NAME(x,NULL);
+        EVP_MD_CTX_init(&md_ctx);
+        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+        EVP_DigestFinal_ex(&md_ctx,md,NULL);
+        EVP_MD_CTX_cleanup(&md_ctx);
+
+        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                )&0xffffffffL;
+        return(ret);
+        }
+#endif
+
+/* Search a stack of X509 for a match */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                ASN1_INTEGER *serial)
+        {
+        int i;
+        X509_CINF cinf;
+        X509 x,*x509=NULL;
+
+        if(!sk) return NULL;
+
+        x.cert_info= &cinf;
+        cinf.serialNumber=serial;
+        cinf.issuer=name;
+
+        for (i=0; i<sk_X509_num(sk); i++)
+                {
+                x509=sk_X509_value(sk,i);
+                if (X509_issuer_and_serial_cmp(x509,&x) == 0)
+                        return(x509);
+                }
+        return(NULL);
+        }
+
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+        {
+        X509 *x509;
+        int i;
+
+        for (i=0; i<sk_X509_num(sk); i++)
+                {
+                x509=sk_X509_value(sk,i);
+                if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
+                        return(x509);
+                }
+        return(NULL);
+        }
+
+EVP_PKEY *X509_get_pubkey(X509 *x)
+        {
+        if ((x == NULL) || (x->cert_info == NULL))
+                return(NULL);
+        return(X509_PUBKEY_get(x->cert_info->key));
+        }
+
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+        {
+        if(!x) return NULL;
+        return x->cert_info->key->public_key;
+        }
+
+int X509_check_private_key(X509 *x, EVP_PKEY *k)
+        {
+        EVP_PKEY *xk=NULL;
+        int ok=0;
+
+        xk=X509_get_pubkey(x);
+        if (xk->type != k->type)
+            {
+            X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+            goto err;
+            }
+        switch (k->type)
+                {
+#ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+                if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+                    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+                    {
+                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                    goto err;
+                    }
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case EVP_PKEY_DSA:
+                if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
+                    {
+                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                    goto err;
+                    }
+                break;
+#endif
+#ifndef OPENSSL_NO_DH
+        case EVP_PKEY_DH:
+                /* No idea */
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
+                goto err;
+#endif
+        default:
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+                goto err;
+                }
+
+        ok=1;
+err:
+        EVP_PKEY_free(xk);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
new file mode 100644
index 0000000000..51410cfd1a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -0,0 +1,107 @@
+/* crypto/x509/x509_d2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_STORE_set_default_paths(X509_STORE *ctx)
+        {
+        X509_LOOKUP *lookup;
+
+        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+        if (lookup == NULL) return(0);
+        X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+        if (lookup == NULL) return(0);
+        X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+        
+        /* clear any errors */
+        ERR_clear_error();
+
+        return(1);
+        }
+
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+                const char *path)
+        {
+        X509_LOOKUP *lookup;
+
+        if (file != NULL)
+                {
+                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+                if (lookup == NULL) return(0);
+                if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
+                    return(0);
+                }
+        if (path != NULL)
+                {
+                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+                if (lookup == NULL) return(0);
+                if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
+                    return(0);
+                }
+        if ((path == NULL) && (file == NULL))
+                return(0);
+        return(1);
+        }
+
+#endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
new file mode 100644
index 0000000000..e0ac151a76
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_def.c
@@ -0,0 +1,81 @@
+/* crypto/x509/x509_def.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+const char *X509_get_default_private_dir(void)
+        { return(X509_PRIVATE_DIR); }
+        
+const char *X509_get_default_cert_area(void)
+        { return(X509_CERT_AREA); }
+
+const char *X509_get_default_cert_dir(void)
+        { return(X509_CERT_DIR); }
+
+const char *X509_get_default_cert_file(void)
+        { return(X509_CERT_FILE); }
+
+const char *X509_get_default_cert_dir_env(void)
+        { return(X509_CERT_DIR_EVP); }
+
+const char *X509_get_default_cert_file_env(void)
+        { return(X509_CERT_FILE_EVP); }
+
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
new file mode 100644
index 0000000000..5bbf4acf76
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -0,0 +1,156 @@
+/* crypto/x509/x509_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA X509_str_functs[]=
+        {
+{ERR_PACK(0,X509_F_ADD_CERT_DIR,0),     "ADD_CERT_DIR"},
+{ERR_PACK(0,X509_F_BY_FILE_CTRL,0),     "BY_FILE_CTRL"},
+{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
+{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0),      "GET_CERT_BY_SUBJECT"},
+{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
+{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
+{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0),   "X509v3_add_ext"},
+{ERR_PACK(0,X509_F_X509_ADD_ATTR,0),    "X509_ADD_ATTR"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0),     "X509_ATTRIBUTE_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0),     "X509_ATTRIBUTE_create_by_OBJ"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0),     "X509_ATTRIBUTE_create_by_txt"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
+{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0),   "X509_check_private_key"},
+{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),     "X509_EXTENSION_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),     "X509_EXTENSION_create_by_OBJ"},
+{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),       "X509_get_pubkey_parameters"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0),  "X509_load_cert_crl_file"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),      "X509_load_cert_file"},
+{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),       "X509_load_crl_file"},
+{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0),      "X509_NAME_add_entry"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0),    "X509_NAME_ENTRY_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0),    "X509_NAME_ENTRY_create_by_txt"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0),       "X509_NAME_ENTRY_set_object"},
+{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0),        "X509_NAME_oneline"},
+{ERR_PACK(0,X509_F_X509_NAME_PRINT,0),  "X509_NAME_print"},
+{ERR_PACK(0,X509_F_X509_PRINT_FP,0),    "X509_print_fp"},
+{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0),  "X509_PUBKEY_get"},
+{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0),  "X509_PUBKEY_set"},
+{ERR_PACK(0,X509_F_X509_REQ_PRINT,0),   "X509_REQ_print"},
+{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0),        "X509_REQ_print_fp"},
+{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),      "X509_STORE_add_cert"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),       "X509_STORE_add_crl"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0),      "X509_STORE_CTX_init"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0),       "X509_STORE_CTX_new"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0),   "X509_STORE_CTX_purpose_inherit"},
+{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
+{ERR_PACK(0,X509_F_X509_TRUST_ADD,0),   "X509_TRUST_add"},
+{ERR_PACK(0,X509_F_X509_TRUST_SET,0),   "X509_TRUST_set"},
+{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA X509_str_reasons[]=
+        {
+{X509_R_BAD_X509_FILETYPE                ,"bad x509 filetype"},
+{X509_R_BASE64_DECODE_ERROR              ,"base64 decode error"},
+{X509_R_CANT_CHECK_DH_KEY                ,"cant check dh key"},
+{X509_R_CERT_ALREADY_IN_HASH_TABLE       ,"cert already in hash table"},
+{X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
+{X509_R_INVALID_DIRECTORY                ,"invalid directory"},
+{X509_R_INVALID_FIELD_NAME               ,"invalid field name"},
+{X509_R_INVALID_TRUST                    ,"invalid trust"},
+{X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
+{X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
+{X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
+{X509_R_LOADING_DEFAULTS                 ,"loading defaults"},
+{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY     ,"no cert set for us to verify"},
+{X509_R_SHOULD_RETRY                     ,"should retry"},
+{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
+{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY   ,"unable to get certs public key"},
+{X509_R_UNKNOWN_KEY_TYPE                 ,"unknown key type"},
+{X509_R_UNKNOWN_NID                      ,"unknown nid"},
+{X509_R_UNKNOWN_PURPOSE_ID               ,"unknown purpose id"},
+{X509_R_UNKNOWN_TRUST_ID                 ,"unknown trust id"},
+{X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},
+{X509_R_WRONG_LOOKUP_TYPE                ,"wrong lookup type"},
+{X509_R_WRONG_TYPE                       ,"wrong type"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_X509_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_X509,X509_str_functs);
+                ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c
new file mode 100644
index 0000000000..e7fdacb5e4
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_ext.c
@@ -0,0 +1,210 @@
+/* crypto/x509/x509_ext.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+
+int X509_CRL_get_ext_count(X509_CRL *x)
+        {
+        return(X509v3_get_ext_count(x->crl->extensions));
+        }
+
+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
+        {
+        return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
+        }
+
+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
+        {
+        return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
+        }
+
+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
+        {
+        return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
+        }
+
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
+        {
+        return(X509v3_get_ext(x->crl->extensions,loc));
+        }
+
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
+        {
+        return(X509v3_delete_ext(x->crl->extensions,loc));
+        }
+
+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
+{
+        return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
+}
+
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+{
+        return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+}
+
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+        {
+        return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
+        }
+
+int X509_get_ext_count(X509 *x)
+        {
+        return(X509v3_get_ext_count(x->cert_info->extensions));
+        }
+
+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
+        {
+        return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
+        }
+
+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
+        {
+        return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
+        }
+
+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
+        {
+        return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
+        }
+
+X509_EXTENSION *X509_get_ext(X509 *x, int loc)
+        {
+        return(X509v3_get_ext(x->cert_info->extensions,loc));
+        }
+
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
+        {
+        return(X509v3_delete_ext(x->cert_info->extensions,loc));
+        }
+
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+        {
+        return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
+        }
+
+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
+{
+        return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
+}
+
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+{
+        return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
+                                                        flags);
+}
+
+int X509_REVOKED_get_ext_count(X509_REVOKED *x)
+        {
+        return(X509v3_get_ext_count(x->extensions));
+        }
+
+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
+        {
+        return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
+        }
+
+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+             int lastpos)
+        {
+        return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
+        }
+
+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
+        {
+        return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
+        }
+
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
+        {
+        return(X509v3_get_ext(x->extensions,loc));
+        }
+
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
+        {
+        return(X509v3_delete_ext(x->extensions,loc));
+        }
+
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
+        {
+        return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
+        }
+
+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
+{
+        return X509V3_get_d2i(x->extensions, nid, crit, idx);
+}
+
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                                                        unsigned long flags)
+{
+        return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
+
+IMPLEMENT_STACK_OF(X509_EXTENSION)
+IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
new file mode 100644
index 0000000000..b780dae5e2
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -0,0 +1,557 @@
+/* crypto/x509/x509_lu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
+        {
+        X509_LOOKUP *ret;
+
+        ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
+        if (ret == NULL) return NULL;
+
+        ret->init=0;
+        ret->skip=0;
+        ret->method=method;
+        ret->method_data=NULL;
+        ret->store_ctx=NULL;
+        if ((method->new_item != NULL) && !method->new_item(ret))
+                {
+                OPENSSL_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
+        {
+        if (ctx == NULL) return;
+        if (    (ctx->method != NULL) &&
+                (ctx->method->free != NULL))
+                ctx->method->free(ctx);
+        OPENSSL_free(ctx);
+        }
+
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
+        {
+        if (ctx->method == NULL) return 0;
+        if (ctx->method->init != NULL)
+                return ctx->method->init(ctx);
+        else
+                return 1;
+        }
+
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
+        {
+        if (ctx->method == NULL) return 0;
+        if (ctx->method->shutdown != NULL)
+                return ctx->method->shutdown(ctx);
+        else
+                return 1;
+        }
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+             char **ret)
+        {
+        if (ctx->method == NULL) return -1;
+        if (ctx->method->ctrl != NULL)
+                return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
+        else
+                return 1;
+        }
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+             X509_OBJECT *ret)
+        {
+        if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+                return X509_LU_FAIL;
+        if (ctx->skip) return 0;
+        return ctx->method->get_by_subject(ctx,type,name,ret);
+        }
+
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+             ASN1_INTEGER *serial, X509_OBJECT *ret)
+        {
+        if ((ctx->method == NULL) ||
+                (ctx->method->get_by_issuer_serial == NULL))
+                return X509_LU_FAIL;
+        return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
+        }
+
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+             unsigned char *bytes, int len, X509_OBJECT *ret)
+        {
+        if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+                return X509_LU_FAIL;
+        return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
+        }
+
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+             X509_OBJECT *ret)
+        {
+        if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+                return X509_LU_FAIL;
+        return ctx->method->get_by_alias(ctx,type,str,len,ret);
+        }
+
+  
+static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
+        {
+        int ret;
+
+        ret=((*a)->type - (*b)->type);
+        if (ret) return ret;
+        switch ((*a)->type)
+                {
+        case X509_LU_X509:
+                ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
+                break;
+        case X509_LU_CRL:
+                ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
+                break;
+        default:
+                /* abort(); */
+                return 0;
+                }
+        return ret;
+        }
+
+X509_STORE *X509_STORE_new(void)
+        {
+        X509_STORE *ret;
+
+        if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+                return NULL;
+        ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
+        ret->cache=1;
+        ret->get_cert_methods=sk_X509_LOOKUP_new_null();
+        ret->verify=0;
+        ret->verify_cb=0;
+
+        ret->purpose = 0;
+        ret->trust = 0;
+
+        ret->flags = 0;
+
+        ret->get_issuer = 0;
+        ret->check_issued = 0;
+        ret->check_revocation = 0;
+        ret->get_crl = 0;
+        ret->check_crl = 0;
+        ret->cert_crl = 0;
+        ret->cleanup = 0;
+
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+        ret->references=1;
+        ret->depth=0;
+        return ret;
+        }
+
+static void cleanup(X509_OBJECT *a)
+        {
+        if (a->type == X509_LU_X509)
+                {
+                X509_free(a->data.x509);
+                }
+        else if (a->type == X509_LU_CRL)
+                {
+                X509_CRL_free(a->data.crl);
+                }
+        else
+                {
+                /* abort(); */
+                }
+
+        OPENSSL_free(a);
+        }
+
+void X509_STORE_free(X509_STORE *vfy)
+        {
+        int i;
+        STACK_OF(X509_LOOKUP) *sk;
+        X509_LOOKUP *lu;
+
+        if (vfy == NULL)
+            return;
+
+        sk=vfy->get_cert_methods;
+        for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
+                {
+                lu=sk_X509_LOOKUP_value(sk,i);
+                X509_LOOKUP_shutdown(lu);
+                X509_LOOKUP_free(lu);
+                }
+        sk_X509_LOOKUP_free(sk);
+        sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+        OPENSSL_free(vfy);
+        }
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+        {
+        int i;
+        STACK_OF(X509_LOOKUP) *sk;
+        X509_LOOKUP *lu;
+
+        sk=v->get_cert_methods;
+        for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
+                {
+                lu=sk_X509_LOOKUP_value(sk,i);
+                if (m == lu->method)
+                        {
+                        return lu;
+                        }
+                }
+        /* a new one */
+        lu=X509_LOOKUP_new(m);
+        if (lu == NULL)
+                return NULL;
+        else
+                {
+                lu->store_ctx=v;
+                if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
+                        return lu;
+                else
+                        {
+                        X509_LOOKUP_free(lu);
+                        return NULL;
+                        }
+                }
+        }
+
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+             X509_OBJECT *ret)
+        {
+        X509_STORE *ctx=vs->ctx;
+        X509_LOOKUP *lu;
+        X509_OBJECT stmp,*tmp;
+        int i,j;
+
+        tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
+
+        if (tmp == NULL)
+                {
+                for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
+                        {
+                        lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
+                        j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
+                        if (j < 0)
+                                {
+                                vs->current_method=j;
+                                return j;
+                                }
+                        else if (j)
+                                {
+                                tmp= &stmp;
+                                break;
+                                }
+                        }
+                vs->current_method=0;
+                if (tmp == NULL)
+                        return 0;
+                }
+
+/*      if (ret->data.ptr != NULL)
+                X509_OBJECT_free_contents(ret); */
+
+        ret->type=tmp->type;
+        ret->data.ptr=tmp->data.ptr;
+
+        X509_OBJECT_up_ref_count(ret);
+
+        return 1;
+        }
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+        {
+        X509_OBJECT *obj;
+        int ret=1;
+
+        if (x == NULL) return 0;
+        obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        obj->type=X509_LU_X509;
+        obj->data.x509=x;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+        X509_OBJECT_up_ref_count(obj);
+
+
+        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+                {
+                X509_OBJECT_free_contents(obj);
+                OPENSSL_free(obj);
+                X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                ret=0;
+                } 
+        else sk_X509_OBJECT_push(ctx->objs, obj);
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+        return ret;
+        }
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+        {
+        X509_OBJECT *obj;
+        int ret=1;
+
+        if (x == NULL) return 0;
+        obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        obj->type=X509_LU_CRL;
+        obj->data.crl=x;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+        X509_OBJECT_up_ref_count(obj);
+
+        if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+                {
+                X509_OBJECT_free_contents(obj);
+                OPENSSL_free(obj);
+                X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+                ret=0;
+                }
+        else sk_X509_OBJECT_push(ctx->objs, obj);
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+        return ret;
+        }
+
+void X509_OBJECT_up_ref_count(X509_OBJECT *a)
+        {
+        switch (a->type)
+                {
+        case X509_LU_X509:
+                CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
+                break;
+        case X509_LU_CRL:
+                CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+                break;
+                }
+        }
+
+void X509_OBJECT_free_contents(X509_OBJECT *a)
+        {
+        switch (a->type)
+                {
+        case X509_LU_X509:
+                X509_free(a->data.x509);
+                break;
+        case X509_LU_CRL:
+                X509_CRL_free(a->data.crl);
+                break;
+                }
+        }
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+             X509_NAME *name)
+        {
+        X509_OBJECT stmp;
+        X509 x509_s;
+        X509_CINF cinf_s;
+        X509_CRL crl_s;
+        X509_CRL_INFO crl_info_s;
+
+        stmp.type=type;
+        switch (type)
+                {
+        case X509_LU_X509:
+                stmp.data.x509= &x509_s;
+                x509_s.cert_info= &cinf_s;
+                cinf_s.subject=name;
+                break;
+        case X509_LU_CRL:
+                stmp.data.crl= &crl_s;
+                crl_s.crl= &crl_info_s;
+                crl_info_s.issuer=name;
+                break;
+        default:
+                /* abort(); */
+                return -1;
+                }
+
+        return sk_X509_OBJECT_find(h,&stmp);
+        }
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+             X509_NAME *name)
+{
+        int idx;
+        idx = X509_OBJECT_idx_by_subject(h, type, name);
+        if (idx==-1) return NULL;
+        return sk_X509_OBJECT_value(h, idx);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
+{
+        int idx, i;
+        X509_OBJECT *obj;
+        idx = sk_X509_OBJECT_find(h, x);
+        if (idx == -1) return NULL;
+        if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+        for (i = idx; i < sk_X509_OBJECT_num(h); i++)
+                {
+                obj = sk_X509_OBJECT_value(h, i);
+                if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+                        return NULL;
+                if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+                        return obj;
+                }
+        return NULL;
+}
+
+
+/* Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all 
+ * matches.
+ *
+ * Return values are:
+ *  1 lookup successful.
+ *  0 certificate not found.
+ * -1 some other error.
+ */
+
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+        X509_NAME *xn;
+        X509_OBJECT obj, *pobj;
+        int i, ok, idx;
+        xn=X509_get_issuer_name(x);
+        ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
+        if (ok != X509_LU_X509)
+                {
+                if (ok == X509_LU_RETRY)
+                        {
+                        X509_OBJECT_free_contents(&obj);
+                        X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
+                        return -1;
+                        }
+                else if (ok != X509_LU_FAIL)
+                        {
+                        X509_OBJECT_free_contents(&obj);
+                        /* not good :-(, break anyway */
+                        return -1;
+                        }
+                return 0;
+                }
+        /* If certificate matches all OK */
+        if (ctx->check_issued(ctx, x, obj.data.x509))
+                {
+                *issuer = obj.data.x509;
+                return 1;
+                }
+        X509_OBJECT_free_contents(&obj);
+        /* Else find index of first matching cert */
+        idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+        /* This shouldn't normally happen since we already have one match */
+        if (idx == -1) return 0;
+
+        /* Look through all matching certificates for a suitable issuer */
+        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
+                {
+                pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+                /* See if we've ran out of matches */
+                if (pobj->type != X509_LU_X509) return 0;
+                if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
+                if (ctx->check_issued(ctx, x, pobj->data.x509))
+                        {
+                        *issuer = pobj->data.x509;
+                        X509_OBJECT_up_ref_count(pobj);
+                        return 1;
+                        }
+                }
+        return 0;
+}
+
+void X509_STORE_set_flags(X509_STORE *ctx, long flags)
+        {
+        ctx->flags |= flags;
+        }
+
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+        {
+        return X509_PURPOSE_set(&ctx->purpose, purpose);
+        }
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+        {
+        return X509_TRUST_set(&ctx->trust, trust);
+        }
+
+IMPLEMENT_STACK_OF(X509_LOOKUP)
+IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
new file mode 100644
index 0000000000..1e718f76eb
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -0,0 +1,226 @@
+/* crypto/x509/x509_obj.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
+
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+        {
+        X509_NAME_ENTRY *ne;
+int i;
+        int n,lold,l,l1,l2,num,j,type;
+        const char *s;
+        char *p;
+        unsigned char *q;
+        BUF_MEM *b=NULL;
+        static char hex[17]="0123456789ABCDEF";
+        int gs_doit[4];
+        char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+        char ebcdic_buf[1024];
+#endif
+
+        if (buf == NULL)
+                {
+                if ((b=BUF_MEM_new()) == NULL) goto err;
+                if (!BUF_MEM_grow(b,200)) goto err;
+                b->data[0]='\0';
+                len=200;
+                }
+        if (a == NULL)
+            {
+            if(b)
+                {
+                buf=b->data;
+                OPENSSL_free(b);
+                }
+            strncpy(buf,"NO X509_NAME",len);
+            buf[len-1]='\0';
+            return buf;
+            }
+
+        len--; /* space for '\0' */
+        l=0;
+        for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
+                {
+                ne=sk_X509_NAME_ENTRY_value(a->entries,i);
+                n=OBJ_obj2nid(ne->object);
+                if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
+                        {
+                        i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
+                        s=tmp_buf;
+                        }
+                l1=strlen(s);
+
+                type=ne->value->type;
+                num=ne->value->length;
+                q=ne->value->data;
+#ifdef CHARSET_EBCDIC
+                if (type == V_ASN1_GENERALSTRING ||
+                    type == V_ASN1_VISIBLESTRING ||
+                    type == V_ASN1_PRINTABLESTRING ||
+                    type == V_ASN1_TELETEXSTRING ||
+                    type == V_ASN1_VISIBLESTRING ||
+                    type == V_ASN1_IA5STRING) {
+                        ascii2ebcdic(ebcdic_buf, q,
+                                     (num > sizeof ebcdic_buf)
+                                     ? sizeof ebcdic_buf : num);
+                        q=ebcdic_buf;
+                }
+#endif
+
+                if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
+                        {
+                        gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
+                        for (j=0; j<num; j++)
+                                if (q[j] != 0) gs_doit[j&3]=1;
+
+                        if (gs_doit[0]|gs_doit[1]|gs_doit[2])
+                                gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
+                        else
+                                {
+                                gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
+                                gs_doit[3]=1;
+                                }
+                        }
+                else
+                        gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
+
+                for (l2=j=0; j<num; j++)
+                        {
+                        if (!gs_doit[j&3]) continue;
+                        l2++;
+#ifndef CHARSET_EBCDIC
+                        if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
+#else
+                        if ((os_toascii[q[j]] < os_toascii[' ']) ||
+                            (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
+#endif
+                        }
+
+                lold=l;
+                l+=1+l1+1+l2;
+                if (b != NULL)
+                        {
+                        if (!BUF_MEM_grow(b,l+1)) goto err;
+                        p= &(b->data[lold]);
+                        }
+                else if (l > len)
+                        {
+                        break;
+                        }
+                else
+                        p= &(buf[lold]);
+                *(p++)='/';
+                memcpy(p,s,(unsigned int)l1); p+=l1;
+                *(p++)='=';
+
+#ifndef CHARSET_EBCDIC /* q was assigned above already. */
+                q=ne->value->data;
+#endif
+
+                for (j=0; j<num; j++)
+                        {
+                        if (!gs_doit[j&3]) continue;
+#ifndef CHARSET_EBCDIC
+                        n=q[j];
+                        if ((n < ' ') || (n > '~'))
+                                {
+                                *(p++)='\\';
+                                *(p++)='x';
+                                *(p++)=hex[(n>>4)&0x0f];
+                                *(p++)=hex[n&0x0f];
+                                }
+                        else
+                                *(p++)=n;
+#else
+                        n=os_toascii[q[j]];
+                        if ((n < os_toascii[' ']) ||
+                            (n > os_toascii['~']))
+                                {
+                                *(p++)='\\';
+                                *(p++)='x';
+                                *(p++)=hex[(n>>4)&0x0f];
+                                *(p++)=hex[n&0x0f];
+                                }
+                        else
+                                *(p++)=q[j];
+#endif
+                        }
+                *p='\0';
+                }
+        if (b != NULL)
+                {
+                p=b->data;
+                OPENSSL_free(b);
+                }
+        else
+                p=buf;
+        if (i == 0)
+                *p = '\0';
+        return(p);
+err:
+        X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
+        if (b != NULL) BUF_MEM_free(b);
+        return(NULL);
+        }
+
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
new file mode 100644
index 0000000000..fb8a78dabe
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -0,0 +1,112 @@
+/* crypto/x509/x509_r2x.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
+        {
+        X509 *ret=NULL;
+        X509_CINF *xi=NULL;
+        X509_NAME *xn;
+
+        if ((ret=X509_new()) == NULL)
+                {
+                X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        /* duplicate the request */
+        xi=ret->cert_info;
+
+        if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
+                {
+                if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
+                if (!ASN1_INTEGER_set(xi->version,2)) goto err;
+/*              xi->extensions=ri->attributes; <- bad, should not ever be done
+                ri->attributes=NULL; */
+                }
+
+        xn=X509_REQ_get_subject_name(r);
+        X509_set_subject_name(ret,X509_NAME_dup(xn));
+        X509_set_issuer_name(ret,X509_NAME_dup(xn));
+
+        if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
+                goto err;
+        if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
+                goto err;
+
+        X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
+
+        if (!X509_sign(ret,pkey,EVP_md5()))
+                goto err;
+        if (0)
+                {
+err:
+                X509_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
new file mode 100644
index 0000000000..59fc6ca548
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -0,0 +1,279 @@
+/* crypto/x509/x509_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+        {
+        X509_REQ *ret;
+        X509_REQ_INFO *ri;
+        int i;
+        EVP_PKEY *pktmp;
+
+        ret=X509_REQ_new();
+        if (ret == NULL)
+                {
+                X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        ri=ret->req_info;
+
+        ri->version->length=1;
+        ri->version->data=(unsigned char *)OPENSSL_malloc(1);
+        if (ri->version->data == NULL) goto err;
+        ri->version->data[0]=0; /* version == 0 */
+
+        if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
+                goto err;
+
+        pktmp = X509_get_pubkey(x);
+        i=X509_REQ_set_pubkey(ret,pktmp);
+        EVP_PKEY_free(pktmp);
+        if (!i) goto err;
+
+        if (pkey != NULL)
+                {
+                if (!X509_REQ_sign(ret,pkey,md))
+                        goto err;
+                }
+        return(ret);
+err:
+        X509_REQ_free(ret);
+        return(NULL);
+        }
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
+        {
+        if ((req == NULL) || (req->req_info == NULL))
+                return(NULL);
+        return(X509_PUBKEY_get(req->req_info->pubkey));
+        }
+
+/* It seems several organisations had the same idea of including a list of
+ * extensions in a certificate request. There are at least two OIDs that are
+ * used and there may be more: so the list is configurable.
+ */
+
+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
+
+static int *ext_nids = ext_nid_list;
+
+int X509_REQ_extension_nid(int req_nid)
+{
+        int i, nid;
+        for(i = 0; ; i++) {
+                nid = ext_nids[i];
+                if(nid == NID_undef) return 0;
+                else if (req_nid == nid) return 1;
+        }
+}
+
+int *X509_REQ_get_extension_nids(void)
+{
+        return ext_nids;
+}
+        
+void X509_REQ_set_extension_nids(int *nids)
+{
+        ext_nids = nids;
+}
+
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+        {
+        X509_ATTRIBUTE *attr;
+        ASN1_TYPE *ext = NULL;
+        int idx, *pnid;
+        unsigned char *p;
+
+        if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
+                return(NULL);
+        for (pnid = ext_nids; *pnid != NID_undef; pnid++)
+                {
+                idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
+                if (idx == -1)
+                        continue;
+                attr = X509_REQ_get_attr(req, idx);
+                if(attr->single) ext = attr->value.single;
+                else if(sk_ASN1_TYPE_num(attr->value.set))
+                        ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+                break;
+                }
+        if(!ext || (ext->type != V_ASN1_SEQUENCE))
+                return NULL;
+        p = ext->value.sequence->data;
+        return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
+                        ext->value.sequence->length,
+                        d2i_X509_EXTENSION, X509_EXTENSION_free,
+                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        }
+
+/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid)
+{
+        unsigned char *p = NULL, *q;
+        long len;
+        ASN1_TYPE *at = NULL;
+        X509_ATTRIBUTE *attr = NULL;
+        if(!(at = ASN1_TYPE_new()) ||
+                !(at->value.sequence = ASN1_STRING_new())) goto err;
+
+        at->type = V_ASN1_SEQUENCE;
+        /* Generate encoding of extensions */
+        len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+        if(!(p = OPENSSL_malloc(len))) goto err;
+        q = p;
+        i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
+                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+        at->value.sequence->data = p;
+        p = NULL;
+        at->value.sequence->length = len;
+        if(!(attr = X509_ATTRIBUTE_new())) goto err;
+        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+        if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
+        at = NULL;
+        attr->single = 0;
+        attr->object = OBJ_nid2obj(nid);
+        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
+        return 1;
+        err:
+        if(p) OPENSSL_free(p);
+        X509_ATTRIBUTE_free(attr);
+        ASN1_TYPE_free(at);
+        return 0;
+}
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+        return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
+
+/* Request attribute functions */
+
+int X509_REQ_get_attr_count(const X509_REQ *req)
+{
+        return X509at_get_attr_count(req->req_info->attributes);
+}
+
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
+                          int lastpos)
+{
+        return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
+}
+
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+                          int lastpos)
+{
+        return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+{
+        return X509at_get_attr(req->req_info->attributes, loc);
+}
+
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+{
+        return X509at_delete_attr(req->req_info->attributes, loc);
+}
+
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+{
+        if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
+        return 0;
+}
+
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                        const ASN1_OBJECT *obj, int type,
+                        const unsigned char *bytes, int len)
+{
+        if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
+                                type, bytes, len)) return 1;
+        return 0;
+}
+
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                        int nid, int type,
+                        const unsigned char *bytes, int len)
+{
+        if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
+                                type, bytes, len)) return 1;
+        return 0;
+}
+
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                        const char *attrname, int type,
+                        const unsigned char *bytes, int len)
+{
+        if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
+                                type, bytes, len)) return 1;
+        return 0;
+}
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
new file mode 100644
index 0000000000..aaf61ca062
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -0,0 +1,150 @@
+/* crypto/x509/x509_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_set_version(X509 *x, long version)
+        {
+        if (x == NULL) return(0);
+        if (x->cert_info->version == NULL)
+                {
+                if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
+                        return(0);
+                }
+        return(ASN1_INTEGER_set(x->cert_info->version,version));
+        }
+
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
+        {
+        ASN1_INTEGER *in;
+
+        if (x == NULL) return(0);
+        in=x->cert_info->serialNumber;
+        if (in != serial)
+                {
+                in=M_ASN1_INTEGER_dup(serial);
+                if (in != NULL)
+                        {
+                        M_ASN1_INTEGER_free(x->cert_info->serialNumber);
+                        x->cert_info->serialNumber=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
+        {
+        if ((x == NULL) || (x->cert_info == NULL)) return(0);
+        return(X509_NAME_set(&x->cert_info->issuer,name));
+        }
+
+int X509_set_subject_name(X509 *x, X509_NAME *name)
+        {
+        if ((x == NULL) || (x->cert_info == NULL)) return(0);
+        return(X509_NAME_set(&x->cert_info->subject,name));
+        }
+
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
+        in=x->cert_info->validity->notBefore;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->cert_info->validity->notBefore);
+                        x->cert_info->validity->notBefore=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
+        in=x->cert_info->validity->notAfter;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->cert_info->validity->notAfter);
+                        x->cert_info->validity->notAfter=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
+        {
+        if ((x == NULL) || (x->cert_info == NULL)) return(0);
+        return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
+        }
+
+
+
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
new file mode 100644
index 0000000000..881252608d
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -0,0 +1,287 @@
+/* x509_trs.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+
+static int tr_cmp(const X509_TRUST * const *a,
+                const X509_TRUST * const *b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
+
+/* WARNING: the following table should be kept in order of trust
+ * and without any gaps so we can just subtract the minimum trust
+ * value to get an index into the table
+ */
+
+static X509_TRUST trstandard[] = {
+{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
+{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
+{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
+{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
+};
+
+#define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
+
+IMPLEMENT_STACK_OF(X509_TRUST)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(const X509_TRUST * const *a,
+                const X509_TRUST * const *b)
+{
+        return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
+{
+        int (*oldtrust)(int , X509 *, int);
+        oldtrust = default_trust;
+        default_trust = trust;
+        return oldtrust;
+}
+
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+        X509_TRUST *pt;
+        int idx;
+        if(id == -1) return 1;
+        idx = X509_TRUST_get_by_id(id);
+        if(idx == -1) return default_trust(id, x, flags);
+        pt = X509_TRUST_get0(idx);
+        return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+        if(!trtable) return X509_TRUST_COUNT;
+        return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST * X509_TRUST_get0(int idx)
+{
+        if(idx < 0) return NULL;
+        if(idx < X509_TRUST_COUNT) return trstandard + idx;
+        return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+        X509_TRUST tmp;
+        int idx;
+        if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+                                 return id - X509_TRUST_MIN;
+        tmp.trust = id;
+        if(!trtable) return -1;
+        idx = sk_X509_TRUST_find(trtable, &tmp);
+        if(idx == -1) return -1;
+        return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_set(int *t, int trust)
+{
+        if(X509_TRUST_get_by_id(trust) == -1) {
+                X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+                return 0;
+        }
+        *t = trust;
+        return 1;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+                                        char *name, int arg1, void *arg2)
+{
+        int idx;
+        X509_TRUST *trtmp;
+        /* This is set according to what we change: application can't set it */
+        flags &= ~X509_TRUST_DYNAMIC;
+        /* This will always be set for application modified trust entries */
+        flags |= X509_TRUST_DYNAMIC_NAME;
+        /* Get existing entry if any */
+        idx = X509_TRUST_get_by_id(id);
+        /* Need a new entry */
+        if(idx == -1) {
+                if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
+                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                trtmp->flags = X509_TRUST_DYNAMIC;
+        } else trtmp = X509_TRUST_get0(idx);
+
+        /* OPENSSL_free existing name if dynamic */
+        if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
+        /* dup supplied name */
+        if(!(trtmp->name = BUF_strdup(name))) {
+                X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        /* Keep the dynamic flag of existing entry */
+        trtmp->flags &= X509_TRUST_DYNAMIC;
+        /* Set all other flags */
+        trtmp->flags |= flags;
+
+        trtmp->trust = id;
+        trtmp->check_trust = ck;
+        trtmp->arg1 = arg1;
+        trtmp->arg2 = arg2;
+
+        /* If its a new entry manage the dynamic table */
+        if(idx == -1) {
+                if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                if (!sk_X509_TRUST_push(trtable, trtmp)) {
+                        X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+        }
+        return 1;
+}
+
+static void trtable_free(X509_TRUST *p)
+        {
+        if(!p) return;
+        if (p->flags & X509_TRUST_DYNAMIC) 
+                {
+                if (p->flags & X509_TRUST_DYNAMIC_NAME)
+                        OPENSSL_free(p->name);
+                OPENSSL_free(p);
+                }
+        }
+
+void X509_TRUST_cleanup(void)
+{
+        int i;
+        for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
+        sk_X509_TRUST_pop_free(trtable, trtable_free);
+        trtable = NULL;
+}
+
+int X509_TRUST_get_flags(X509_TRUST *xp)
+{
+        return xp->flags;
+}
+
+char *X509_TRUST_get0_name(X509_TRUST *xp)
+{
+        return xp->name;
+}
+
+int X509_TRUST_get_trust(X509_TRUST *xp)
+{
+        return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+        if(x->aux && (x->aux->trust || x->aux->reject))
+                return obj_trust(trust->arg1, x, flags);
+        /* we don't have any trust settings: for compatibility
+         * we return trusted if it is self signed
+         */
+        return trust_compat(trust, x, flags);
+}
+
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+        if(x->aux) return obj_trust(trust->arg1, x, flags);
+        return X509_TRUST_UNTRUSTED;
+}
+
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
+{
+        X509_check_purpose(x, -1, 0);
+        if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
+        else return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+        ASN1_OBJECT *obj;
+        int i;
+        X509_CERT_AUX *ax;
+        ax = x->aux;
+        if(!ax) return X509_TRUST_UNTRUSTED;
+        if(ax->reject) {
+                for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+                        obj = sk_ASN1_OBJECT_value(ax->reject, i);
+                        if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
+                }
+        }       
+        if(ax->trust) {
+                for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+                        obj = sk_ASN1_OBJECT_value(ax->trust, i);
+                        if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
+                }
+        }
+        return X509_TRUST_UNTRUSTED;
+}
+
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
new file mode 100644
index 0000000000..f19e66a238
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -0,0 +1,165 @@
+/* crypto/x509/x509_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+const char *X509_verify_cert_error_string(long n)
+        {
+        static char buf[100];
+
+        switch ((int)n)
+                {
+        case X509_V_OK:
+                return("ok");
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                return("unable to get issuer certificate");
+        case X509_V_ERR_UNABLE_TO_GET_CRL:
+                return("unable to get certificate CRL");
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+                return("unable to decrypt certificate's signature");
+        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+                return("unable to decrypt CRL's signature");
+        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+                return("unable to decode issuer public key");
+        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+                return("certificate signature failure");
+        case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+                return("CRL signature failure");
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+                return("certificate is not yet valid");
+        case X509_V_ERR_CRL_NOT_YET_VALID:
+                return("CRL is not yet valid");
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+                return("certificate has expired");
+        case X509_V_ERR_CRL_HAS_EXPIRED:
+                return("CRL has expired");
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                return("format error in certificate's notBefore field");
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                return("format error in certificate's notAfter field");
+        case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+                return("format error in CRL's lastUpdate field");
+        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+                return("format error in CRL's nextUpdate field");
+        case X509_V_ERR_OUT_OF_MEM:
+                return("out of memory");
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+                return("self signed certificate");
+        case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+                return("self signed certificate in certificate chain");
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+                return("unable to get local issuer certificate");
+        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+                return("unable to verify the first certificate");
+        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+                return("certificate chain too long");
+        case X509_V_ERR_CERT_REVOKED:
+                return("certificate revoked");
+        case X509_V_ERR_INVALID_CA:
+                return ("invalid CA certificate");
+        case X509_V_ERR_INVALID_NON_CA:
+                return ("invalid non-CA certificate (has CA markings)");
+        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+                return ("path length constraint exceeded");
+        case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+                return("proxy path length constraint exceeded");
+        case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+                return("proxy cerificates not allowed, please set the appropriate flag");
+        case X509_V_ERR_INVALID_PURPOSE:
+                return ("unsupported certificate purpose");
+        case X509_V_ERR_CERT_UNTRUSTED:
+                return ("certificate not trusted");
+        case X509_V_ERR_CERT_REJECTED:
+                return ("certificate rejected");
+        case X509_V_ERR_APPLICATION_VERIFICATION:
+                return("application verification failure");
+        case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+                return("subject issuer mismatch");
+        case X509_V_ERR_AKID_SKID_MISMATCH:
+                return("authority and subject key identifier mismatch");
+        case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+                return("authority and issuer serial number mismatch");
+        case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+                return("key usage does not include certificate signing");
+        case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+                return("unable to get CRL issuer certificate");
+        case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+                return("unhandled critical extension");
+        case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+                return("key usage does not include CRL signing");
+        case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+                return("key usage does not include digital signature");
+        case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+                return("unhandled critical CRL extension");
+        default:
+                BIO_snprintf(buf,sizeof buf,"error number %ld",n);
+                return(buf);
+                }
+        }
+
+
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
new file mode 100644
index 0000000000..67b1796a92
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -0,0 +1,268 @@
+/* crypto/x509/x509_v3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
+        {
+        if (x == NULL) return(0);
+        return(sk_X509_EXTENSION_num(x));
+        }
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+                          int lastpos)
+        {
+        ASN1_OBJECT *obj;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-2);
+        return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
+        }
+
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
+                          int lastpos)
+        {
+        int n;
+        X509_EXTENSION *ex;
+
+        if (sk == NULL) return(-1);
+        lastpos++;
+        if (lastpos < 0)
+                lastpos=0;
+        n=sk_X509_EXTENSION_num(sk);
+        for ( ; lastpos < n; lastpos++)
+                {
+                ex=sk_X509_EXTENSION_value(sk,lastpos);
+                if (OBJ_cmp(ex->object,obj) == 0)
+                        return(lastpos);
+                }
+        return(-1);
+        }
+
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+                               int lastpos)
+        {
+        int n;
+        X509_EXTENSION *ex;
+
+        if (sk == NULL) return(-1);
+        lastpos++;
+        if (lastpos < 0)
+                lastpos=0;
+        n=sk_X509_EXTENSION_num(sk);
+        for ( ; lastpos < n; lastpos++)
+                {
+                ex=sk_X509_EXTENSION_value(sk,lastpos);
+                if (    ((ex->critical > 0) && crit) ||
+                        ((ex->critical <= 0) && !crit))
+                        return(lastpos);
+                }
+        return(-1);
+        }
+
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+        {
+        if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+                return NULL;
+        else
+                return sk_X509_EXTENSION_value(x,loc);
+        }
+
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
+        {
+        X509_EXTENSION *ret;
+
+        if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+                return(NULL);
+        ret=sk_X509_EXTENSION_delete(x,loc);
+        return(ret);
+        }
+
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc)
+        {
+        X509_EXTENSION *new_ex=NULL;
+        int n;
+        STACK_OF(X509_EXTENSION) *sk=NULL;
+
+        if ((x != NULL) && (*x == NULL))
+                {
+                if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
+                        goto err;
+                }
+        else
+                sk= *x;
+
+        n=sk_X509_EXTENSION_num(sk);
+        if (loc > n) loc=n;
+        else if (loc < 0) loc=n;
+
+        if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
+                goto err2;
+        if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
+                goto err;
+        if ((x != NULL) && (*x == NULL))
+                *x=sk;
+        return(sk);
+err:
+        X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
+err2:
+        if (new_ex != NULL) X509_EXTENSION_free(new_ex);
+        if (sk != NULL) sk_X509_EXTENSION_free(sk);
+        return(NULL);
+        }
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+             int crit, ASN1_OCTET_STRING *data)
+        {
+        ASN1_OBJECT *obj;
+        X509_EXTENSION *ret;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                return(NULL);
+                }
+        ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
+        if (ret == NULL) ASN1_OBJECT_free(obj);
+        return(ret);
+        }
+
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+             ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
+        {
+        X509_EXTENSION *ret;
+
+        if ((ex == NULL) || (*ex == NULL))
+                {
+                if ((ret=X509_EXTENSION_new()) == NULL)
+                        {
+                        X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                }
+        else
+                ret= *ex;
+
+        if (!X509_EXTENSION_set_object(ret,obj))
+                goto err;
+        if (!X509_EXTENSION_set_critical(ret,crit))
+                goto err;
+        if (!X509_EXTENSION_set_data(ret,data))
+                goto err;
+        
+        if ((ex != NULL) && (*ex == NULL)) *ex=ret;
+        return(ret);
+err:
+        if ((ex == NULL) || (ret != *ex))
+                X509_EXTENSION_free(ret);
+        return(NULL);
+        }
+
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
+        {
+        if ((ex == NULL) || (obj == NULL))
+                return(0);
+        ASN1_OBJECT_free(ex->object);
+        ex->object=OBJ_dup(obj);
+        return(1);
+        }
+
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
+        {
+        if (ex == NULL) return(0);
+        ex->critical=(crit)?0xFF:-1;
+        return(1);
+        }
+
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+        {
+        int i;
+
+        if (ex == NULL) return(0);
+        i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
+        if (!i) return(0);
+        return(1);
+        }
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
+        {
+        if (ex == NULL) return(NULL);
+        return(ex->object);
+        }
+
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
+        {
+        if (ex == NULL) return(NULL);
+        return(ex->value);
+        }
+
+int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
+        {
+        if (ex == NULL) return(0);
+        if(ex->critical > 0) return 1;
+        return 0;
+        }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
new file mode 100644
index 0000000000..e43c861ee7
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -0,0 +1,1333 @@
+/* crypto/x509/x509_vfy.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+
+static int null_callback(int ok,X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
+static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
+static int internal_verify(X509_STORE_CTX *ctx);
+const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
+
+
+static int null_callback(int ok, X509_STORE_CTX *e)
+        {
+        return ok;
+        }
+
+#if 0
+static int x509_subject_cmp(X509 **a, X509 **b)
+        {
+        return X509_subject_name_cmp(*a,*b);
+        }
+#endif
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+        {
+        X509 *x,*xtmp,*chain_ss=NULL;
+        X509_NAME *xn;
+        int depth,i,ok=0;
+        int num;
+        int (*cb)();
+        STACK_OF(X509) *sktmp=NULL;
+
+        if (ctx->cert == NULL)
+                {
+                X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+                return -1;
+                }
+
+        cb=ctx->verify_cb;
+
+        /* first we make sure the chain we are going to build is
+         * present and that the first entry is in place */
+        if (ctx->chain == NULL)
+                {
+                if (    ((ctx->chain=sk_X509_new_null()) == NULL) ||
+                        (!sk_X509_push(ctx->chain,ctx->cert)))
+                        {
+                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                        goto end;
+                        }
+                CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
+                ctx->last_untrusted=1;
+                }
+
+        /* We use a temporary STACK so we can chop and hack at it */
+        if (ctx->untrusted != NULL
+            && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
+                {
+                X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                goto end;
+                }
+
+        num=sk_X509_num(ctx->chain);
+        x=sk_X509_value(ctx->chain,num-1);
+        depth=ctx->depth;
+
+
+        for (;;)
+                {
+                /* If we have enough, we break */
+                if (depth < num) break; /* FIXME: If this happens, we should take
+                                         * note of it and, if appropriate, use the
+                                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error
+                                         * code later.
+                                         */
+
+                /* If we are self signed, we break */
+                xn=X509_get_issuer_name(x);
+                if (ctx->check_issued(ctx, x,x)) break;
+
+                /* If we were passed a cert chain, use it first */
+                if (ctx->untrusted != NULL)
+                        {
+                        xtmp=find_issuer(ctx, sktmp,x);
+                        if (xtmp != NULL)
+                                {
+                                if (!sk_X509_push(ctx->chain,xtmp))
+                                        {
+                                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                                        goto end;
+                                        }
+                                CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
+                                sk_X509_delete_ptr(sktmp,xtmp);
+                                ctx->last_untrusted++;
+                                x=xtmp;
+                                num++;
+                                /* reparse the full chain for
+                                 * the next one */
+                                continue;
+                                }
+                        }
+                break;
+                }
+
+        /* at this point, chain should contain a list of untrusted
+         * certificates.  We now need to add at least one trusted one,
+         * if possible, otherwise we complain. */
+
+        /* Examine last certificate in chain and see if it
+         * is self signed.
+         */
+
+        i=sk_X509_num(ctx->chain);
+        x=sk_X509_value(ctx->chain,i-1);
+        xn = X509_get_subject_name(x);
+        if (ctx->check_issued(ctx, x, x))
+                {
+                /* we have a self signed certificate */
+                if (sk_X509_num(ctx->chain) == 1)
+                        {
+                        /* We have a single self signed certificate: see if
+                         * we can find it in the store. We must have an exact
+                         * match to avoid possible impersonation.
+                         */
+                        ok = ctx->get_issuer(&xtmp, ctx, x);
+                        if ((ok <= 0) || X509_cmp(x, xtmp)) 
+                                {
+                                ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+                                ctx->current_cert=x;
+                                ctx->error_depth=i-1;
+                                if (ok == 1) X509_free(xtmp);
+                                ok=cb(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        else 
+                                {
+                                /* We have a match: replace certificate with store version
+                                 * so we get any trust settings.
+                                 */
+                                X509_free(x);
+                                x = xtmp;
+                                sk_X509_set(ctx->chain, i - 1, x);
+                                ctx->last_untrusted=0;
+                                }
+                        }
+                else
+                        {
+                        /* extract and save self signed certificate for later use */
+                        chain_ss=sk_X509_pop(ctx->chain);
+                        ctx->last_untrusted--;
+                        num--;
+                        x=sk_X509_value(ctx->chain,num-1);
+                        }
+                }
+
+        /* We now lookup certs from the certificate store */
+        for (;;)
+                {
+                /* If we have enough, we break */
+                if (depth < num) break;
+
+                /* If we are self signed, we break */
+                xn=X509_get_issuer_name(x);
+                if (ctx->check_issued(ctx,x,x)) break;
+
+                ok = ctx->get_issuer(&xtmp, ctx, x);
+
+                if (ok < 0) return ok;
+                if (ok == 0) break;
+
+                x = xtmp;
+                if (!sk_X509_push(ctx->chain,x))
+                        {
+                        X509_free(xtmp);
+                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                num++;
+                }
+
+        /* we now have our chain, lets check it... */
+        xn=X509_get_issuer_name(x);
+
+        /* Is last certificate looked up self signed? */
+        if (!ctx->check_issued(ctx,x,x))
+                {
+                if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
+                        {
+                        if (ctx->last_untrusted >= num)
+                                ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+                        else
+                                ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+                        ctx->current_cert=x;
+                        }
+                else
+                        {
+
+                        sk_X509_push(ctx->chain,chain_ss);
+                        num++;
+                        ctx->last_untrusted=num;
+                        ctx->current_cert=chain_ss;
+                        ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+                        chain_ss=NULL;
+                        }
+
+                ctx->error_depth=num-1;
+                ok=cb(0,ctx);
+                if (!ok) goto end;
+                }
+
+        /* We have the chain complete: now we need to check its purpose */
+        ok = check_chain_extensions(ctx);
+
+        if (!ok) goto end;
+
+        /* The chain extensions are OK: check trust */
+
+        if (ctx->trust > 0) ok = check_trust(ctx);
+
+        if (!ok) goto end;
+
+        /* We may as well copy down any DSA parameters that are required */
+        X509_get_pubkey_parameters(NULL,ctx->chain);
+
+        /* Check revocation status: we do this after copying parameters
+         * because they may be needed for CRL signature verification.
+         */
+
+        ok = ctx->check_revocation(ctx);
+        if(!ok) goto end;
+
+        /* At this point, we have a chain and just need to verify it */
+        if (ctx->verify != NULL)
+                ok=ctx->verify(ctx);
+        else
+                ok=internal_verify(ctx);
+        if (0)
+                {
+end:
+                X509_get_pubkey_parameters(NULL,ctx->chain);
+                }
+        if (sktmp != NULL) sk_X509_free(sktmp);
+        if (chain_ss != NULL) X509_free(chain_ss);
+        return ok;
+        }
+
+
+/* Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+        int i;
+        X509 *issuer;
+        for (i = 0; i < sk_X509_num(sk); i++)
+                {
+                issuer = sk_X509_value(sk, i);
+                if (ctx->check_issued(ctx, x, issuer))
+                        return issuer;
+                }
+        return NULL;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+        int ret;
+        ret = X509_check_issued(issuer, x);
+        if (ret == X509_V_OK)
+                return 1;
+        /* If we haven't asked for issuer errors don't set ctx */
+        if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+                return 0;
+
+        ctx->error = ret;
+        ctx->current_cert = x;
+        ctx->current_issuer = issuer;
+        return ctx->verify_cb(0, ctx);
+        return 0;
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+        *issuer = find_issuer(ctx, ctx->other_ctx, x);
+        if (*issuer)
+                {
+                CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
+                return 1;
+                }
+        else
+                return 0;
+}
+
+
+/* Check a certificate chains extensions for consistency
+ * with the supplied purpose
+ */
+
+static int check_chain_extensions(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+        return 1;
+#else
+        int i, ok=0, must_be_ca;
+        X509 *x;
+        int (*cb)();
+        int proxy_path_length = 0;
+        int allow_proxy_certs = !!(ctx->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+        cb=ctx->verify_cb;
+
+        /* must_be_ca can have 1 of 3 values:
+           -1: we accept both CA and non-CA certificates, to allow direct
+               use of self-signed certificates (which are marked as CA).
+           0:  we only accept non-CA certificates.  This is currently not
+               used, but the possibility is present for future extensions.
+           1:  we only accept CA certificates.  This is currently used for
+               all certificates in the chain except the leaf certificate.
+        */
+        must_be_ca = -1;
+
+        /* A hack to keep people who don't want to modify their software
+           happy */
+        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+                allow_proxy_certs = 1;
+
+        /* Check all untrusted certificates */
+        for (i = 0; i < ctx->last_untrusted; i++)
+                {
+                int ret;
+                x = sk_X509_value(ctx->chain, i);
+                if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                        && (x->ex_flags & EXFLAG_CRITICAL))
+                        {
+                        ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+                        ctx->error_depth = i;
+                        ctx->current_cert = x;
+                        ok=cb(0,ctx);
+                        if (!ok) goto end;
+                        }
+                if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
+                        {
+                        ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
+                        ctx->error_depth = i;
+                        ctx->current_cert = x;
+                        ok=cb(0,ctx);
+                        if (!ok) goto end;
+                        }
+                ret = X509_check_ca(x);
+                switch(must_be_ca)
+                        {
+                case -1:
+                        if ((ctx->flags & X509_V_FLAG_X509_STRICT)
+                                && (ret != 1) && (ret != 0))
+                                {
+                                ret = 0;
+                                ctx->error = X509_V_ERR_INVALID_CA;
+                                }
+                        else
+                                ret = 1;
+                        break;
+                case 0:
+                        if (ret != 0)
+                                {
+                                ret = 0;
+                                ctx->error = X509_V_ERR_INVALID_NON_CA;
+                                }
+                        else
+                                ret = 1;
+                        break;
+                default:
+                        if ((ret == 0)
+                                || ((ctx->flags & X509_V_FLAG_X509_STRICT)
+                                        && (ret != 1)))
+                                {
+                                ret = 0;
+                                ctx->error = X509_V_ERR_INVALID_CA;
+                                }
+                        else
+                                ret = 1;
+                        break;
+                        }
+                if (ret == 0)
+                        {
+                        ctx->error_depth = i;
+                        ctx->current_cert = x;
+                        ok=cb(0,ctx);
+                        if (!ok) goto end;
+                        }
+                if (ctx->purpose > 0)
+                        {
+                        ret = X509_check_purpose(x, ctx->purpose,
+                                must_be_ca > 0);
+                        if ((ret == 0)
+                                || ((ctx->flags & X509_V_FLAG_X509_STRICT)
+                                        && (ret != 1)))
+                                {
+                                ctx->error = X509_V_ERR_INVALID_PURPOSE;
+                                ctx->error_depth = i;
+                                ctx->current_cert = x;
+                                ok=cb(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        }
+                /* Check pathlen */
+                if ((i > 1) && (x->ex_pathlen != -1)
+                           && (i > (x->ex_pathlen + proxy_path_length + 1)))
+                        {
+                        ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
+                        ctx->error_depth = i;
+                        ctx->current_cert = x;
+                        ok=cb(0,ctx);
+                        if (!ok) goto end;
+                        }
+                /* If this certificate is a proxy certificate, the next
+                   certificate must be another proxy certificate or a EE
+                   certificate.  If not, the next certificate must be a
+                   CA certificate.  */
+                if (x->ex_flags & EXFLAG_PROXY)
+                        {
+                        PROXY_CERT_INFO_EXTENSION *pci =
+                                X509_get_ext_d2i(x, NID_proxyCertInfo,
+                                        NULL, NULL);
+                        if (pci->pcPathLengthConstraint &&
+                                ASN1_INTEGER_get(pci->pcPathLengthConstraint)
+                                < i)
+                                {
+                                PROXY_CERT_INFO_EXTENSION_free(pci);
+                                ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
+                                ctx->error_depth = i;
+                                ctx->current_cert = x;
+                                ok=cb(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        PROXY_CERT_INFO_EXTENSION_free(pci);
+                        proxy_path_length++;
+                        must_be_ca = 0;
+                        }
+                else
+                        must_be_ca = 1;
+                }
+        ok = 1;
+ end:
+        return ok;
+#endif
+}
+
+static int check_trust(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+        return 1;
+#else
+        int i, ok;
+        X509 *x;
+        int (*cb)();
+        cb=ctx->verify_cb;
+/* For now just check the last certificate in the chain */
+        i = sk_X509_num(ctx->chain) - 1;
+        x = sk_X509_value(ctx->chain, i);
+        ok = X509_check_trust(x, ctx->trust, 0);
+        if (ok == X509_TRUST_TRUSTED)
+                return 1;
+        ctx->error_depth = i;
+        ctx->current_cert = x;
+        if (ok == X509_TRUST_REJECTED)
+                ctx->error = X509_V_ERR_CERT_REJECTED;
+        else
+                ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+        ok = cb(0, ctx);
+        return ok;
+#endif
+}
+
+static int check_revocation(X509_STORE_CTX *ctx)
+        {
+        int i, last, ok;
+        if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
+                return 1;
+        if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
+                last = sk_X509_num(ctx->chain) - 1;
+        else
+                last = 0;
+        for(i = 0; i <= last; i++)
+                {
+                ctx->error_depth = i;
+                ok = check_cert(ctx);
+                if (!ok) return ok;
+                }
+        return 1;
+        }
+
+static int check_cert(X509_STORE_CTX *ctx)
+        {
+        X509_CRL *crl = NULL;
+        X509 *x;
+        int ok, cnum;
+        cnum = ctx->error_depth;
+        x = sk_X509_value(ctx->chain, cnum);
+        ctx->current_cert = x;
+        /* Try to retrieve relevant CRL */
+        ok = ctx->get_crl(ctx, &crl, x);
+        /* If error looking up CRL, nothing we can do except
+         * notify callback
+         */
+        if(!ok)
+                {
+                ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                ok = ctx->verify_cb(0, ctx);
+                goto err;
+                }
+        ctx->current_crl = crl;
+        ok = ctx->check_crl(ctx, crl);
+        if (!ok) goto err;
+        ok = ctx->cert_crl(ctx, crl, x);
+        err:
+        ctx->current_crl = NULL;
+        X509_CRL_free(crl);
+        return ok;
+
+        }
+
+/* Retrieve CRL corresponding to certificate: currently just a
+ * subject lookup: maybe use AKID later...
+ * Also might look up any included CRLs too (e.g PKCS#7 signedData).
+ */
+static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
+        {
+        int ok;
+        X509_OBJECT xobj;
+        ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
+        if (!ok) return 0;
+        *crl = xobj.data.crl;
+        return 1;
+        }
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+        {
+        X509 *issuer = NULL;
+        EVP_PKEY *ikey = NULL;
+        int ok = 0, chnum, cnum, i;
+        time_t *ptime;
+        cnum = ctx->error_depth;
+        chnum = sk_X509_num(ctx->chain) - 1;
+        /* Find CRL issuer: if not last certificate then issuer
+         * is next certificate in chain.
+         */
+        if(cnum < chnum)
+                issuer = sk_X509_value(ctx->chain, cnum + 1);
+        else
+                {
+                issuer = sk_X509_value(ctx->chain, chnum);
+                /* If not self signed, can't check signature */
+                if(!ctx->check_issued(ctx, issuer, issuer))
+                        {
+                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+                        ok = ctx->verify_cb(0, ctx);
+                        if(!ok) goto err;
+                        }
+                }
+
+        if(issuer)
+                {
+                /* Check for cRLSign bit if keyUsage present */
+                if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+                        !(issuer->ex_kusage & KU_CRL_SIGN))
+                        {
+                        ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+                        ok = ctx->verify_cb(0, ctx);
+                        if(!ok) goto err;
+                        }
+
+                /* Attempt to get issuer certificate public key */
+                ikey = X509_get_pubkey(issuer);
+
+                if(!ikey)
+                        {
+                        ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+                else
+                        {
+                        /* Verify CRL signature */
+                        if(X509_CRL_verify(crl, ikey) <= 0)
+                                {
+                                ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
+                                ok = ctx->verify_cb(0, ctx);
+                                if (!ok) goto err;
+                                }
+                        }
+                }
+
+        /* OK, CRL signature valid check times */
+        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+                ptime = &ctx->check_time;
+        else
+                ptime = NULL;
+
+        i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+        if (i == 0)
+                {
+                ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok) goto err;
+                }
+
+        if (i > 0)
+                {
+                ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok) goto err;
+                }
+
+        if(X509_CRL_get_nextUpdate(crl))
+                {
+                i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+
+                if (i == 0)
+                        {
+                        ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+
+                if (i < 0)
+                        {
+                        ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+                }
+
+        ok = 1;
+
+        err:
+        EVP_PKEY_free(ikey);
+        return ok;
+        }
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+        {
+        int idx, ok;
+        X509_REVOKED rtmp;
+        STACK_OF(X509_EXTENSION) *exts;
+        X509_EXTENSION *ext;
+        /* Look for serial number of certificate in CRL */
+        rtmp.serialNumber = X509_get_serialNumber(x);
+        /* Sort revoked into serial number order if not already sorted.
+         * Do this under a lock to avoid race condition.
+         */
+        if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+                sk_X509_REVOKED_sort(crl->crl->revoked);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+                }
+        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+        /* If found assume revoked: want something cleverer than
+         * this to handle entry extensions in V2 CRLs.
+         */
+        if(idx >= 0)
+                {
+                ctx->error = X509_V_ERR_CERT_REVOKED;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok) return 0;
+                }
+
+        if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                return 1;
+
+        /* See if we have any critical CRL extensions: since we
+         * currently don't handle any CRL extensions the CRL must be
+         * rejected. 
+         * This code accesses the X509_CRL structure directly: applications
+         * shouldn't do this.
+         */
+
+        exts = crl->crl->extensions;
+
+        for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
+                {
+                ext = sk_X509_EXTENSION_value(exts, idx);
+                if (ext->critical > 0)
+                        {
+                        ctx->error =
+                                X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+                        ok = ctx->verify_cb(0, ctx);
+                        if(!ok) return 0;
+                        break;
+                        }
+                }
+        return 1;
+        }
+
+static int internal_verify(X509_STORE_CTX *ctx)
+        {
+        int i,ok=0,n;
+        X509 *xs,*xi;
+        EVP_PKEY *pkey=NULL;
+        time_t *ptime;
+        int (*cb)();
+
+        cb=ctx->verify_cb;
+
+        n=sk_X509_num(ctx->chain);
+        ctx->error_depth=n-1;
+        n--;
+        xi=sk_X509_value(ctx->chain,n);
+        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+                ptime = &ctx->check_time;
+        else
+                ptime = NULL;
+        if (ctx->check_issued(ctx, xi, xi))
+                xs=xi;
+        else
+                {
+                if (n <= 0)
+                        {
+                        ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+                        ctx->current_cert=xi;
+                        ok=cb(0,ctx);
+                        goto end;
+                        }
+                else
+                        {
+                        n--;
+                        ctx->error_depth=n;
+                        xs=sk_X509_value(ctx->chain,n);
+                        }
+                }
+
+/*      ctx->error=0;  not needed */
+        while (n >= 0)
+                {
+                ctx->error_depth=n;
+                if (!xs->valid)
+                        {
+                        if ((pkey=X509_get_pubkey(xi)) == NULL)
+                                {
+                                ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+                                ctx->current_cert=xi;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        else if (X509_verify(xs,pkey) <= 0)
+                                /* XXX  For the final trusted self-signed cert,
+                                 * this is a waste of time.  That check should
+                                 * optional so that e.g. 'openssl x509' can be
+                                 * used to detect invalid self-signatures, but
+                                 * we don't verify again and again in SSL
+                                 * handshakes and the like once the cert has
+                                 * been declared trusted. */
+                                {
+                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok)
+                                        {
+                                        EVP_PKEY_free(pkey);
+                                        goto end;
+                                        }
+                                }
+                        EVP_PKEY_free(pkey);
+                        pkey=NULL;
+
+                        i=X509_cmp_time(X509_get_notBefore(xs), ptime);
+                        if (i == 0)
+                                {
+                                ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        if (i > 0)
+                                {
+                                ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        xs->valid=1;
+                        }
+
+                i=X509_cmp_time(X509_get_notAfter(xs), ptime);
+                if (i == 0)
+                        {
+                        ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+                        ctx->current_cert=xs;
+                        ok=(*cb)(0,ctx);
+                        if (!ok) goto end;
+                        }
+
+                if (i < 0)
+                        {
+                        ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
+                        ctx->current_cert=xs;
+                        ok=(*cb)(0,ctx);
+                        if (!ok) goto end;
+                        }
+
+                /* The last error (if any) is still in the error value */
+                ctx->current_issuer=xi;
+                ctx->current_cert=xs;
+                ok=(*cb)(1,ctx);
+                if (!ok) goto end;
+
+                n--;
+                if (n >= 0)
+                        {
+                        xi=xs;
+                        xs=sk_X509_value(ctx->chain,n);
+                        }
+                }
+        ok=1;
+end:
+        return ok;
+        }
+
+int X509_cmp_current_time(ASN1_TIME *ctm)
+{
+        return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
+        {
+        char *str;
+        ASN1_TIME atm;
+        long offset;
+        char buff1[24],buff2[24],*p;
+        int i,j;
+
+        p=buff1;
+        i=ctm->length;
+        str=(char *)ctm->data;
+        if (ctm->type == V_ASN1_UTCTIME)
+                {
+                if ((i < 11) || (i > 17)) return 0;
+                memcpy(p,str,10);
+                p+=10;
+                str+=10;
+                }
+        else
+                {
+                if (i < 13) return 0;
+                memcpy(p,str,12);
+                p+=12;
+                str+=12;
+                }
+
+        if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+                { *(p++)='0'; *(p++)='0'; }
+        else
+                { 
+                *(p++)= *(str++);
+                *(p++)= *(str++);
+                /* Skip any fractional seconds... */
+                if (*str == '.')
+                        {
+                        str++;
+                        while ((*str >= '0') && (*str <= '9')) str++;
+                        }
+                
+                }
+        *(p++)='Z';
+        *(p++)='\0';
+
+        if (*str == 'Z')
+                offset=0;
+        else
+                {
+                if ((*str != '+') && (str[5] != '-'))
+                        return 0;
+                offset=((str[1]-'0')*10+(str[2]-'0'))*60;
+                offset+=(str[3]-'0')*10+(str[4]-'0');
+                if (*str == '-')
+                        offset= -offset;
+                }
+        atm.type=ctm->type;
+        atm.length=sizeof(buff2);
+        atm.data=(unsigned char *)buff2;
+
+        if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
+                return 0;
+
+        if (ctm->type == V_ASN1_UTCTIME)
+                {
+                i=(buff1[0]-'0')*10+(buff1[1]-'0');
+                if (i < 50) i+=100; /* cf. RFC 2459 */
+                j=(buff2[0]-'0')*10+(buff2[1]-'0');
+                if (j < 50) j+=100;
+
+                if (i < j) return -1;
+                if (i > j) return 1;
+                }
+        i=strcmp(buff1,buff2);
+        if (i == 0) /* wait a second then return younger :-) */
+                return -1;
+        else
+                return i;
+        }
+
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+        return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
+        {
+        time_t t;
+        int type = -1;
+
+        if (in_tm) t = *in_tm;
+        else time(&t);
+
+        t+=adj;
+        if (s) type = s->type;
+        if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+        if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+        return ASN1_TIME_set(s, t);
+        }
+
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
+        {
+        EVP_PKEY *ktmp=NULL,*ktmp2;
+        int i,j;
+
+        if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
+
+        for (i=0; i<sk_X509_num(chain); i++)
+                {
+                ktmp=X509_get_pubkey(sk_X509_value(chain,i));
+                if (ktmp == NULL)
+                        {
+                        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+                        return 0;
+                        }
+                if (!EVP_PKEY_missing_parameters(ktmp))
+                        break;
+                else
+                        {
+                        EVP_PKEY_free(ktmp);
+                        ktmp=NULL;
+                        }
+                }
+        if (ktmp == NULL)
+                {
+                X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+                return 0;
+                }
+
+        /* first, populate the other certs */
+        for (j=i-1; j >= 0; j--)
+                {
+                ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
+                EVP_PKEY_copy_parameters(ktmp2,ktmp);
+                EVP_PKEY_free(ktmp2);
+                }
+        
+        if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
+        EVP_PKEY_free(ktmp);
+        return 1;
+        }
+
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        /* This function is (usually) called only once, by
+         * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+                        new_func, dup_func, free_func);
+        }
+
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+        {
+        return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
+        }
+
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+        {
+        return CRYPTO_get_ex_data(&ctx->ex_data,idx);
+        }
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+        {
+        return ctx->error;
+        }
+
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+        {
+        ctx->error=err;
+        }
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+        {
+        return ctx->error_depth;
+        }
+
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+        {
+        return ctx->current_cert;
+        }
+
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
+        {
+        return ctx->chain;
+        }
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+        {
+        int i;
+        X509 *x;
+        STACK_OF(X509) *chain;
+        if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+        for (i = 0; i < sk_X509_num(chain); i++)
+                {
+                x = sk_X509_value(chain, i);
+                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+                }
+        return chain;
+        }
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+        {
+        ctx->cert=x;
+        }
+
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+        {
+        ctx->untrusted=sk;
+        }
+
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
+        {
+        return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+        }
+
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
+        {
+        return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+        }
+
+/* This function is used to set the X509_STORE_CTX purpose and trust
+ * values. This is intended to be used when another structure has its
+ * own trust and purpose values which (if set) will be inherited by
+ * the ctx. If they aren't set then we will usually have a default
+ * purpose in mind which should then be used to set the trust value.
+ * An example of this is SSL use: an SSL structure will have its own
+ * purpose and trust settings which the application can set: if they
+ * aren't set then we use the default of SSL client/server.
+ */
+
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                int purpose, int trust)
+{
+        int idx;
+        /* If purpose not set use default */
+        if (!purpose) purpose = def_purpose;
+        /* If we have a purpose then check it is valid */
+        if (purpose)
+                {
+                X509_PURPOSE *ptmp;
+                idx = X509_PURPOSE_get_by_id(purpose);
+                if (idx == -1)
+                        {
+                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                                                X509_R_UNKNOWN_PURPOSE_ID);
+                        return 0;
+                        }
+                ptmp = X509_PURPOSE_get0(idx);
+                if (ptmp->trust == X509_TRUST_DEFAULT)
+                        {
+                        idx = X509_PURPOSE_get_by_id(def_purpose);
+                        if (idx == -1)
+                                {
+                                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                                                X509_R_UNKNOWN_PURPOSE_ID);
+                                return 0;
+                                }
+                        ptmp = X509_PURPOSE_get0(idx);
+                        }
+                /* If trust not set then get from purpose default */
+                if (!trust) trust = ptmp->trust;
+                }
+        if (trust)
+                {
+                idx = X509_TRUST_get_by_id(trust);
+                if (idx == -1)
+                        {
+                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                                                X509_R_UNKNOWN_TRUST_ID);
+                        return 0;
+                        }
+                }
+
+        if (purpose && !ctx->purpose) ctx->purpose = purpose;
+        if (trust && !ctx->trust) ctx->trust = trust;
+        return 1;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+        X509_STORE_CTX *ctx;
+        ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+        if (!ctx)
+                {
+                X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        memset(ctx, 0, sizeof(X509_STORE_CTX));
+        return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+        X509_STORE_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+}
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+             STACK_OF(X509) *chain)
+        {
+        ctx->ctx=store;
+        ctx->current_method=0;
+        ctx->cert=x509;
+        ctx->untrusted=chain;
+        ctx->last_untrusted=0;
+        ctx->check_time=0;
+        ctx->other_ctx=NULL;
+        ctx->valid=0;
+        ctx->chain=NULL;
+        ctx->depth=9;
+        ctx->error=0;
+        ctx->error_depth=0;
+        ctx->current_cert=NULL;
+        ctx->current_issuer=NULL;
+
+        /* Inherit callbacks and flags from X509_STORE if not set
+         * use defaults.
+         */
+
+
+        if (store)
+                {
+                ctx->purpose=store->purpose;
+                ctx->trust=store->trust;
+                ctx->flags = store->flags;
+                ctx->cleanup = store->cleanup;
+                }
+        else
+                {
+                ctx->purpose = 0;
+                ctx->trust = 0;
+                ctx->flags = 0;
+                ctx->cleanup = 0;
+                }
+
+        if (store && store->check_issued)
+                ctx->check_issued = store->check_issued;
+        else
+                ctx->check_issued = check_issued;
+
+        if (store && store->get_issuer)
+                ctx->get_issuer = store->get_issuer;
+        else
+                ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+        if (store && store->verify_cb)
+                ctx->verify_cb = store->verify_cb;
+        else
+                ctx->verify_cb = null_callback;
+
+        if (store && store->verify)
+                ctx->verify = store->verify;
+        else
+                ctx->verify = internal_verify;
+
+        if (store && store->check_revocation)
+                ctx->check_revocation = store->check_revocation;
+        else
+                ctx->check_revocation = check_revocation;
+
+        if (store && store->get_crl)
+                ctx->get_crl = store->get_crl;
+        else
+                ctx->get_crl = get_crl;
+
+        if (store && store->check_crl)
+                ctx->check_crl = store->check_crl;
+        else
+                ctx->check_crl = check_crl;
+
+        if (store && store->cert_crl)
+                ctx->cert_crl = store->cert_crl;
+        else
+                ctx->cert_crl = cert_crl;
+
+
+        /* This memset() can't make any sense anyway, so it's removed. As
+         * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+         * corresponding "new" here and remove this bogus initialisation. */
+        /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+        if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                                &(ctx->ex_data)))
+                {
+                OPENSSL_free(ctx);
+                X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        return 1;
+        }
+
+/* Set alternative lookup method: just a STACK of trusted certificates.
+ * This avoids X509_STORE nastiness where it isn't needed.
+ */
+
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+        ctx->other_ctx = sk;
+        ctx->get_issuer = get_issuer_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+        {
+        if (ctx->cleanup) ctx->cleanup(ctx);
+        if (ctx->chain != NULL)
+                {
+                sk_X509_pop_free(ctx->chain,X509_free);
+                ctx->chain=NULL;
+                }
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+        }
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
+        {
+        ctx->flags |= flags;
+        }
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
+        {
+        ctx->check_time = t;
+        ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
+        }
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *))
+        {
+        ctx->verify_cb=verify_cb;
+        }
+
+IMPLEMENT_STACK_OF(X509)
+IMPLEMENT_ASN1_SET_OF(X509)
+
+IMPLEMENT_STACK_OF(X509_NAME)
+
+IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
new file mode 100644
index 0000000000..7fd1f0bc4d
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -0,0 +1,422 @@
+/* crypto/x509/x509_vfy.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_X509_H
+#include <openssl/x509.h>
+/* openssl/x509.h ends up #include-ing this file at about the only
+ * appropriate moment. */
+#endif
+
+#ifndef HEADER_X509_VFY_H
+#define HEADER_X509_VFY_H
+
+#ifndef OPENSSL_NO_LHASH
+#include <openssl/lhash.h>
+#endif
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Outer object */
+typedef struct x509_hash_dir_st
+        {
+        int num_dirs;
+        char **dirs;
+        int *dirs_type;
+        int num_dirs_alloced;
+        } X509_HASH_DIR_CTX;
+
+typedef struct x509_file_st
+        {
+        int num_paths;  /* number of paths to files or directories */
+        int num_alloced;
+        char **paths;   /* the list of paths or directories */
+        int *path_type;
+        } X509_CERT_FILE_CTX;
+
+/*******************************/
+/*
+SSL_CTX -> X509_STORE    
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+ 
+SSL     -> X509_STORE_CTX
+                ->X509_STORE    
+
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+
+#define X509_LU_RETRY           -1
+#define X509_LU_FAIL            0
+#define X509_LU_X509            1
+#define X509_LU_CRL             2
+#define X509_LU_PKEY            3
+
+typedef struct x509_object_st
+        {
+        /* one of the above types */
+        int type;
+        union   {
+                char *ptr;
+                X509 *x509;
+                X509_CRL *crl;
+                EVP_PKEY *pkey;
+                } data;
+        } X509_OBJECT;
+
+typedef struct x509_lookup_st X509_LOOKUP;
+
+DECLARE_STACK_OF(X509_LOOKUP)
+DECLARE_STACK_OF(X509_OBJECT)
+
+/* This is a static that defines the function interface */
+typedef struct x509_lookup_method_st
+        {
+        const char *name;
+        int (*new_item)(X509_LOOKUP *ctx);
+        void (*free)(X509_LOOKUP *ctx);
+        int (*init)(X509_LOOKUP *ctx);
+        int (*shutdown)(X509_LOOKUP *ctx);
+        int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
+                        char **ret);
+        int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+                              X509_OBJECT *ret);
+        int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+                                    ASN1_INTEGER *serial,X509_OBJECT *ret);
+        int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
+                                  unsigned char *bytes,int len,
+                                  X509_OBJECT *ret);
+        int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
+                            X509_OBJECT *ret);
+        } X509_LOOKUP_METHOD;
+
+/* This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify'
+ * function is then called to actually check the cert chain. */
+struct x509_store_st
+        {
+        /* The following is a cache of trusted certs */
+        int cache;      /* if true, stash any hits */
+        STACK_OF(X509_OBJECT) *objs;    /* Cache of all objects */
+
+        /* These are external lookup methods */
+        STACK_OF(X509_LOOKUP) *get_cert_methods;
+
+        /* The following fields are not used by X509_STORE but are
+         * inherited by X509_STORE_CTX when it is initialised.
+         */
+
+        unsigned long flags;    /* Various verify flags */
+        int purpose;
+        int trust;
+        /* Callbacks for various operations */
+        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
+        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);   /* error callback */
+        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
+        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+        int (*cleanup)(X509_STORE_CTX *ctx);
+
+        CRYPTO_EX_DATA ex_data;
+        int references;
+        int depth;              /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
+        } /* X509_STORE */;
+
+#define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
+
+#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
+#define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st
+        {
+        int init;                       /* have we been started */
+        int skip;                       /* don't use us. */
+        X509_LOOKUP_METHOD *method;     /* the functions */
+        char *method_data;              /* method data */
+
+        X509_STORE *store_ctx;  /* who owns us */
+        } /* X509_LOOKUP */;
+
+/* This is a used when verifying cert chains.  Since the
+ * gathering of the cert chain can take some time (and have to be
+ * 'retried', this needs to be kept and passed around. */
+struct x509_store_ctx_st      /* X509_STORE_CTX */
+        {
+        X509_STORE *ctx;
+        int current_method;     /* used when looking up certs */
+
+        /* The following are set by the caller */
+        X509 *cert;             /* The cert to check */
+        STACK_OF(X509) *untrusted;      /* chain of X509s - untrusted - passed in */
+        int purpose;            /* purpose to check untrusted certificates */
+        int trust;              /* trust setting to check */
+        time_t  check_time;     /* time to make verify at */
+        unsigned long flags;    /* Various verify flags */
+        void *other_ctx;        /* Other info for use with get_issuer() */
+
+        /* Callbacks for various operations */
+        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
+        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);           /* error callback */
+        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
+        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+        int (*cleanup)(X509_STORE_CTX *ctx);
+
+        /* The following is built up */
+        int depth;              /* how far to go looking up certs */
+        int valid;              /* if 0, rebuild chain */
+        int last_untrusted;     /* index of last untrusted cert */
+        STACK_OF(X509) *chain;          /* chain of X509s - built up and trusted */
+
+        /* When something goes wrong, this is why */
+        int error_depth;
+        int error;
+        X509 *current_cert;
+        X509 *current_issuer;   /* cert currently being tested as valid issuer */
+        X509_CRL *current_crl;  /* current CRL */
+
+        CRYPTO_EX_DATA ex_data;
+        } /* X509_STORE_CTX */;
+
+#define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
+
+#define X509_STORE_CTX_set_app_data(ctx,data) \
+        X509_STORE_CTX_set_ex_data(ctx,0,data)
+#define X509_STORE_CTX_get_app_data(ctx) \
+        X509_STORE_CTX_get_ex_data(ctx,0)
+
+#define X509_L_FILE_LOAD        1
+#define X509_L_ADD_DIR          2
+
+#define X509_LOOKUP_load_file(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+
+#define X509_LOOKUP_add_dir(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+
+#define         X509_V_OK                                       0
+/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
+
+#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
+#define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
+#define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
+#define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
+#define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
+#define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
+#define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
+#define         X509_V_ERR_CERT_NOT_YET_VALID                   9
+#define         X509_V_ERR_CERT_HAS_EXPIRED                     10
+#define         X509_V_ERR_CRL_NOT_YET_VALID                    11
+#define         X509_V_ERR_CRL_HAS_EXPIRED                      12
+#define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
+#define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
+#define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
+#define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
+#define         X509_V_ERR_OUT_OF_MEM                           17
+#define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
+#define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
+#define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
+#define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
+#define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
+#define         X509_V_ERR_CERT_REVOKED                         23
+#define         X509_V_ERR_INVALID_CA                           24
+#define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
+#define         X509_V_ERR_INVALID_PURPOSE                      26
+#define         X509_V_ERR_CERT_UNTRUSTED                       27
+#define         X509_V_ERR_CERT_REJECTED                        28
+/* These are 'informational' when looking for issuer cert */
+#define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
+#define         X509_V_ERR_AKID_SKID_MISMATCH                   30
+#define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
+#define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
+
+#define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+#define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
+#define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
+#define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
+#define         X509_V_ERR_INVALID_NON_CA                       37
+#define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+#define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+#define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
+
+/* The application is not happy */
+#define         X509_V_ERR_APPLICATION_VERIFICATION             50
+
+/* Certificate verify flags */
+
+/* Send issuer+subject checks to verify_cb */
+#define X509_V_FLAG_CB_ISSUER_CHECK             0x1
+/* Use check time instead of current time */
+#define X509_V_FLAG_USE_CHECK_TIME              0x2
+/* Lookup CRLs */
+#define X509_V_FLAG_CRL_CHECK                   0x4
+/* Lookup CRLs for whole chain */
+#define X509_V_FLAG_CRL_CHECK_ALL               0x8
+/* Ignore unhandled critical extensions */
+#define X509_V_FLAG_IGNORE_CRITICAL             0x10
+/* Disable workarounds for broken certificates */
+#define X509_V_FLAG_X509_STRICT                 0x20
+/* Enable proxy certificate validation */
+#define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+             X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
+void X509_OBJECT_up_ref_count(X509_OBJECT *a);
+void X509_OBJECT_free_contents(X509_OBJECT *a);
+X509_STORE *X509_STORE_new(void );
+void X509_STORE_free(X509_STORE *v);
+
+void X509_STORE_set_flags(X509_STORE *ctx, long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                         X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
+        X509_OBJECT *ret);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+        long argl, char **ret);
+
+#ifndef OPENSSL_NO_STDIO
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+#endif
+
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+        X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+        ASN1_INTEGER *serial, X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+        unsigned char *bytes, int len, X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
+        int len, X509_OBJECT *ret);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+#ifndef OPENSSL_NO_STDIO
+int     X509_STORE_load_locations (X509_STORE *ctx,
+                const char *file, const char *dir);
+int     X509_STORE_set_default_paths(X509_STORE *ctx);
+#endif
+
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int     X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
+void *  X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
+int     X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void    X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
+int     X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+X509 *  X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+void    X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
+void    X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  int (*verify_cb)(int, X509_STORE_CTX *));
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c
new file mode 100644
index 0000000000..9d1646d5c8
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509cset.c
@@ -0,0 +1,170 @@
+/* crypto/x509/x509cset.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+        {
+        if (x == NULL) return(0);
+        if (x->crl->version == NULL)
+                {
+                if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
+                        return(0);
+                }
+        return(ASN1_INTEGER_set(x->crl->version,version));
+        }
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+        {
+        if ((x == NULL) || (x->crl == NULL)) return(0);
+        return(X509_NAME_set(&x->crl->issuer,name));
+        }
+
+
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if (x == NULL) return(0);
+        in=x->crl->lastUpdate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->crl->lastUpdate);
+                        x->crl->lastUpdate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if (x == NULL) return(0);
+        in=x->crl->nextUpdate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->crl->nextUpdate);
+                        x->crl->nextUpdate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_CRL_sort(X509_CRL *c)
+        {
+        int i;
+        X509_REVOKED *r;
+        /* sort the data so it will be written in serial
+         * number order */
+        sk_X509_REVOKED_sort(c->crl->revoked);
+        for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
+                {
+                r=sk_X509_REVOKED_value(c->crl->revoked,i);
+                r->sequence=i;
+                }
+        c->crl->enc.modified = 1;
+        return 1;
+        }
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+        {
+        ASN1_TIME *in;
+
+        if (x == NULL) return(0);
+        in=x->revocationDate;
+        if (in != tm)
+                {
+                in=M_ASN1_TIME_dup(tm);
+                if (in != NULL)
+                        {
+                        M_ASN1_TIME_free(x->revocationDate);
+                        x->revocationDate=in;
+                        }
+                }
+        return(in != NULL);
+        }
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+        {
+        ASN1_INTEGER *in;
+
+        if (x == NULL) return(0);
+        in=x->serialNumber;
+        if (in != serial)
+                {
+                in=M_ASN1_INTEGER_dup(serial);
+                if (in != NULL)
+                        {
+                        M_ASN1_INTEGER_free(x->serialNumber);
+                        x->serialNumber=in;
+                        }
+                }
+        return(in != NULL);
+        }
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
new file mode 100644
index 0000000000..068abfe5f0
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -0,0 +1,383 @@
+/* crypto/x509/x509name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
+        {
+        ASN1_OBJECT *obj;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-1);
+        return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
+        }
+
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
+             int len)
+        {
+        int i;
+        ASN1_STRING *data;
+
+        i=X509_NAME_get_index_by_OBJ(name,obj,-1);
+        if (i < 0) return(-1);
+        data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
+        i=(data->length > (len-1))?(len-1):data->length;
+        if (buf == NULL) return(data->length);
+        memcpy(buf,data->data,i);
+        buf[i]='\0';
+        return(i);
+        }
+
+int X509_NAME_entry_count(X509_NAME *name)
+        {
+        if (name == NULL) return(0);
+        return(sk_X509_NAME_ENTRY_num(name->entries));
+        }
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
+        {
+        ASN1_OBJECT *obj;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL) return(-2);
+        return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
+        }
+
+/* NOTE: you should be passsing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+             int lastpos)
+        {
+        int n;
+        X509_NAME_ENTRY *ne;
+        STACK_OF(X509_NAME_ENTRY) *sk;
+
+        if (name == NULL) return(-1);
+        if (lastpos < 0)
+                lastpos= -1;
+        sk=name->entries;
+        n=sk_X509_NAME_ENTRY_num(sk);
+        for (lastpos++; lastpos < n; lastpos++)
+                {
+                ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
+                if (OBJ_cmp(ne->object,obj) == 0)
+                        return(lastpos);
+                }
+        return(-1);
+        }
+
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
+        {
+        if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+           || loc < 0)
+                return(NULL);
+        else
+                return(sk_X509_NAME_ENTRY_value(name->entries,loc));
+        }
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
+        {
+        X509_NAME_ENTRY *ret;
+        int i,n,set_prev,set_next;
+        STACK_OF(X509_NAME_ENTRY) *sk;
+
+        if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+            || loc < 0)
+                return(NULL);
+        sk=name->entries;
+        ret=sk_X509_NAME_ENTRY_delete(sk,loc);
+        n=sk_X509_NAME_ENTRY_num(sk);
+        name->modified=1;
+        if (loc == n) return(ret);
+
+        /* else we need to fixup the set field */
+        if (loc != 0)
+                set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
+        else
+                set_prev=ret->set-1;
+        set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
+
+        /* set_prev is the previous set
+         * set is the current set
+         * set_next is the following
+         * prev  1 1    1 1     1 1     1 1
+         * set   1      1       2       2
+         * next  1 1    2 2     2 2     3 2
+         * so basically only if prev and next differ by 2, then
+         * re-number down by 1 */
+        if (set_prev+1 < set_next)
+                for (i=loc; i<n; i++)
+                        sk_X509_NAME_ENTRY_value(sk,i)->set--;
+        return(ret);
+        }
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
+                        unsigned char *bytes, int len, int loc, int set)
+{
+        X509_NAME_ENTRY *ne;
+        int ret;
+        ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
+        if(!ne) return 0;
+        ret = X509_NAME_add_entry(name, ne, loc, set);
+        X509_NAME_ENTRY_free(ne);
+        return ret;
+}
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                        unsigned char *bytes, int len, int loc, int set)
+{
+        X509_NAME_ENTRY *ne;
+        int ret;
+        ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+        if(!ne) return 0;
+        ret = X509_NAME_add_entry(name, ne, loc, set);
+        X509_NAME_ENTRY_free(ne);
+        return ret;
+}
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                        const unsigned char *bytes, int len, int loc, int set)
+{
+        X509_NAME_ENTRY *ne;
+        int ret;
+        ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+        if(!ne) return 0;
+        ret = X509_NAME_add_entry(name, ne, loc, set);
+        X509_NAME_ENTRY_free(ne);
+        return ret;
+}
+
+/* if set is -1, append to previous set, 0 'a new one', and 1,
+ * prepend to the guy we are about to stomp on. */
+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
+             int set)
+        {
+        X509_NAME_ENTRY *new_name=NULL;
+        int n,i,inc;
+        STACK_OF(X509_NAME_ENTRY) *sk;
+
+        if (name == NULL) return(0);
+        sk=name->entries;
+        n=sk_X509_NAME_ENTRY_num(sk);
+        if (loc > n) loc=n;
+        else if (loc < 0) loc=n;
+
+        name->modified=1;
+
+        if (set == -1)
+                {
+                if (loc == 0)
+                        {
+                        set=0;
+                        inc=1;
+                        }
+                else
+                        {
+                        set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
+                        inc=0;
+                        }
+                }
+        else /* if (set >= 0) */
+                {
+                if (loc >= n)
+                        {
+                        if (loc != 0)
+                                set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
+                        else
+                                set=0;
+                        }
+                else
+                        set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
+                inc=(set == 0)?1:0;
+                }
+
+        if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
+                goto err;
+        new_name->set=set;
+        if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
+                {
+                X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (inc)
+                {
+                n=sk_X509_NAME_ENTRY_num(sk);
+                for (i=loc+1; i<n; i++)
+                        sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
+                }       
+        return(1);
+err:
+        if (new_name != NULL)
+                X509_NAME_ENTRY_free(new_name);
+        return(0);
+        }
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                const char *field, int type, const unsigned char *bytes, int len)
+        {
+        ASN1_OBJECT *obj;
+        X509_NAME_ENTRY *nentry;
+
+        obj=OBJ_txt2obj(field, 0);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
+                                                X509_R_INVALID_FIELD_NAME);
+                ERR_add_error_data(2, "name=", field);
+                return(NULL);
+                }
+        nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
+        ASN1_OBJECT_free(obj);
+        return nentry;
+        }
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+             int type, unsigned char *bytes, int len)
+        {
+        ASN1_OBJECT *obj;
+        X509_NAME_ENTRY *nentry;
+
+        obj=OBJ_nid2obj(nid);
+        if (obj == NULL)
+                {
+                X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                return(NULL);
+                }
+        nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
+        ASN1_OBJECT_free(obj);
+        return nentry;
+        }
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+             ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
+        {
+        X509_NAME_ENTRY *ret;
+
+        if ((ne == NULL) || (*ne == NULL))
+                {
+                if ((ret=X509_NAME_ENTRY_new()) == NULL)
+                        return(NULL);
+                }
+        else
+                ret= *ne;
+
+        if (!X509_NAME_ENTRY_set_object(ret,obj))
+                goto err;
+        if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
+                goto err;
+
+        if ((ne != NULL) && (*ne == NULL)) *ne=ret;
+        return(ret);
+err:
+        if ((ne == NULL) || (ret != *ne))
+                X509_NAME_ENTRY_free(ret);
+        return(NULL);
+        }
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
+        {
+        if ((ne == NULL) || (obj == NULL))
+                {
+                X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        ASN1_OBJECT_free(ne->object);
+        ne->object=OBJ_dup(obj);
+        return((ne->object == NULL)?0:1);
+        }
+
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+             const unsigned char *bytes, int len)
+        {
+        int i;
+
+        if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
+        if((type > 0) && (type & MBSTRING_FLAG)) 
+                return ASN1_STRING_set_by_NID(&ne->value, bytes,
+                                                len, type,
+                                        OBJ_obj2nid(ne->object)) ? 1 : 0;
+        if (len < 0) len=strlen((char *)bytes);
+        i=ASN1_STRING_set(ne->value,bytes,len);
+        if (!i) return(0);
+        if (type != V_ASN1_UNDEF)
+                {
+                if (type == V_ASN1_APP_CHOOSE)
+                        ne->value->type=ASN1_PRINTABLE_type(bytes,len);
+                else
+                        ne->value->type=type;
+                }
+        return(1);
+        }
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
+        {
+        if (ne == NULL) return(NULL);
+        return(ne->object);
+        }
+
+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
+        {
+        if (ne == NULL) return(NULL);
+        return(ne->value);
+        }
+
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c
new file mode 100644
index 0000000000..d9f6b57372
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509rset.c
@@ -0,0 +1,83 @@
+/* crypto/x509/x509rset.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_REQ_set_version(X509_REQ *x, long version)
+        {
+        if (x == NULL) return(0);
+        return(ASN1_INTEGER_set(x->req_info->version,version));
+        }
+
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
+        {
+        if ((x == NULL) || (x->req_info == NULL)) return(0);
+        return(X509_NAME_set(&x->req_info->subject,name));
+        }
+
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
+        {
+        if ((x == NULL) || (x->req_info == NULL)) return(0);
+        return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
+        }
+
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
new file mode 100644
index 0000000000..4c3af946ec
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -0,0 +1,120 @@
+/* x509spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+        if ((x == NULL) || (x->spkac == NULL)) return(0);
+        return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+        if ((x == NULL) || (x->spkac == NULL))
+                return(NULL);
+        return(X509_PUBKEY_get(x->spkac->pubkey));
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+        unsigned char *spki_der, *p;
+        int spki_len;
+        NETSCAPE_SPKI *spki;
+        if(len <= 0) len = strlen(str);
+        if (!(spki_der = OPENSSL_malloc(len + 1))) {
+                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+        if(spki_len < 0) {
+                X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
+                                                X509_R_BASE64_DECODE_ERROR);
+                OPENSSL_free(spki_der);
+                return NULL;
+        }
+        p = spki_der;
+        spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+        OPENSSL_free(spki_der);
+        return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+        unsigned char *der_spki, *p;
+        char *b64_str;
+        int der_len;
+        der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+        der_spki = OPENSSL_malloc(der_len);
+        b64_str = OPENSSL_malloc(der_len * 2);
+        if(!der_spki || !b64_str) {
+                X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        p = der_spki;
+        i2d_NETSCAPE_SPKI(spki, &p);
+        EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+        OPENSSL_free(der_spki);
+        return b64_str;
+}
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
new file mode 100644
index 0000000000..c25959a742
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -0,0 +1,115 @@
+/* crypto/x509/x509type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
+        {
+        EVP_PKEY *pk;
+        int ret=0,i;
+
+        if (x == NULL) return(0);
+
+        if (pkey == NULL)
+                pk=X509_get_pubkey(x);
+        else
+                pk=pkey;
+
+        if (pk == NULL) return(0);
+
+        switch (pk->type)
+                {
+        case EVP_PKEY_RSA:
+                ret=EVP_PK_RSA|EVP_PKT_SIGN;
+/*              if (!sign only extension) */
+                        ret|=EVP_PKT_ENC;
+        break;
+        case EVP_PKEY_DSA:
+                ret=EVP_PK_DSA|EVP_PKT_SIGN;
+                break;
+        case EVP_PKEY_DH:
+                ret=EVP_PK_DH|EVP_PKT_EXCH;
+                break;
+        default:
+                break;
+                }
+
+        i=X509_get_signature_type(x);
+        switch (i)
+                {
+        case EVP_PKEY_RSA:
+                ret|=EVP_PKS_RSA;
+                break;
+        case EVP_PKEY_DSA:
+                ret|=EVP_PKS_DSA;
+                break;
+        default:
+                break;
+                }
+
+        if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
+                                           for, not bytes */
+                ret|=EVP_PKT_EXP;
+        if(pkey==NULL) EVP_PKEY_free(pk);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
new file mode 100644
index 0000000000..ac6dea493a
--- /dev/null
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -0,0 +1,489 @@
+/* crypto/x509/x_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_verify(X509 *a, EVP_PKEY *r)
+        {
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
+                a->signature,a->cert_info,r));
+        }
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
+        {
+        return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+                a->sig_alg,a->signature,a->req_info,r));
+        }
+
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
+        {
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                a->sig_alg, a->signature,a->crl,r));
+        }
+
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
+        {
+        return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+                a->sig_algor,a->signature,a->spkac,r));
+        }
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+        {
+        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
+                x->sig_alg, x->signature, x->cert_info,pkey,md));
+        }
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
+        {
+        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
+                x->signature, x->req_info,pkey,md));
+        }
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
+        {
+        x->crl->enc.modified = 1;
+        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
+                x->sig_alg, x->signature, x->crl,pkey,md));
+        }
+
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
+        {
+        return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
+                x->signature, x->spkac,pkey,md));
+        }
+
+#ifndef OPENSSL_NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
+        {
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
+        }
+
+int i2d_X509_fp(FILE *fp, X509 *x509)
+        {
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
+        }
+#endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
+        {
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
+        }
+
+int i2d_X509_bio(BIO *bp, X509 *x509)
+        {
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
+        {
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+        }
+
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
+        {
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+        }
+#endif
+
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
+        {
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+        }
+
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
+        {
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
+        {
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+        }
+
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
+        {
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+        }
+#endif
+
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
+        {
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+        }
+
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
+        {
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+        }
+
+#ifndef OPENSSL_NO_FP_API
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
+        {
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+        }
+
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
+        {
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+        }
+#endif
+
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
+        {
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+        }
+
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
+        {
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+        }
+
+#ifndef OPENSSL_NO_RSA
+
+#ifndef OPENSSL_NO_FP_API
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
+        {
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+        }
+
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
+        {
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+        }
+
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
+        {
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+        }
+
+
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
+        {
+        return((RSA *)ASN1_d2i_fp((char *(*)())
+                RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
+                (unsigned char **)(rsa)));
+        }
+
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
+        {
+        return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+        }
+
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
+        {
+        return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
+        }
+#endif
+
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
+        {
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+        }
+
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
+        {
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+        }
+
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
+        {
+        return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+        }
+
+
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
+        {
+        return((RSA *)ASN1_d2i_bio((char *(*)())
+                RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
+                (unsigned char **)(rsa)));
+        }
+
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
+        {
+        return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+        }
+
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
+        {
+        return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
+        }
+#endif
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
+        {
+        return((DSA *)ASN1_d2i_fp((char *(*)())
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
+                (unsigned char **)(dsa)));
+        }
+
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
+        {
+        return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
+        }
+
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
+        {
+        return((DSA *)ASN1_d2i_fp((char *(*)())
+                DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
+                (unsigned char **)(dsa)));
+        }
+
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
+        {
+        return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
+        }
+#endif
+
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
+        {
+        return((DSA *)ASN1_d2i_bio((char *(*)())
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
+                (unsigned char **)(dsa)));
+        }
+
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
+        {
+        return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
+        }
+
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
+        {
+        return((DSA *)ASN1_d2i_bio((char *(*)())
+                DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
+                (unsigned char **)(dsa)));
+        }
+
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
+        {
+        return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
+        }
+
+#endif
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+             unsigned int *len)
+        {
+        ASN1_BIT_STRING *key;
+        key = X509_get0_pubkey_bitstr(data);
+        if(!key) return 0;
+        return EVP_Digest(key->data, key->length, md, len, type, NULL);
+        }
+
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+             unsigned int *len)
+        {
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
+        }
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+             unsigned int *len)
+        {
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
+        }
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
+             unsigned int *len)
+        {
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
+        }
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
+             unsigned int *len)
+        {
+        return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
+        }
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
+             unsigned char *md, unsigned int *len)
+        {
+        return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
+                (char *)data,md,len));
+        }
+
+
+#ifndef OPENSSL_NO_FP_API
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+        {
+        return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
+                (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
+        }
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+        {
+        return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
+        }
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+        {
+        return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
+                (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
+        }
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+        {
+        return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
+        }
+
+#ifndef OPENSSL_NO_FP_API
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf)
+        {
+        return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
+                (char *(*)())PKCS8_PRIV_KEY_INFO_new,
+                (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
+                                (unsigned char **)(p8inf)));
+        }
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+        {
+        return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
+        }
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+        {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        int ret;
+        p8inf = EVP_PKEY2PKCS8(key);
+        if(!p8inf) return 0;
+        ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        return ret;
+        }
+
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
+        {
+        return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
+        }
+
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+{
+        return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
+}
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+        {
+        return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
+        }
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+        return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
+}
+
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf)
+        {
+        return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
+                (char *(*)())PKCS8_PRIV_KEY_INFO_new,
+                (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
+                                (unsigned char **)(p8inf)));
+        }
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+        {
+        return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
+        }
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+        {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        int ret;
+        p8inf = EVP_PKEY2PKCS8(key);
+        if(!p8inf) return 0;
+        ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        return ret;
+        }
+
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
+        {
+        return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
+        }
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
+        {
+        return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
+        }
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+        {
+        return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
+        }
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+        {
+        return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
+        }
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl
new file mode 100644
index 0000000000..66df90c346
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/Makefile.ssl
@@ -0,0 +1,603 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR=    x509v3
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+v3_akey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_akey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h v3_akey.c
+v3_akeya.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akeya.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akeya.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akeya.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akeya.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akeya.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akeya.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akeya.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akeya.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_akeya.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akeya.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akeya.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akeya.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_alt.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_alt.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_alt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_alt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_alt.o: ../cryptlib.h v3_alt.c
+v3_bcons.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_bcons.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_bcons.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bcons.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bcons.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bcons.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c
+v3_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c
+v3_conf.o: ../../e_os.h ../../include/openssl/aes.h
+v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
+v3_cpols.o: ../../e_os.h ../../include/openssl/aes.h
+v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_cpols.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_cpols.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_cpols.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_cpols.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_cpols.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c
+v3_crld.o: ../../e_os.h ../../include/openssl/aes.h
+v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_crld.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_crld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_crld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h v3_crld.c
+v3_enum.o: ../../e_os.h ../../include/openssl/aes.h
+v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
+v3_extku.o: ../../e_os.h ../../include/openssl/aes.h
+v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_extku.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_extku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_extku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_extku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c
+v3_genn.o: ../../e_os.h ../../include/openssl/aes.h
+v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_genn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_genn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_genn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h v3_genn.c
+v3_ia5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_ia5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_ia5.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_ia5.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ia5.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ia5.o: ../cryptlib.h v3_ia5.c
+v3_info.o: ../../e_os.h ../../include/openssl/aes.h
+v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_info.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h v3_info.c
+v3_int.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_int.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_int.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_int.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_int.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_int.o: ../cryptlib.h v3_int.c
+v3_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_ocsp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ocsp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_ocsp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_ocsp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ocsp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_ocsp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ocsp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ocsp.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../cryptlib.h v3_ocsp.c
+v3_pku.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_pku.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_prn.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_prn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_prn.o: ../cryptlib.h v3_prn.c
+v3_purp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_purp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
+v3_skey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_skey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
+v3_sxnet.o: ../../e_os.h ../../include/openssl/aes.h
+v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_sxnet.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_sxnet.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_sxnet.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_sxnet.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_sxnet.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c
+v3_utl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_utl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_utl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_utl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_utl.o: ../cryptlib.h v3_utl.c
+v3err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: v3err.c
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
new file mode 100644
index 0000000000..d8328ac468
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -0,0 +1,118 @@
+/* ext_dat.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* This file contains a table of "standard" extensions */
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
+extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+
+/* This table will be searched using OBJ_bsearch so it *must* kept in
+ * order of the ext_nid values.
+ */
+
+static X509V3_EXT_METHOD *standard_exts[] = {
+&v3_nscert,
+&v3_ns_ia5_list[0],
+&v3_ns_ia5_list[1],
+&v3_ns_ia5_list[2],
+&v3_ns_ia5_list[3],
+&v3_ns_ia5_list[4],
+&v3_ns_ia5_list[5],
+&v3_ns_ia5_list[6],
+&v3_skey_id,
+&v3_key_usage,
+&v3_pkey_usage_period,
+&v3_alt[0],
+&v3_alt[1],
+&v3_bcons,
+&v3_crl_num,
+&v3_cpols,
+&v3_akey_id,
+&v3_crld,
+&v3_ext_ku,
+&v3_delta_crl,
+&v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
+&v3_crl_invdate,
+#endif
+&v3_sxnet,
+&v3_info,
+#ifndef OPENSSL_NO_OCSP
+&v3_ocsp_nonce,
+&v3_ocsp_crlid,
+&v3_ocsp_accresp,
+&v3_ocsp_nocheck,
+&v3_ocsp_acutoff,
+&v3_ocsp_serviceloc,
+#endif
+&v3_sinfo,
+#ifndef OPENSSL_NO_OCSP
+&v3_crl_hold,
+#endif
+&v3_pci,
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
+
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
new file mode 100644
index 0000000000..97e686f97a
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -0,0 +1,190 @@
+/* v3_akey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                        AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                        X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_akey_id = {
+NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+0,0,
+NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+             AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
+{
+        char *tmp;
+        if(akeyid->keyid) {
+                tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+                X509V3_add_value("keyid", tmp, &extlist);
+                OPENSSL_free(tmp);
+        }
+        if(akeyid->issuer) 
+                extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+        if(akeyid->serial) {
+                tmp = hex_to_string(akeyid->serial->data,
+                                                 akeyid->serial->length);
+                X509V3_add_value("serial", tmp, &extlist);
+                OPENSSL_free(tmp);
+        }
+        return extlist;
+}
+
+/* Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+char keyid=0, issuer=0;
+int i;
+CONF_VALUE *cnf;
+ASN1_OCTET_STRING *ikeyid = NULL;
+X509_NAME *isname = NULL;
+GENERAL_NAMES * gens = NULL;
+GENERAL_NAME *gen = NULL;
+ASN1_INTEGER *serial = NULL;
+X509_EXTENSION *ext;
+X509 *cert;
+AUTHORITY_KEYID *akeyid;
+for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        cnf = sk_CONF_VALUE_value(values, i);
+        if(!strcmp(cnf->name, "keyid")) {
+                keyid = 1;
+                if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
+        } else if(!strcmp(cnf->name, "issuer")) {
+                issuer = 1;
+                if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
+        } else {
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
+                ERR_add_error_data(2, "name=", cnf->name);
+                return NULL;
+        }
+}
+
+if(!ctx || !ctx->issuer_cert) {
+        if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
+        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
+        return NULL;
+}
+
+cert = ctx->issuer_cert;
+
+if(keyid) {
+        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+        if((i >= 0)  && (ext = X509_get_ext(cert, i)))
+                                                 ikeyid = X509V3_EXT_d2i(ext);
+        if(keyid==2 && !ikeyid) {
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+                return NULL;
+        }
+}
+
+if((issuer && !ikeyid) || (issuer == 2)) {
+        isname = X509_NAME_dup(X509_get_issuer_name(cert));
+        serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if(!isname || !serial) {
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+                goto err;
+        }
+}
+
+if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
+
+if(isname) {
+        if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
+                || !sk_GENERAL_NAME_push(gens, gen)) {
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        gen->type = GEN_DIRNAME;
+        gen->d.dirn = isname;
+}
+
+akeyid->issuer = gens;
+akeyid->serial = serial;
+akeyid->keyid = ikeyid;
+
+return akeyid;
+
+err:
+X509_NAME_free(isname);
+M_ASN1_INTEGER_free(serial);
+M_ASN1_OCTET_STRING_free(ikeyid);
+return NULL;
+
+}
+
diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000000..2aafa26ba7
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_akeya.c
@@ -0,0 +1,72 @@
+/* v3_akey_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+        ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+        ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
new file mode 100644
index 0000000000..58b935a3b6
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -0,0 +1,458 @@
+/* v3_alt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
+X509V3_EXT_METHOD v3_alt[] = {
+{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_subject_alt,
+NULL, NULL, NULL},
+
+{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_issuer_alt,
+NULL, NULL, NULL},
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
+{
+        int i;
+        GENERAL_NAME *gen;
+        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+                gen = sk_GENERAL_NAME_value(gens, i);
+                ret = i2v_GENERAL_NAME(method, gen, ret);
+        }
+        if(!ret) return sk_CONF_VALUE_new_null();
+        return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+                                GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
+{
+        unsigned char *p;
+        char oline[256];
+        switch (gen->type)
+        {
+                case GEN_OTHERNAME:
+                X509V3_add_value("othername","<unsupported>", &ret);
+                break;
+
+                case GEN_X400:
+                X509V3_add_value("X400Name","<unsupported>", &ret);
+                break;
+
+                case GEN_EDIPARTY:
+                X509V3_add_value("EdiPartyName","<unsupported>", &ret);
+                break;
+
+                case GEN_EMAIL:
+                X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
+                break;
+
+                case GEN_DNS:
+                X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
+                break;
+
+                case GEN_URI:
+                X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
+                break;
+
+                case GEN_DIRNAME:
+                X509_NAME_oneline(gen->d.dirn, oline, 256);
+                X509V3_add_value("DirName",oline, &ret);
+                break;
+
+                case GEN_IPADD:
+                p = gen->d.ip->data;
+                /* BUG: doesn't support IPV6 */
+                if(gen->d.ip->length != 4) {
+                        X509V3_add_value("IP Address","<invalid>", &ret);
+                        break;
+                }
+                BIO_snprintf(oline, sizeof oline,
+                             "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+                X509V3_add_value("IP Address",oline, &ret);
+                break;
+
+                case GEN_RID:
+                i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+                X509V3_add_value("Registered ID",oline, &ret);
+                break;
+        }
+        return ret;
+}
+
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+        unsigned char *p;
+        switch (gen->type)
+        {
+                case GEN_OTHERNAME:
+                BIO_printf(out, "othername:<unsupported>");
+                break;
+
+                case GEN_X400:
+                BIO_printf(out, "X400Name:<unsupported>");
+                break;
+
+                case GEN_EDIPARTY:
+                /* Maybe fix this: it is supported now */
+                BIO_printf(out, "EdiPartyName:<unsupported>");
+                break;
+
+                case GEN_EMAIL:
+                BIO_printf(out, "email:%s",gen->d.ia5->data);
+                break;
+
+                case GEN_DNS:
+                BIO_printf(out, "DNS:%s",gen->d.ia5->data);
+                break;
+
+                case GEN_URI:
+                BIO_printf(out, "URI:%s",gen->d.ia5->data);
+                break;
+
+                case GEN_DIRNAME:
+                BIO_printf(out, "DirName: ");
+                X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+                break;
+
+                case GEN_IPADD:
+                p = gen->d.ip->data;
+                /* BUG: doesn't support IPV6 */
+                if(gen->d.ip->length != 4) {
+                        BIO_printf(out,"IP Address:<invalid>");
+                        break;
+                }
+                BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+                break;
+
+                case GEN_RID:
+                BIO_printf(out, "Registered ID");
+                i2a_ASN1_OBJECT(out, gen->d.rid);
+                break;
+        }
+        return 1;
+}
+
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+        GENERAL_NAMES *gens = NULL;
+        CONF_VALUE *cnf;
+        int i;
+        if(!(gens = sk_GENERAL_NAME_new_null())) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                cnf = sk_CONF_VALUE_value(nval, i);
+                if(!name_cmp(cnf->name, "issuer") && cnf->value &&
+                                                !strcmp(cnf->value, "copy")) {
+                        if(!copy_issuer(ctx, gens)) goto err;
+                } else {
+                        GENERAL_NAME *gen;
+                        if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+                                                                 goto err; 
+                        sk_GENERAL_NAME_push(gens, gen);
+                }
+        }
+        return gens;
+        err:
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
+{
+        GENERAL_NAMES *ialt;
+        GENERAL_NAME *gen;
+        X509_EXTENSION *ext;
+        int i;
+        if(ctx && (ctx->flags == CTX_TEST)) return 1;
+        if(!ctx || !ctx->issuer_cert) {
+                X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
+                goto err;
+        }
+        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+        if(i < 0) return 1;
+        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
+                        !(ialt = X509V3_EXT_d2i(ext)) ) {
+                X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
+                goto err;
+        }
+
+        for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+                gen = sk_GENERAL_NAME_value(ialt, i);
+                if(!sk_GENERAL_NAME_push(gens, gen)) {
+                        X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+        }
+        sk_GENERAL_NAME_free(ialt);
+
+        return 1;
+                
+        err:
+        return 0;
+        
+}
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+        GENERAL_NAMES *gens = NULL;
+        CONF_VALUE *cnf;
+        int i;
+        if(!(gens = sk_GENERAL_NAME_new_null())) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                cnf = sk_CONF_VALUE_value(nval, i);
+                if(!name_cmp(cnf->name, "email") && cnf->value &&
+                                                !strcmp(cnf->value, "copy")) {
+                        if(!copy_email(ctx, gens, 0)) goto err;
+                } else if(!name_cmp(cnf->name, "email") && cnf->value &&
+                                                !strcmp(cnf->value, "move")) {
+                        if(!copy_email(ctx, gens, 1)) goto err;
+                } else {
+                        GENERAL_NAME *gen;
+                        if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+                                                                 goto err; 
+                        sk_GENERAL_NAME_push(gens, gen);
+                }
+        }
+        return gens;
+        err:
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        return NULL;
+}
+
+/* Copy any email addresses in a certificate or request to 
+ * GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
+{
+        X509_NAME *nm;
+        ASN1_IA5STRING *email = NULL;
+        X509_NAME_ENTRY *ne;
+        GENERAL_NAME *gen = NULL;
+        int i;
+        if(ctx->flags == CTX_TEST) return 1;
+        if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+                X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
+                goto err;
+        }
+        /* Find the subject name */
+        if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
+        else nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+        /* Now add any email address(es) to STACK */
+        i = -1;
+        while((i = X509_NAME_get_index_by_NID(nm,
+                                         NID_pkcs9_emailAddress, i)) >= 0) {
+                ne = X509_NAME_get_entry(nm, i);
+                email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+                if (move_p)
+                        {
+                        X509_NAME_delete_entry(nm, i);
+                        i--;
+                        }
+                if(!email || !(gen = GENERAL_NAME_new())) {
+                        X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                gen->d.ia5 = email;
+                email = NULL;
+                gen->type = GEN_EMAIL;
+                if(!sk_GENERAL_NAME_push(gens, gen)) {
+                        X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                gen = NULL;
+        }
+
+        
+        return 1;
+                
+        err:
+        GENERAL_NAME_free(gen);
+        M_ASN1_IA5STRING_free(email);
+        return 0;
+        
+}
+
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+        GENERAL_NAME *gen;
+        GENERAL_NAMES *gens = NULL;
+        CONF_VALUE *cnf;
+        int i;
+        if(!(gens = sk_GENERAL_NAME_new_null())) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                cnf = sk_CONF_VALUE_value(nval, i);
+                if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+                sk_GENERAL_NAME_push(gens, gen);
+        }
+        return gens;
+        err:
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                                                         CONF_VALUE *cnf)
+{
+char is_string = 0;
+int type;
+GENERAL_NAME *gen = NULL;
+
+char *name, *value;
+
+name = cnf->name;
+value = cnf->value;
+
+if(!value) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
+        return NULL;
+}
+
+if(!(gen = GENERAL_NAME_new())) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+        return NULL;
+}
+
+if(!name_cmp(name, "email")) {
+        is_string = 1;
+        type = GEN_EMAIL;
+} else if(!name_cmp(name, "URI")) {
+        is_string = 1;
+        type = GEN_URI;
+} else if(!name_cmp(name, "DNS")) {
+        is_string = 1;
+        type = GEN_DNS;
+} else if(!name_cmp(name, "RID")) {
+        ASN1_OBJECT *obj;
+        if(!(obj = OBJ_txt2obj(value,0))) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+        }
+        gen->d.rid = obj;
+        type = GEN_RID;
+} else if(!name_cmp(name, "IP")) {
+        int i1,i2,i3,i4;
+        unsigned char ip[4];
+        if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
+            (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
+            (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+        }
+        ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
+        if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
+                !ASN1_STRING_set(gen->d.ip, ip, 4)) {
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+                        goto err;
+        }
+        type = GEN_IPADD;
+} else {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
+        ERR_add_error_data(2, "name=", name);
+        goto err;
+}
+
+if(is_string) {
+        if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+                      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
+                                       strlen(value))) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+}
+
+gen->type = type;
+
+return gen;
+
+err:
+GENERAL_NAME_free(gen);
+return NULL;
+}
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
new file mode 100644
index 0000000000..cbb012715e
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -0,0 +1,124 @@
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_bcons = {
+NID_basic_constraints, 0,
+ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+NULL,NULL,
+NULL
+};
+
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+        ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+        ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+             BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
+{
+        X509V3_add_value_bool("CA", bcons->ca, &extlist);
+        X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+        return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+        BASIC_CONSTRAINTS *bcons=NULL;
+        CONF_VALUE *val;
+        int i;
+        if(!(bcons = BASIC_CONSTRAINTS_new())) {
+                X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+                val = sk_CONF_VALUE_value(values, i);
+                if(!strcmp(val->name, "CA")) {
+                        if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
+                } else if(!strcmp(val->name, "pathlen")) {
+                        if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
+                } else {
+                        X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+                        X509V3_conf_err(val);
+                        goto err;
+                }
+        }
+        return bcons;
+        err:
+        BASIC_CONSTRAINTS_free(bcons);
+        return NULL;
+}
+
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
new file mode 100644
index 0000000000..274965306d
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -0,0 +1,147 @@
+/* v3_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                ASN1_BIT_STRING *bits,
+                                STACK_OF(CONF_VALUE) *extlist);
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+{0, "SSL Client", "client"},
+{1, "SSL Server", "server"},
+{2, "S/MIME", "email"},
+{3, "Object Signing", "objsign"},
+{4, "Unused", "reserved"},
+{5, "SSL CA", "sslCA"},
+{6, "S/MIME CA", "emailCA"},
+{7, "Object Signing CA", "objCA"},
+{-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+{0, "Digital Signature", "digitalSignature"},
+{1, "Non Repudiation", "nonRepudiation"},
+{2, "Key Encipherment", "keyEncipherment"},
+{3, "Data Encipherment", "dataEncipherment"},
+{4, "Key Agreement", "keyAgreement"},
+{5, "Certificate Sign", "keyCertSign"},
+{6, "CRL Sign", "cRLSign"},
+{7, "Encipher Only", "encipherOnly"},
+{8, "Decipher Only", "decipherOnly"},
+{-1, NULL, NULL}
+};
+
+
+
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+             ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
+{
+        BIT_STRING_BITNAME *bnam;
+        for(bnam =method->usr_data; bnam->lname; bnam++) {
+                if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
+                        X509V3_add_value(bnam->lname, NULL, &ret);
+        }
+        return ret;
+}
+        
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+        CONF_VALUE *val;
+        ASN1_BIT_STRING *bs;
+        int i;
+        BIT_STRING_BITNAME *bnam;
+        if(!(bs = M_ASN1_BIT_STRING_new())) {
+                X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                val = sk_CONF_VALUE_value(nval, i);
+                for(bnam = method->usr_data; bnam->lname; bnam++) {
+                        if(!strcmp(bnam->sname, val->name) ||
+                                !strcmp(bnam->lname, val->name) ) {
+                                if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
+                                        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                                                ERR_R_MALLOC_FAILURE);
+                                        M_ASN1_BIT_STRING_free(bs);
+                                        return NULL;
+                                }
+                                break;
+                        }
+                }
+                if(!bnam->lname) {
+                        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                                        X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+                        X509V3_conf_err(val);
+                        M_ASN1_BIT_STRING_free(bs);
+                        return NULL;
+                }
+        }
+        return bs;
+}
+        
+
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
new file mode 100644
index 0000000000..1284d5aaa5
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -0,0 +1,485 @@
+/* v3_conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* extension creation utilities */
+
+
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+static int v3_check_critical(char **value);
+static int v3_check_generic(char **value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
+static char *conf_lhash_get_string(void *db, char *section, char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+                                                 int crit, void *ext_struc);
+/* CONF *conf:  Config file    */
+/* char *name:  Name    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+             char *value)
+        {
+        int crit;
+        int ext_type;
+        X509_EXTENSION *ret;
+        crit = v3_check_critical(&value);
+        if ((ext_type = v3_check_generic(&value))) 
+                return v3_generic_extension(name, value, crit, ext_type);
+        ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+        if (!ret)
+                {
+                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
+                ERR_add_error_data(4,"name=", name, ", value=", value);
+                }
+        return ret;
+        }
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+             char *value)
+        {
+        int crit;
+        int ext_type;
+        crit = v3_check_critical(&value);
+        if ((ext_type = v3_check_generic(&value))) 
+                return v3_generic_extension(OBJ_nid2sn(ext_nid),
+                                                         value, crit, ext_type);
+        return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+        }
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+             int crit, char *value)
+        {
+        X509V3_EXT_METHOD *method;
+        X509_EXTENSION *ext;
+        STACK_OF(CONF_VALUE) *nval;
+        void *ext_struc;
+        if (ext_nid == NID_undef)
+                {
+                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
+                return NULL;
+                }
+        if (!(method = X509V3_EXT_get_nid(ext_nid)))
+                {
+                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
+                return NULL;
+                }
+        /* Now get internal extension representation based on type */
+        if (method->v2i)
+                {
+                if(*value == '@') nval = NCONF_get_section(conf, value + 1);
+                else nval = X509V3_parse_list(value);
+                if(!nval)
+                        {
+                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
+                        ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
+                        return NULL;
+                        }
+                ext_struc = method->v2i(method, ctx, nval);
+                if(*value != '@') sk_CONF_VALUE_pop_free(nval,
+                                                         X509V3_conf_free);
+                if(!ext_struc) return NULL;
+                }
+        else if(method->s2i)
+                {
+                if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+                }
+        else if(method->r2i)
+                {
+                if(!ctx->db)
+                        {
+                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
+                        return NULL;
+                        }
+                if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
+                }
+        else
+                {
+                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+                ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+                return NULL;
+                }
+
+        ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
+        if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+        else method->ext_free(ext_struc);
+        return ext;
+
+        }
+
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+                                                 int crit, void *ext_struc)
+        {
+        unsigned char *ext_der;
+        int ext_len;
+        ASN1_OCTET_STRING *ext_oct;
+        X509_EXTENSION *ext;
+        /* Convert internal representation to DER */
+        if (method->it)
+                {
+                ext_der = NULL;
+                ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+                if (ext_len < 0) goto merr;
+                }
+         else
+                {
+                unsigned char *p;
+                ext_len = method->i2d(ext_struc, NULL);
+                if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
+                p = ext_der;
+                method->i2d(ext_struc, &p);
+                }
+        if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
+        ext_oct->data = ext_der;
+        ext_oct->length = ext_len;
+
+        ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+        if (!ext) goto merr;
+        M_ASN1_OCTET_STRING_free(ext_oct);
+
+        return ext;
+
+        merr:
+        X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
+        return NULL;
+
+        }
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+        {
+        X509V3_EXT_METHOD *method;
+        if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+                X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
+                return NULL;
+        }
+        return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(char **value)
+{
+        char *p = *value;
+        if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+        p+=9;
+        while(isspace((unsigned char)*p)) p++;
+        *value = p;
+        return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(char **value)
+{
+        char *p = *value;
+        if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
+        p+=4;
+        while (isspace((unsigned char)*p)) p++;
+        *value = p;
+        return 1;
+}
+
+/* Create a generic extension: for now just handle DER type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+             int crit, int type)
+        {
+        unsigned char *ext_der=NULL;
+        long ext_len;
+        ASN1_OBJECT *obj=NULL;
+        ASN1_OCTET_STRING *oct=NULL;
+        X509_EXTENSION *extension=NULL;
+        if (!(obj = OBJ_txt2obj(ext, 0)))
+                {
+                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+                ERR_add_error_data(2, "name=", ext);
+                goto err;
+                }
+
+        if (!(ext_der = string_to_hex(value, &ext_len)))
+                {
+                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+                }
+
+        if (!(oct = M_ASN1_OCTET_STRING_new()))
+                {
+                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        oct->data = ext_der;
+        oct->length = ext_len;
+        ext_der = NULL;
+
+        extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+        err:
+        ASN1_OBJECT_free(obj);
+        M_ASN1_OCTET_STRING_free(oct);
+        if(ext_der) OPENSSL_free(ext_der);
+        return extension;
+
+        }
+
+
+/* This is the main function: add a bunch of extensions based on a config file
+ * section to an extension STACK.
+ */
+
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+             STACK_OF(X509_EXTENSION) **sk)
+        {
+        X509_EXTENSION *ext;
+        STACK_OF(CONF_VALUE) *nval;
+        CONF_VALUE *val;        
+        int i;
+        if (!(nval = NCONF_get_section(conf, section))) return 0;
+        for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
+                {
+                val = sk_CONF_VALUE_value(nval, i);
+                if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
+                                                                return 0;
+                if (sk) X509v3_add_ext(sk, ext, -1);
+                X509_EXTENSION_free(ext);
+                }
+        return 1;
+        }
+
+/* Convenience functions to add extensions to a certificate, CRL and request */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+             X509 *cert)
+        {
+        STACK_OF(X509_EXTENSION) **sk = NULL;
+        if (cert)
+                sk = &cert->cert_info->extensions;
+        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+        }
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+             X509_CRL *crl)
+        {
+        STACK_OF(X509_EXTENSION) **sk = NULL;
+        if (crl)
+                sk = &crl->crl->extensions;
+        return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+        }
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+             X509_REQ *req)
+        {
+        STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+        int i;
+        if (req)
+                sk = &extlist;
+        i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+        if (!i || !sk)
+                return i;
+        i = X509_REQ_add_extensions(req, extlist);
+        sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
+        return i;
+        }
+
+/* Config database functions */
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+        {
+        if (ctx->db_meth->get_string)
+                        return ctx->db_meth->get_string(ctx->db, name, section);
+        return NULL;
+        }
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
+        {
+        if (ctx->db_meth->get_section)
+                        return ctx->db_meth->get_section(ctx->db, section);
+        return NULL;
+        }
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+        {
+        if (!str) return;
+        if (ctx->db_meth->free_string)
+                        ctx->db_meth->free_string(ctx->db, str);
+        }
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+        {
+        if (!section) return;
+        if (ctx->db_meth->free_section)
+                        ctx->db_meth->free_section(ctx->db, section);
+        }
+
+static char *nconf_get_string(void *db, char *section, char *value)
+        {
+        return NCONF_get_string(db, section, value);
+        }
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+        {
+        return NCONF_get_section(db, section);
+        }
+
+static X509V3_CONF_METHOD nconf_method = {
+nconf_get_string,
+nconf_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+        {
+        ctx->db_meth = &nconf_method;
+        ctx->db = conf;
+        }
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+             X509_CRL *crl, int flags)
+        {
+        ctx->issuer_cert = issuer;
+        ctx->subject_cert = subj;
+        ctx->crl = crl;
+        ctx->subject_req = req;
+        ctx->flags = flags;
+        }
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+             char *value)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+        }
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+             char *value)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+        }
+
+static char *conf_lhash_get_string(void *db, char *section, char *value)
+        {
+        return CONF_get_string(db, section, value);
+        }
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
+        {
+        return CONF_get_section(db, section);
+        }
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+conf_lhash_get_string,
+conf_lhash_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
+        {
+        ctx->db_meth = &conf_lhash_method;
+        ctx->db = lhash;
+        }
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+             X509 *cert)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+        }
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+             X509_CRL *crl)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+        }
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+             X509_REQ *req)
+        {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
new file mode 100644
index 0000000000..0d554f3a2c
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -0,0 +1,422 @@
+/* v3_cpols.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                        STACK_OF(CONF_VALUE) *unot, int ia5org);
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+
+X509V3_EXT_METHOD v3_cpols = {
+NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+0,0,0,0,
+0,0,
+0,0,
+(X509V3_EXT_I2R)i2r_certpol,
+(X509V3_EXT_R2I)r2i_certpol,
+NULL
+};
+
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+
+ASN1_SEQUENCE(POLICYINFO) = {
+        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+
+ASN1_ADB(POLICYQUALINFO) = {
+        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+
+ASN1_SEQUENCE(USERNOTICE) = {
+        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+
+ASN1_SEQUENCE(NOTICEREF) = {
+        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                X509V3_CTX *ctx, char *value)
+{
+        STACK_OF(POLICYINFO) *pols = NULL;
+        char *pstr;
+        POLICYINFO *pol;
+        ASN1_OBJECT *pobj;
+        STACK_OF(CONF_VALUE) *vals;
+        CONF_VALUE *cnf;
+        int i, ia5org;
+        pols = sk_POLICYINFO_new_null();
+        vals =  X509V3_parse_list(value);
+        ia5org = 0;
+        for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+                cnf = sk_CONF_VALUE_value(vals, i);
+                if(cnf->value || !cnf->name ) {
+                        X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
+                        X509V3_conf_err(cnf);
+                        goto err;
+                }
+                pstr = cnf->name;
+                if(!strcmp(pstr,"ia5org")) {
+                        ia5org = 1;
+                        continue;
+                } else if(*pstr == '@') {
+                        STACK_OF(CONF_VALUE) *polsect;
+                        polsect = X509V3_get_section(ctx, pstr + 1);
+                        if(!polsect) {
+                                X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
+
+                                X509V3_conf_err(cnf);
+                                goto err;
+                        }
+                        pol = policy_section(ctx, polsect, ia5org);
+                        X509V3_section_free(ctx, polsect);
+                        if(!pol) goto err;
+                } else {
+                        if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+                                X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                                X509V3_conf_err(cnf);
+                                goto err;
+                        }
+                        pol = POLICYINFO_new();
+                        pol->policyid = pobj;
+                }
+                sk_POLICYINFO_push(pols, pol);
+        }
+        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+        return pols;
+        err:
+        sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+        return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+        int i;
+        CONF_VALUE *cnf;
+        POLICYINFO *pol;
+        POLICYQUALINFO *qual;
+        if(!(pol = POLICYINFO_new())) goto merr;
+        for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+                cnf = sk_CONF_VALUE_value(polstrs, i);
+                if(!strcmp(cnf->name, "policyIdentifier")) {
+                        ASN1_OBJECT *pobj;
+                        if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                                X509V3_conf_err(cnf);
+                                goto err;
+                        }
+                        pol->policyid = pobj;
+
+                } else if(!name_cmp(cnf->name, "CPS")) {
+                        if(!pol->qualifiers) pol->qualifiers =
+                                                 sk_POLICYQUALINFO_new_null();
+                        if(!(qual = POLICYQUALINFO_new())) goto merr;
+                        if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                                                                 goto merr;
+                        qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
+                        qual->d.cpsuri = M_ASN1_IA5STRING_new();
+                        if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+                                                 strlen(cnf->value))) goto merr;
+                } else if(!name_cmp(cnf->name, "userNotice")) {
+                        STACK_OF(CONF_VALUE) *unot;
+                        if(*cnf->value != '@') {
+                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
+                                X509V3_conf_err(cnf);
+                                goto err;
+                        }
+                        unot = X509V3_get_section(ctx, cnf->value + 1);
+                        if(!unot) {
+                                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
+
+                                X509V3_conf_err(cnf);
+                                goto err;
+                        }
+                        qual = notice_section(ctx, unot, ia5org);
+                        X509V3_section_free(ctx, unot);
+                        if(!qual) goto err;
+                        if(!pol->qualifiers) pol->qualifiers =
+                                                 sk_POLICYQUALINFO_new_null();
+                        if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                                                                 goto merr;
+                } else {
+                        X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
+
+                        X509V3_conf_err(cnf);
+                        goto err;
+                }
+        }
+        if(!pol->policyid) {
+                X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
+                goto err;
+        }
+
+        return pol;
+
+        merr:
+        X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
+
+        err:
+        POLICYINFO_free(pol);
+        return NULL;
+        
+        
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                        STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+        int i, ret;
+        CONF_VALUE *cnf;
+        USERNOTICE *not;
+        POLICYQUALINFO *qual;
+        if(!(qual = POLICYQUALINFO_new())) goto merr;
+        qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
+        if(!(not = USERNOTICE_new())) goto merr;
+        qual->d.usernotice = not;
+        for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+                cnf = sk_CONF_VALUE_value(unot, i);
+                if(!strcmp(cnf->name, "explicitText")) {
+                        not->exptext = M_ASN1_VISIBLESTRING_new();
+                        if(!ASN1_STRING_set(not->exptext, cnf->value,
+                                                 strlen(cnf->value))) goto merr;
+                } else if(!strcmp(cnf->name, "organization")) {
+                        NOTICEREF *nref;
+                        if(!not->noticeref) {
+                                if(!(nref = NOTICEREF_new())) goto merr;
+                                not->noticeref = nref;
+                        } else nref = not->noticeref;
+                        if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
+                        else nref->organization->type = V_ASN1_VISIBLESTRING;
+                        if(!ASN1_STRING_set(nref->organization, cnf->value,
+                                                 strlen(cnf->value))) goto merr;
+                } else if(!strcmp(cnf->name, "noticeNumbers")) {
+                        NOTICEREF *nref;
+                        STACK_OF(CONF_VALUE) *nos;
+                        if(!not->noticeref) {
+                                if(!(nref = NOTICEREF_new())) goto merr;
+                                not->noticeref = nref;
+                        } else nref = not->noticeref;
+                        nos = X509V3_parse_list(cnf->value);
+                        if(!nos || !sk_CONF_VALUE_num(nos)) {
+                                X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
+                                X509V3_conf_err(cnf);
+                                goto err;
+                        }
+                        ret = nref_nos(nref->noticenos, nos);
+                        sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+                        if (!ret)
+                                goto err;
+                } else {
+                        X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
+                        X509V3_conf_err(cnf);
+                        goto err;
+                }
+        }
+
+        if(not->noticeref && 
+              (!not->noticeref->noticenos || !not->noticeref->organization)) {
+                        X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+                        goto err;
+        }
+
+        return qual;
+
+        merr:
+        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+        err:
+        POLICYQUALINFO_free(qual);
+        return NULL;
+}
+
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
+{
+        CONF_VALUE *cnf;
+        ASN1_INTEGER *aint;
+
+        int i;
+
+        for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+                cnf = sk_CONF_VALUE_value(nos, i);
+                if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
+                        X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
+                        goto err;
+                }
+                if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
+        }
+        return 1;
+
+        merr:
+        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+        err:
+        sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
+        return 0;
+}
+
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                BIO *out, int indent)
+{
+        int i;
+        POLICYINFO *pinfo;
+        /* First print out the policy OIDs */
+        for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
+                pinfo = sk_POLICYINFO_value(pol, i);
+                BIO_printf(out, "%*sPolicy: ", indent, "");
+                i2a_ASN1_OBJECT(out, pinfo->policyid);
+                BIO_puts(out, "\n");
+                if(pinfo->qualifiers)
+                         print_qualifiers(out, pinfo->qualifiers, indent + 2);
+        }
+        return 1;
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                int indent)
+{
+        POLICYQUALINFO *qualinfo;
+        int i;
+        for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+                qualinfo = sk_POLICYQUALINFO_value(quals, i);
+                switch(OBJ_obj2nid(qualinfo->pqualid))
+                {
+                        case NID_id_qt_cps:
+                        BIO_printf(out, "%*sCPS: %s\n", indent, "",
+                                                qualinfo->d.cpsuri->data);
+                        break;
+                
+                        case NID_id_qt_unotice:
+                        BIO_printf(out, "%*sUser Notice:\n", indent, "");
+                        print_notice(out, qualinfo->d.usernotice, indent + 2);
+                        break;
+
+                        default:
+                        BIO_printf(out, "%*sUnknown Qualifier: ",
+                                                         indent + 2, "");
+                        
+                        i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+                        BIO_puts(out, "\n");
+                        break;
+                }
+        }
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+        int i;
+        if(notice->noticeref) {
+                NOTICEREF *ref;
+                ref = notice->noticeref;
+                BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+                                                 ref->organization->data);
+                BIO_printf(out, "%*sNumber%s: ", indent, "",
+                           sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+                for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+                        ASN1_INTEGER *num;
+                        char *tmp;
+                        num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+                        if(i) BIO_puts(out, ", ");
+                        tmp = i2s_ASN1_INTEGER(NULL, num);
+                        BIO_puts(out, tmp);
+                        OPENSSL_free(tmp);
+                }
+                BIO_puts(out, "\n");
+        }
+        if(notice->exptext)
+                BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+                                                         notice->exptext->data);
+}
+
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
new file mode 100644
index 0000000000..f90829c574
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -0,0 +1,162 @@
+/* v3_crld.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+                STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_crld = {
+NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_crld,
+(X509V3_EXT_V2I)v2i_crld,
+0,0,
+NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+                        STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
+{
+        DIST_POINT *point;
+        int i;
+        for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
+                point = sk_DIST_POINT_value(crld, i);
+                if(point->distpoint) {
+                        if(point->distpoint->type == 0)
+                                exts = i2v_GENERAL_NAMES(NULL,
+                                         point->distpoint->name.fullname, exts);
+                        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
+                }
+                if(point->reasons) 
+                        X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
+                if(point->CRLissuer)
+                        X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
+        }
+        return exts;
+}
+
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+        STACK_OF(DIST_POINT) *crld = NULL;
+        GENERAL_NAMES *gens = NULL;
+        GENERAL_NAME *gen = NULL;
+        CONF_VALUE *cnf;
+        int i;
+        if(!(crld = sk_DIST_POINT_new_null())) goto merr;
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                DIST_POINT *point;
+                cnf = sk_CONF_VALUE_value(nval, i);
+                if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+                if(!(gens = GENERAL_NAMES_new())) goto merr;
+                if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
+                gen = NULL;
+                if(!(point = DIST_POINT_new())) goto merr;
+                if(!sk_DIST_POINT_push(crld, point)) {
+                        DIST_POINT_free(point);
+                        goto merr;
+                }
+                if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
+                point->distpoint->name.fullname = gens;
+                point->distpoint->type = 0;
+                gens = NULL;
+        }
+        return crld;
+
+        merr:
+        X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
+        err:
+        GENERAL_NAME_free(gen);
+        GENERAL_NAMES_free(gens);
+        sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+        return NULL;
+}
+
+IMPLEMENT_STACK_OF(DIST_POINT)
+IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+
+
+ASN1_CHOICE(DIST_POINT_NAME) = {
+        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END(DIST_POINT_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+ASN1_SEQUENCE(DIST_POINT) = {
+        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
+
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
new file mode 100644
index 0000000000..010c9d6260
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -0,0 +1,94 @@
+/* v3_enum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ENUMERATED_NAMES crl_reasons[] = {
+{0, "Unspecified", "unspecified"},
+{1, "Key Compromise", "keyCompromise"},
+{2, "CA Compromise", "CACompromise"},
+{3, "Affiliation Changed", "affiliationChanged"},
+{4, "Superseded", "superseded"},
+{5, "Cessation Of Operation", "cessationOfOperation"},
+{6, "Certificate Hold", "certificateHold"},
+{8, "Remove From CRL", "removeFromCRL"},
+{-1, NULL, NULL}
+};
+
+X509V3_EXT_METHOD v3_crl_reason = { 
+NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+0,0,0,0,
+(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+0,
+0,0,0,0,
+crl_reasons};
+
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+             ASN1_ENUMERATED *e)
+{
+        ENUMERATED_NAMES *enam;
+        long strval;
+        strval = ASN1_ENUMERATED_get(e);
+        for(enam = method->usr_data; enam->lname; enam++) {
+                if(strval == enam->bitnum) return BUF_strdup(enam->lname);
+        }
+        return i2s_ASN1_ENUMERATED(method, e);
+}
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
new file mode 100644
index 0000000000..b1cfaba1aa
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -0,0 +1,142 @@
+/* v3_extku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+                void *eku, STACK_OF(CONF_VALUE) *extlist);
+
+X509V3_EXT_METHOD v3_ext_ku = {
+        NID_ext_key_usage, 0,
+        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+        0,0,0,0,
+        0,0,
+        i2v_EXTENDED_KEY_USAGE,
+        v2i_EXTENDED_KEY_USAGE,
+        0,0,
+        NULL
+};
+
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+X509V3_EXT_METHOD v3_ocsp_accresp = {
+        NID_id_pkix_OCSP_acceptableResponses, 0,
+        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+        0,0,0,0,
+        0,0,
+        i2v_EXTENDED_KEY_USAGE,
+        v2i_EXTENDED_KEY_USAGE,
+        0,0,
+        NULL
+};
+
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+                void *a, STACK_OF(CONF_VALUE) *ext_list)
+{
+        EXTENDED_KEY_USAGE *eku = a;
+        int i;
+        ASN1_OBJECT *obj;
+        char obj_tmp[80];
+        for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+                obj = sk_ASN1_OBJECT_value(eku, i);
+                i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+                X509V3_add_value(NULL, obj_tmp, &ext_list);
+        }
+        return ext_list;
+}
+
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+        EXTENDED_KEY_USAGE *extku;
+        char *extval;
+        ASN1_OBJECT *objtmp;
+        CONF_VALUE *val;
+        int i;
+
+        if(!(extku = sk_ASN1_OBJECT_new_null())) {
+                X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                val = sk_CONF_VALUE_value(nval, i);
+                if(val->value) extval = val->value;
+                else extval = val->name;
+                if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+                        sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+                        X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                        X509V3_conf_err(val);
+                        return NULL;
+                }
+                sk_ASN1_OBJECT_push(extku, objtmp);
+        }
+        return extku;
+}
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
new file mode 100644
index 0000000000..650b510980
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_genn.c
@@ -0,0 +1,101 @@
+/* v3_genn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(OTHERNAME) = {
+        ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+        /* Maybe have a true ANY DEFINED BY later */
+        ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ASN1_SEQUENCE(EDIPARTYNAME) = {
+        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+ASN1_CHOICE(GENERAL_NAME) = {
+        ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+        ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+        ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+        /* Don't decode this */
+        ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+        /* X509_NAME is a CHOICE type so use EXPLICIT */
+        ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+        ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+        ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+        ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+        ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+} ASN1_CHOICE_END(GENERAL_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
new file mode 100644
index 0000000000..9683afa47c
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -0,0 +1,116 @@
+/* v3_ia5.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
+EXT_IA5STRING(NID_netscape_base_url),
+EXT_IA5STRING(NID_netscape_revocation_url),
+EXT_IA5STRING(NID_netscape_ca_revocation_url),
+EXT_IA5STRING(NID_netscape_renewal_url),
+EXT_IA5STRING(NID_netscape_ca_policy_url),
+EXT_IA5STRING(NID_netscape_ssl_server_name),
+EXT_IA5STRING(NID_netscape_comment),
+EXT_END
+};
+
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+             ASN1_IA5STRING *ia5)
+{
+        char *tmp;
+        if(!ia5 || !ia5->length) return NULL;
+        if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
+                X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        memcpy(tmp, ia5->data, ia5->length);
+        tmp[ia5->length] = 0;
+        return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+             X509V3_CTX *ctx, char *str)
+{
+        ASN1_IA5STRING *ia5;
+        if(!str) {
+                X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
+                return NULL;
+        }
+        if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
+        if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
+                            strlen(str))) {
+                M_ASN1_IA5STRING_free(ia5);
+                goto err;
+        }
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(ia5->data, ia5->data, ia5->length);
+#endif /*CHARSET_EBCDIC*/
+        return ia5;
+        err:
+        X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+        return NULL;
+}
+
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
new file mode 100644
index 0000000000..53e3f48859
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -0,0 +1,194 @@
+/* v3_info.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                                AUTHORITY_INFO_ACCESS *ainfo,
+                                                STACK_OF(CONF_VALUE) *ret);
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_info =
+{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+0,0,
+NULL};
+
+X509V3_EXT_METHOD v3_sinfo =
+{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+0,0,
+NULL};
+
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = 
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                                AUTHORITY_INFO_ACCESS *ainfo,
+                                                STACK_OF(CONF_VALUE) *ret)
+{
+        ACCESS_DESCRIPTION *desc;
+        int i,nlen;
+        char objtmp[80], *ntmp;
+        CONF_VALUE *vtmp;
+        for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+                desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+                ret = i2v_GENERAL_NAME(method, desc->location, ret);
+                if(!ret) break;
+                vtmp = sk_CONF_VALUE_value(ret, i);
+                i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
+                nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+                ntmp = OPENSSL_malloc(nlen);
+                if(!ntmp) {
+                        X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
+                                        ERR_R_MALLOC_FAILURE);
+                        return NULL;
+                }
+                BUF_strlcpy(ntmp, objtmp, nlen);
+                BUF_strlcat(ntmp, " - ", nlen);
+                BUF_strlcat(ntmp, vtmp->name, nlen);
+                OPENSSL_free(vtmp->name);
+                vtmp->name = ntmp;
+                
+        }
+        if(!ret) return sk_CONF_VALUE_new_null();
+        return ret;
+}
+
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+        AUTHORITY_INFO_ACCESS *ainfo = NULL;
+        CONF_VALUE *cnf, ctmp;
+        ACCESS_DESCRIPTION *acc;
+        int i, objlen;
+        char *objtmp, *ptmp;
+        if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
+                X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                cnf = sk_CONF_VALUE_value(nval, i);
+                if(!(acc = ACCESS_DESCRIPTION_new())
+                        || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                ptmp = strchr(cnf->name, ';');
+                if(!ptmp) {
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
+                        goto err;
+                }
+                objlen = ptmp - cnf->name;
+                ctmp.name = ptmp + 1;
+                ctmp.value = cnf->value;
+                GENERAL_NAME_free(acc->location);
+                if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
+                                                                 goto err; 
+                if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                strncpy(objtmp, cnf->name, objlen);
+                objtmp[objlen] = 0;
+                acc->method = OBJ_txt2obj(objtmp, 0);
+                if(!acc->method) {
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
+                        ERR_add_error_data(2, "value=", objtmp);
+                        OPENSSL_free(objtmp);
+                        goto err;
+                }
+                OPENSSL_free(objtmp);
+
+        }
+        return ainfo;
+        err:
+        sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+        return NULL;
+}
+
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
+        {
+        i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
+        i2a_GENERAL_NAME(bp, a->location);
+#endif
+        return 2;
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
new file mode 100644
index 0000000000..7a43b4717b
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -0,0 +1,76 @@
+/* v3_int.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+X509V3_EXT_METHOD v3_crl_num = { 
+        NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+        0,0,0,0,
+        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        0,
+        0,0,0,0, NULL};
+
+X509V3_EXT_METHOD v3_delta_crl = { 
+        NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+        0,0,0,0,
+        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+        0,
+        0,0,0,0, NULL};
+
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
new file mode 100644
index 0000000000..ca5a4a4a57
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -0,0 +1,302 @@
+/* v3_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
+
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+                const X509V3_EXT_METHOD * const *b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+        if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
+                X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
+                X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        return 1;
+}
+
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+                const X509V3_EXT_METHOD * const *b)
+{
+        return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+        X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+        int idx;
+        if(nid < 0) return NULL;
+        tmp.ext_nid = nid;
+        ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
+                        (char *)standard_exts, STANDARD_EXTENSION_COUNT,
+                        sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
+        if(ret) return *ret;
+        if(!ext_list) return NULL;
+        idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+        if(idx == -1) return NULL;
+        return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+        int nid;
+        if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
+        return X509V3_EXT_get_nid(nid);
+}
+
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+        for(;extlist->ext_nid!=-1;extlist++) 
+                        if(!X509V3_EXT_add(extlist)) return 0;
+        return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+        X509V3_EXT_METHOD *ext, *tmpext;
+        if(!(ext = X509V3_EXT_get_nid(nid_from))) {
+                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
+                return 0;
+        }
+        if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
+                X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        *tmpext = *ext;
+        tmpext->ext_nid = nid_to;
+        tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+        return X509V3_EXT_add(tmpext);
+}
+
+void X509V3_EXT_cleanup(void)
+{
+        sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
+        ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+        if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
+}
+
+/* Legacy function: we don't need to add standard extensions
+ * any more because they are now kept in ext_dat.h.
+ */
+
+int X509V3_add_standard_extensions(void)
+{
+        return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+        X509V3_EXT_METHOD *method;
+        unsigned char *p;
+        if(!(method = X509V3_EXT_get(ext))) return NULL;
+        p = ext->value->data;
+        if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
+        return method->d2i(NULL, &p, ext->value->length);
+}
+
+/* Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
+{
+        int lastpos, i;
+        X509_EXTENSION *ex, *found_ex = NULL;
+        if(!x) {
+                if(idx) *idx = -1;
+                if(crit) *crit = -1;
+                return NULL;
+        }
+        if(idx) lastpos = *idx + 1;
+        else lastpos = 0;
+        if(lastpos < 0) lastpos = 0;
+        for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
+        {
+                ex = sk_X509_EXTENSION_value(x, i);
+                if(OBJ_obj2nid(ex->object) == nid) {
+                        if(idx) {
+                                *idx = i;
+                                found_ex = ex;
+                                break;
+                        } else if(found_ex) {
+                                /* Found more than one */
+                                if(crit) *crit = -2;
+                                return NULL;
+                        }
+                        found_ex = ex;
+                }
+        }
+        if(found_ex) {
+                /* Found it */
+                if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
+                return X509V3_EXT_d2i(found_ex);
+        }
+
+        /* Extension not found */
+        if(idx) *idx = -1;
+        if(crit) *crit = -1;
+        return NULL;
+}
+
+/* This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                                        int crit, unsigned long flags)
+{
+        int extidx = -1;
+        int errcode;
+        X509_EXTENSION *ext, *extmp;
+        unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+        /* If appending we don't care if it exists, otherwise
+         * look for existing extension.
+         */
+        if(ext_op != X509V3_ADD_APPEND)
+                extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+        /* See if extension exists */
+        if(extidx >= 0) {
+                /* If keep existing, nothing to do */
+                if(ext_op == X509V3_ADD_KEEP_EXISTING)
+                        return 1;
+                /* If default then its an error */
+                if(ext_op == X509V3_ADD_DEFAULT) {
+                        errcode = X509V3_R_EXTENSION_EXISTS;
+                        goto err;
+                }
+                /* If delete, just delete it */
+                if(ext_op == X509V3_ADD_DELETE) {
+                        if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
+                        return 1;
+                }
+        } else {
+                /* If replace existing or delete, error since 
+                 * extension must exist
+                 */
+                if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+                   (ext_op == X509V3_ADD_DELETE)) {
+                        errcode = X509V3_R_EXTENSION_NOT_FOUND;
+                        goto err;
+                }
+        }
+
+        /* If we get this far then we have to create an extension:
+         * could have some flags for alternative encoding schemes...
+         */
+
+        ext = X509V3_EXT_i2d(nid, crit, value);
+
+        if(!ext) {
+                X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
+                return 0;
+        }
+
+        /* If extension exists replace it.. */
+        if(extidx >= 0) {
+                extmp = sk_X509_EXTENSION_value(*x, extidx);
+                X509_EXTENSION_free(extmp);
+                if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
+                return 1;
+        }
+
+        if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
+        if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
+
+        return 1;
+
+        err:
+        if(!(flags & X509V3_ADD_SILENT))
+                X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
+        return 0;
+}
+
+IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
new file mode 100644
index 0000000000..21badc13f9
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -0,0 +1,275 @@
+/* v3_ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_OCSP
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* OCSP extensions and a couple of CRL entry extensions
+ */
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+
+X509V3_EXT_METHOD v3_ocsp_crlid = {
+        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_crlid,0,
+        NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_acutoff = {
+        NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_acutoff,0,
+        NULL
+};
+
+X509V3_EXT_METHOD v3_crl_invdate = {
+        NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_acutoff,0,
+        NULL
+};
+
+X509V3_EXT_METHOD v3_crl_hold = {
+        NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_object,0,
+        NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_nonce = {
+        NID_id_pkix_OCSP_Nonce, 0, NULL,
+        ocsp_nonce_new,
+        ocsp_nonce_free,
+        d2i_ocsp_nonce,
+        i2d_ocsp_nonce,
+        0,0,
+        0,0,
+        i2r_ocsp_nonce,0,
+        NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
+        NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+        0,0,0,0,
+        0,s2i_ocsp_nocheck,
+        0,0,
+        i2r_ocsp_nocheck,0,
+        NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+        NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+        0,0,0,0,
+        0,0,
+        0,0,
+        i2r_ocsp_serviceloc,0,
+        NULL
+};
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+{
+        OCSP_CRLID *a = in;
+        if (a->crlUrl)
+                {
+                if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+                if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
+                if (!BIO_write(bp, "\n", 1)) goto err;
+                }
+        if (a->crlNum)
+                {
+                if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+                if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+                if (!BIO_write(bp, "\n", 1)) goto err;
+                }
+        if (a->crlTime)
+                {
+                if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+                if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
+                if (!BIO_write(bp, "\n", 1)) goto err;
+                }
+        return 1;
+        err:
+        return 0;
+}
+
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+{
+        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
+        return 1;
+}
+
+
+static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+{
+        if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+        if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+        return 1;
+}
+
+/* OCSP nonce. This is needs special treatment because it doesn't have
+ * an ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+        return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+        ASN1_OCTET_STRING *os = a;
+        if(pp) {
+                memcpy(*pp, os->data, os->length);
+                *pp += os->length;
+        }
+        return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
+{
+        ASN1_OCTET_STRING *os, **pos;
+        pos = a;
+        if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
+        else os = *pos;
+        if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+
+        *pp += length;
+
+        if(pos) *pos = os;
+        return os;
+
+        err:
+        if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
+        OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+        M_ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+{
+        if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
+        if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
+        return 1;
+}
+
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+{
+        return 1;
+}
+
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+{
+        return ASN1_NULL_new();
+}
+
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+        {
+        int i;
+        OCSP_SERVICELOC *a = in;
+        ACCESS_DESCRIPTION *ad;
+
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
+        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
+        for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+                {
+                                ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
+                                if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) 
+                                        goto err;
+                                if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
+                                if(BIO_puts(bp, " - ") <= 0) goto err;
+                                if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
+                }
+        return 1;
+err:
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c
new file mode 100644
index 0000000000..b32d968619
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_pci.c
@@ -0,0 +1,313 @@
+/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
+/* Contributed to the OpenSSL Project 2004
+ * by Richard Levitte (richard@levitte.org)
+ */
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
+        BIO *out, int indent);
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+        X509V3_CTX *ctx, char *str);
+
+X509V3_EXT_METHOD v3_pci =
+        { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+          0,0,0,0,
+          0,0,
+          NULL, NULL,
+          (X509V3_EXT_I2R)i2r_pci,
+          (X509V3_EXT_R2I)r2i_pci,
+          NULL,
+        };
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
+        BIO *out, int indent)
+        {
+        BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
+        if (pci->pcPathLengthConstraint)
+          i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
+        else
+          BIO_printf(out, "infinite");
+        BIO_puts(out, "\n");
+        BIO_printf(out, "%*sPolicy Language: ", indent, "");
+        i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+        BIO_puts(out, "\n");
+        if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+          BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+                     pci->proxyPolicy->policy->data);
+        return 1;
+        }
+
+static int process_pci_value(CONF_VALUE *val,
+        ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
+        ASN1_OCTET_STRING **policy)
+        {
+        int free_policy = 0;
+
+        if (strcmp(val->name, "language") == 0)
+                {
+                if (*language)
+                        {
+                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+                        X509V3_conf_err(val);
+                        return 0;
+                        }
+                if (!(*language = OBJ_txt2obj(val->value, 0)))
+                        {
+                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                        X509V3_conf_err(val);
+                        return 0;
+                        }
+                }
+        else if (strcmp(val->name, "pathlen") == 0)
+                {
+                if (*pathlen)
+                        {
+                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+                        X509V3_conf_err(val);
+                        return 0;
+                        }
+                if (!X509V3_get_value_int(val, pathlen))
+                        {
+                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH);
+                        X509V3_conf_err(val);
+                        return 0;
+                        }
+                }
+        else if (strcmp(val->name, "policy") == 0)
+                {
+                unsigned char *tmp_data = NULL;
+                long val_len;
+                if (!*policy)
+                        {
+                        *policy = ASN1_OCTET_STRING_new();
+                        if (!*policy)
+                                {
+                                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+                                X509V3_conf_err(val);
+                                return 0;
+                                }
+                        free_policy = 1;
+                        }
+                if (strncmp(val->value, "hex:", 4) == 0)
+                        {
+                        unsigned char *tmp_data2 =
+                                string_to_hex(val->value + 4, &val_len);
+
+                        if (!tmp_data2) goto err;
+
+                        tmp_data = OPENSSL_realloc((*policy)->data,
+                                (*policy)->length + val_len + 1);
+                        if (tmp_data)
+                                {
+                                (*policy)->data = tmp_data;
+                                memcpy(&(*policy)->data[(*policy)->length],
+                                        tmp_data2, val_len);
+                                (*policy)->length += val_len;
+                                (*policy)->data[(*policy)->length] = '\0';
+                                }
+                        }
+                else if (strncmp(val->value, "file:", 5) == 0)
+                        {
+                        unsigned char buf[2048];
+                        int n;
+                        BIO *b = BIO_new_file(val->value + 5, "r");
+                        if (!b)
+                                {
+                                X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
+                        while((n = BIO_read(b, buf, sizeof(buf))) > 0
+                                || (n == 0 && BIO_should_retry(b)))
+                                {
+                                if (!n) continue;
+
+                                tmp_data = OPENSSL_realloc((*policy)->data,
+                                        (*policy)->length + n + 1);
+
+                                if (!tmp_data)
+                                        break;
+
+                                (*policy)->data = tmp_data;
+                                memcpy(&(*policy)->data[(*policy)->length],
+                                        buf, n);
+                                (*policy)->length += n;
+                                (*policy)->data[(*policy)->length] = '\0';
+                                }
+
+                        if (n < 0)
+                                {
+                                X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB);
+                                X509V3_conf_err(val);
+                                goto err;
+                                }
+                        }
+                else if (strncmp(val->value, "text:", 5) == 0)
+                        {
+                        val_len = strlen(val->value + 5);
+                        tmp_data = OPENSSL_realloc((*policy)->data,
+                                (*policy)->length + val_len + 1);
+                        if (tmp_data)
+                                {
+                                (*policy)->data = tmp_data;
+                                memcpy(&(*policy)->data[(*policy)->length],
+                                        val->value + 5, val_len);
+                                (*policy)->length += val_len;
+                                (*policy)->data[(*policy)->length] = '\0';
+                                }
+                        }
+                else
+                        {
+                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+                        X509V3_conf_err(val);
+                        goto err;
+                        }
+                if (!tmp_data)
+                        {
+                        X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+                        X509V3_conf_err(val);
+                        goto err;
+                        }
+                }
+        return 1;
+err:
+        if (free_policy)
+                {
+                ASN1_OCTET_STRING_free(*policy);
+                *policy = NULL;
+                }
+        return 0;
+        }
+
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+        X509V3_CTX *ctx, char *value)
+        {
+        PROXY_CERT_INFO_EXTENSION *pci = NULL;
+        STACK_OF(CONF_VALUE) *vals;
+        ASN1_OBJECT *language = NULL;
+        ASN1_INTEGER *pathlen = NULL;
+        ASN1_OCTET_STRING *policy = NULL;
+        int i, j;
+
+        vals = X509V3_parse_list(value);
+        for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
+                {
+                CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+                if (!cnf->name || (*cnf->name != '@' && !cnf->value))
+                        {
+                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
+                        X509V3_conf_err(cnf);
+                        goto err;
+                        }
+                if (*cnf->name == '@')
+                        {
+                        STACK_OF(CONF_VALUE) *sect;
+                        int success_p = 1;
+
+                        sect = X509V3_get_section(ctx, cnf->name + 1);
+                        if (!sect)
+                                {
+                                X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
+                                X509V3_conf_err(cnf);
+                                goto err;
+                                }
+                        for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
+                                {
+                                success_p =
+                                        process_pci_value(sk_CONF_VALUE_value(sect, j),
+                                                &language, &pathlen, &policy);
+                                }
+                        X509V3_section_free(ctx, sect);
+                        if (!success_p)
+                                goto err;
+                        }
+                else
+                        {
+                        if (!process_pci_value(cnf,
+                                        &language, &pathlen, &policy))
+                                {
+                                X509V3_conf_err(cnf);
+                                goto err;
+                                }
+                        }
+                }
+
+        /* Language is mandatory */
+        if (!language)
+                {
+                X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+                goto err;
+                }
+        i = OBJ_obj2nid(language);
+        if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
+                {
+                X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+                goto err;
+                }
+
+        pci = PROXY_CERT_INFO_EXTENSION_new();
+        if (!pci)
+                {
+                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        pci->proxyPolicy = PROXY_POLICY_new();
+        if (!pci->proxyPolicy)
+                {
+                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+
+        pci->proxyPolicy->policyLanguage = language; language = NULL;
+        pci->proxyPolicy->policy = policy; policy = NULL;
+        pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
+        goto end;
+err:
+        if (language) { ASN1_OBJECT_free(language); language = NULL; }
+        if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
+        if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
+        if (pci && pci->proxyPolicy)
+                {
+                PROXY_POLICY_free(pci->proxyPolicy);
+                pci->proxyPolicy = NULL;
+                }
+        if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
+end:
+        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+        return pci;
+        }
diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c
new file mode 100644
index 0000000000..bb362e0e5a
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_pcia.c
@@ -0,0 +1,55 @@
+/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
+/* Contributed to the OpenSSL Project 2004
+ * by Richard Levitte (richard@levitte.org)
+ */
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(PROXY_POLICY) =
+        {
+        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
+        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PROXY_POLICY)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
+
+ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
+        {
+        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
+        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
+} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
new file mode 100644
index 0000000000..49a2e4697a
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -0,0 +1,108 @@
+/* v3_pku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+*/
+X509V3_EXT_METHOD v3_pkey_usage_period = {
+NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+0,0,0,0,
+0,0,0,0,
+(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+NULL
+};
+
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+             PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
+{
+        BIO_printf(out, "%*s", indent, "");
+        if(usage->notBefore) {
+                BIO_write(out, "Not Before: ", 12);
+                ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+                if(usage->notAfter) BIO_write(out, ", ", 2);
+        }
+        if(usage->notAfter) {
+                BIO_write(out, "Not After: ", 11);
+                ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+        }
+        return 1;
+}
+
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK_OF(CONF_VALUE) *values;
+{
+return NULL;
+}
+*/
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
new file mode 100644
index 0000000000..5d268eb768
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -0,0 +1,233 @@
+/* v3_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Extension printing routines */
+
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
+{
+        int i;
+        CONF_VALUE *nval;
+        if(!val) return;
+        if(!ml || !sk_CONF_VALUE_num(val)) {
+                BIO_printf(out, "%*s", indent, "");
+                if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
+        }
+        for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
+                if(ml) BIO_printf(out, "%*s", indent, "");
+                else if(i > 0) BIO_printf(out, ", ");
+                nval = sk_CONF_VALUE_value(val, i);
+                if(!nval->name) BIO_puts(out, nval->value);
+                else if(!nval->value) BIO_puts(out, nval->name);
+#ifndef CHARSET_EBCDIC
+                else BIO_printf(out, "%s:%s", nval->name, nval->value);
+#else
+                else {
+                        int len;
+                        char *tmp;
+                        len = strlen(nval->value)+1;
+                        tmp = OPENSSL_malloc(len);
+                        if (tmp)
+                        {
+                                ascii2ebcdic(tmp, nval->value, len);
+                                BIO_printf(out, "%s:%s", nval->name, tmp);
+                                OPENSSL_free(tmp);
+                        }
+                }
+#endif
+                if(ml) BIO_puts(out, "\n");
+        }
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
+{
+        void *ext_str = NULL;
+        char *value = NULL;
+        unsigned char *p;
+        X509V3_EXT_METHOD *method;      
+        STACK_OF(CONF_VALUE) *nval = NULL;
+        int ok = 1;
+        if(!(method = X509V3_EXT_get(ext)))
+                return unknown_ext_print(out, ext, flag, indent, 0);
+        p = ext->value->data;
+        if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
+        else ext_str = method->d2i(NULL, &p, ext->value->length);
+
+        if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
+
+        if(method->i2s) {
+                if(!(value = method->i2s(method, ext_str))) {
+                        ok = 0;
+                        goto err;
+                }
+#ifndef CHARSET_EBCDIC
+                BIO_printf(out, "%*s%s", indent, "", value);
+#else
+                {
+                        int len;
+                        char *tmp;
+                        len = strlen(value)+1;
+                        tmp = OPENSSL_malloc(len);
+                        if (tmp)
+                        {
+                                ascii2ebcdic(tmp, value, len);
+                                BIO_printf(out, "%*s%s", indent, "", tmp);
+                                OPENSSL_free(tmp);
+                        }
+                }
+#endif
+        } else if(method->i2v) {
+                if(!(nval = method->i2v(method, ext_str, NULL))) {
+                        ok = 0;
+                        goto err;
+                }
+                X509V3_EXT_val_prn(out, nval, indent,
+                                 method->ext_flags & X509V3_EXT_MULTILINE);
+        } else if(method->i2r) {
+                if(!method->i2r(method, ext_str, out, indent)) ok = 0;
+        } else ok = 0;
+
+        err:
+                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+                if(value) OPENSSL_free(value);
+                if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+                else method->ext_free(ext_str);
+                return ok;
+}
+
+int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
+{
+        int i, j;
+
+        if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
+
+        if(title) 
+                {
+                BIO_printf(bp,"%*s%s:\n",indent, "", title);
+                indent += 4;
+                }
+
+        for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+                {
+                ASN1_OBJECT *obj;
+                X509_EXTENSION *ex;
+                ex=sk_X509_EXTENSION_value(exts, i);
+                if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
+                obj=X509_EXTENSION_get_object(ex);
+                i2a_ASN1_OBJECT(bp,obj);
+                j=X509_EXTENSION_get_critical(ex);
+                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
+                        return 0;
+                if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
+                        {
+                        BIO_printf(bp, "%*s", indent + 4, "");
+                        M_ASN1_OCTET_STRING_print(bp,ex->value);
+                        }
+                if (BIO_write(bp,"\n",1) <= 0) return 0;
+                }
+        return 1;
+}
+
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
+{
+        switch(flag & X509V3_EXT_UNKNOWN_MASK) {
+
+                case X509V3_EXT_DEFAULT:
+                return 0;
+
+                case X509V3_EXT_ERROR_UNKNOWN:
+                if(supported)
+                        BIO_printf(out, "%*s<Parse Error>", indent, "");
+                else
+                        BIO_printf(out, "%*s<Not Supported>", indent, "");
+                return 1;
+
+                case X509V3_EXT_PARSE_UNKNOWN:
+                        return ASN1_parse_dump(out,
+                                ext->value->data, ext->value->length, indent, -1);
+                case X509V3_EXT_DUMP_UNKNOWN:
+                        return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
+
+                default:
+                return 1;
+        }
+}
+        
+
+#ifndef OPENSSL_NO_FP_API
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+        BIO *bio_tmp;
+        int ret;
+        if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
+        ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+        BIO_free(bio_tmp);
+        return ret;
+}
+#endif
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
new file mode 100644
index 0000000000..bbdf6da493
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -0,0 +1,647 @@
+/* v3_purp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+#include <openssl/x509_vfy.h>
+
+static void x509v3_cache_extensions(X509 *x);
+
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE * const *a,
+                const X509_PURPOSE * const *b);
+static void xptable_free(X509_PURPOSE *p);
+
+static X509_PURPOSE xstandard[] = {
+        {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+        {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+        {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+        {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
+        {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+        {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
+        {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
+        {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+};
+
+#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+
+IMPLEMENT_STACK_OF(X509_PURPOSE)
+
+static STACK_OF(X509_PURPOSE) *xptable = NULL;
+
+static int xp_cmp(const X509_PURPOSE * const *a,
+                const X509_PURPOSE * const *b)
+{
+        return (*a)->purpose - (*b)->purpose;
+}
+
+/* As much as I'd like to make X509_check_purpose use a "const" X509*
+ * I really can't because it does recalculate hashes and do other non-const
+ * things. */
+int X509_check_purpose(X509 *x, int id, int ca)
+{
+        int idx;
+        const X509_PURPOSE *pt;
+        if(!(x->ex_flags & EXFLAG_SET)) {
+                CRYPTO_w_lock(CRYPTO_LOCK_X509);
+                x509v3_cache_extensions(x);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+        }
+        if(id == -1) return 1;
+        idx = X509_PURPOSE_get_by_id(id);
+        if(idx == -1) return -1;
+        pt = X509_PURPOSE_get0(idx);
+        return pt->check_purpose(pt, x, ca);
+}
+
+int X509_PURPOSE_set(int *p, int purpose)
+{
+        if(X509_PURPOSE_get_by_id(purpose) == -1) {
+                X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+                return 0;
+        }
+        *p = purpose;
+        return 1;
+}
+
+int X509_PURPOSE_get_count(void)
+{
+        if(!xptable) return X509_PURPOSE_COUNT;
+        return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+}
+
+X509_PURPOSE * X509_PURPOSE_get0(int idx)
+{
+        if(idx < 0) return NULL;
+        if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
+        return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+}
+
+int X509_PURPOSE_get_by_sname(char *sname)
+{
+        int i;
+        X509_PURPOSE *xptmp;
+        for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+                xptmp = X509_PURPOSE_get0(i);
+                if(!strcmp(xptmp->sname, sname)) return i;
+        }
+        return -1;
+}
+
+int X509_PURPOSE_get_by_id(int purpose)
+{
+        X509_PURPOSE tmp;
+        int idx;
+        if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+                return purpose - X509_PURPOSE_MIN;
+        tmp.purpose = purpose;
+        if(!xptable) return -1;
+        idx = sk_X509_PURPOSE_find(xptable, &tmp);
+        if(idx == -1) return -1;
+        return idx + X509_PURPOSE_COUNT;
+}
+
+int X509_PURPOSE_add(int id, int trust, int flags,
+                        int (*ck)(const X509_PURPOSE *, const X509 *, int),
+                                        char *name, char *sname, void *arg)
+{
+        int idx;
+        X509_PURPOSE *ptmp;
+        /* This is set according to what we change: application can't set it */
+        flags &= ~X509_PURPOSE_DYNAMIC;
+        /* This will always be set for application modified trust entries */
+        flags |= X509_PURPOSE_DYNAMIC_NAME;
+        /* Get existing entry if any */
+        idx = X509_PURPOSE_get_by_id(id);
+        /* Need a new entry */
+        if(idx == -1) {
+                if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
+                        X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                ptmp->flags = X509_PURPOSE_DYNAMIC;
+        } else ptmp = X509_PURPOSE_get0(idx);
+
+        /* OPENSSL_free existing name if dynamic */
+        if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+                OPENSSL_free(ptmp->name);
+                OPENSSL_free(ptmp->sname);
+        }
+        /* dup supplied name */
+        ptmp->name = BUF_strdup(name);
+        ptmp->sname = BUF_strdup(sname);
+        if(!ptmp->name || !ptmp->sname) {
+                X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        /* Keep the dynamic flag of existing entry */
+        ptmp->flags &= X509_PURPOSE_DYNAMIC;
+        /* Set all other flags */
+        ptmp->flags |= flags;
+
+        ptmp->purpose = id;
+        ptmp->trust = trust;
+        ptmp->check_purpose = ck;
+        ptmp->usr_data = arg;
+
+        /* If its a new entry manage the dynamic table */
+        if(idx == -1) {
+                if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+                        X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+                if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+                        X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                }
+        }
+        return 1;
+}
+
+static void xptable_free(X509_PURPOSE *p)
+        {
+        if(!p) return;
+        if (p->flags & X509_PURPOSE_DYNAMIC) 
+                {
+                if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+                        OPENSSL_free(p->name);
+                        OPENSSL_free(p->sname);
+                }
+                OPENSSL_free(p);
+                }
+        }
+
+void X509_PURPOSE_cleanup(void)
+{
+        int i;
+        sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+        for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
+        xptable = NULL;
+}
+
+int X509_PURPOSE_get_id(X509_PURPOSE *xp)
+{
+        return xp->purpose;
+}
+
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
+{
+        return xp->name;
+}
+
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
+{
+        return xp->sname;
+}
+
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
+{
+        return xp->trust;
+}
+
+static int nid_cmp(int *a, int *b)
+        {
+        return *a - *b;
+        }
+
+int X509_supported_extension(X509_EXTENSION *ex)
+        {
+        /* This table is a list of the NIDs of supported extensions:
+         * that is those which are used by the verify process. If
+         * an extension is critical and doesn't appear in this list
+         * then the verify process will normally reject the certificate.
+         * The list must be kept in numerical order because it will be
+         * searched using bsearch.
+         */
+
+        static int supported_nids[] = {
+                NID_netscape_cert_type, /* 71 */
+                NID_key_usage,          /* 83 */
+                NID_subject_alt_name,   /* 85 */
+                NID_basic_constraints,  /* 87 */
+                NID_ext_key_usage,      /* 126 */
+                NID_proxyCertInfo       /* 661 */
+        };
+
+        int ex_nid;
+
+        ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+
+        if (ex_nid == NID_undef) 
+                return 0;
+
+        if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+                sizeof(supported_nids)/sizeof(int), sizeof(int),
+                (int (*)(const void *, const void *))nid_cmp))
+                return 1;
+        return 0;
+        }
+ 
+
+static void x509v3_cache_extensions(X509 *x)
+{
+        BASIC_CONSTRAINTS *bs;
+        PROXY_CERT_INFO_EXTENSION *pci;
+        ASN1_BIT_STRING *usage;
+        ASN1_BIT_STRING *ns;
+        EXTENDED_KEY_USAGE *extusage;
+        X509_EXTENSION *ex;
+        
+        int i;
+        if(x->ex_flags & EXFLAG_SET) return;
+#ifndef OPENSSL_NO_SHA
+        X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+#endif
+        /* Does subject name match issuer ? */
+        if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
+                         x->ex_flags |= EXFLAG_SS;
+        /* V1 should mean no extensions ... */
+        if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
+        /* Handle basic constraints */
+        if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+                if(bs->ca) x->ex_flags |= EXFLAG_CA;
+                if(bs->pathlen) {
+                        if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+                                                || !bs->ca) {
+                                x->ex_flags |= EXFLAG_INVALID;
+                                x->ex_pathlen = 0;
+                        } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+                } else x->ex_pathlen = -1;
+                BASIC_CONSTRAINTS_free(bs);
+                x->ex_flags |= EXFLAG_BCONS;
+        }
+        /* Handle proxy certificates */
+        if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+                if (x->ex_flags & EXFLAG_CA
+                    || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
+                    || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
+                        x->ex_flags |= EXFLAG_INVALID;
+                }
+                PROXY_CERT_INFO_EXTENSION_free(pci);
+                x->ex_flags |= EXFLAG_PROXY;
+        }
+        /* Handle key usage */
+        if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+                if(usage->length > 0) {
+                        x->ex_kusage = usage->data[0];
+                        if(usage->length > 1) 
+                                x->ex_kusage |= usage->data[1] << 8;
+                } else x->ex_kusage = 0;
+                x->ex_flags |= EXFLAG_KUSAGE;
+                ASN1_BIT_STRING_free(usage);
+        }
+        x->ex_xkusage = 0;
+        if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+                x->ex_flags |= EXFLAG_XKUSAGE;
+                for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+                        switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
+                                case NID_server_auth:
+                                x->ex_xkusage |= XKU_SSL_SERVER;
+                                break;
+
+                                case NID_client_auth:
+                                x->ex_xkusage |= XKU_SSL_CLIENT;
+                                break;
+
+                                case NID_email_protect:
+                                x->ex_xkusage |= XKU_SMIME;
+                                break;
+
+                                case NID_code_sign:
+                                x->ex_xkusage |= XKU_CODE_SIGN;
+                                break;
+
+                                case NID_ms_sgc:
+                                case NID_ns_sgc:
+                                x->ex_xkusage |= XKU_SGC;
+                                break;
+
+                                case NID_OCSP_sign:
+                                x->ex_xkusage |= XKU_OCSP_SIGN;
+                                break;
+
+                                case NID_time_stamp:
+                                x->ex_xkusage |= XKU_TIMESTAMP;
+                                break;
+
+                                case NID_dvcs:
+                                x->ex_xkusage |= XKU_DVCS;
+                                break;
+                        }
+                }
+                sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+        }
+
+        if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+                if(ns->length > 0) x->ex_nscert = ns->data[0];
+                else x->ex_nscert = 0;
+                x->ex_flags |= EXFLAG_NSCERT;
+                ASN1_BIT_STRING_free(ns);
+        }
+        x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+        x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+        for (i = 0; i < X509_get_ext_count(x); i++)
+                {
+                ex = X509_get_ext(x, i);
+                if (!X509_EXTENSION_get_critical(ex))
+                        continue;
+                if (!X509_supported_extension(ex))
+                        {
+                        x->ex_flags |= EXFLAG_CRITICAL;
+                        break;
+                        }
+                }
+        x->ex_flags |= EXFLAG_SET;
+}
+
+/* CA checks common to all purposes
+ * return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 basicConstraints absent so "maybe" a CA
+ * 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+ */
+
+#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
+#define ku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#define xku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+#define ns_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+
+static int check_ca(const X509 *x)
+{
+        /* keyUsage if present should allow cert signing */
+        if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
+        if(x->ex_flags & EXFLAG_BCONS) {
+                if(x->ex_flags & EXFLAG_CA) return 1;
+                /* If basicConstraints says not a CA then say so */
+                else return 0;
+        } else {
+                /* we support V1 roots for...  uh, I don't really know why. */
+                if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
+                /* If key usage present it must have certSign so tolerate it */
+                else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
+                /* Older certificates could have Netscape-specific CA types */
+                else if (x->ex_flags & EXFLAG_NSCERT
+                         && x->ex_nscert & NS_ANY_CA) return 5;
+                /* can this still be regarded a CA certificate?  I doubt it */
+                return 0;
+        }
+}
+
+int X509_check_ca(X509 *x)
+{
+        if(!(x->ex_flags & EXFLAG_SET)) {
+                CRYPTO_w_lock(CRYPTO_LOCK_X509);
+                x509v3_cache_extensions(x);
+                CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+        }
+
+        return check_ca(x);
+}
+
+/* Check SSL CA: common checks for SSL client and server */
+static int check_ssl_ca(const X509 *x)
+{
+        int ca_ret;
+        ca_ret = check_ca(x);
+        if(!ca_ret) return 0;
+        /* check nsCertType if present */
+        if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
+        else return 0;
+}
+
+
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
+        if(ca) return check_ssl_ca(x);
+        /* We need to do digital signatures with it */
+        if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
+        /* nsCertType if present should allow SSL client use */ 
+        if(ns_reject(x, NS_SSL_CLIENT)) return 0;
+        return 1;
+}
+
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
+        if(ca) return check_ssl_ca(x);
+
+        if(ns_reject(x, NS_SSL_SERVER)) return 0;
+        /* Now as for keyUsage: we'll at least need to sign OR encipher */
+        if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
+        
+        return 1;
+
+}
+
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        int ret;
+        ret = check_purpose_ssl_server(xp, x, ca);
+        if(!ret || ca) return ret;
+        /* We need to encipher or Netscape complains */
+        if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
+        return ret;
+}
+
+/* common S/MIME checks */
+static int purpose_smime(const X509 *x, int ca)
+{
+        if(xku_reject(x,XKU_SMIME)) return 0;
+        if(ca) {
+                int ca_ret;
+                ca_ret = check_ca(x);
+                if(!ca_ret) return 0;
+                /* check nsCertType if present */
+                if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
+                else return 0;
+        }
+        if(x->ex_flags & EXFLAG_NSCERT) {
+                if(x->ex_nscert & NS_SMIME) return 1;
+                /* Workaround for some buggy certificates */
+                if(x->ex_nscert & NS_SSL_CLIENT) return 2;
+                return 0;
+        }
+        return 1;
+}
+
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        int ret;
+        ret = purpose_smime(x, ca);
+        if(!ret || ca) return ret;
+        if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
+        return ret;
+}
+
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        int ret;
+        ret = purpose_smime(x, ca);
+        if(!ret || ca) return ret;
+        if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
+        return ret;
+}
+
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        if(ca) {
+                int ca_ret;
+                if((ca_ret = check_ca(x)) != 2) return ca_ret;
+                else return 0;
+        }
+        if(ku_reject(x, KU_CRL_SIGN)) return 0;
+        return 1;
+}
+
+/* OCSP helper: this is *not* a full OCSP check. It just checks that
+ * each CA is valid. Additional checks must be made on the chain.
+ */
+
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        /* Must be a valid CA.  Should we really support the "I don't know"
+           value (2)? */
+        if(ca) return check_ca(x);
+        /* leaf certificate is checked in OCSP_verify() */
+        return 1;
+}
+
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+        return 1;
+}
+
+/* Various checks to see if one certificate issued the second.
+ * This can be used to prune a set of possible issuer certificates
+ * which have been looked up using some simple method such as by
+ * subject name.
+ * These are:
+ * 1. Check issuer_name(subject) == subject_name(issuer)
+ * 2. If akid(subject) exists check it matches issuer
+ * 3. If key_usage(issuer) exists check it supports certificate signing
+ * returns 0 for OK, positive for reason for mismatch, reasons match
+ * codes for X509_verify_cert()
+ */
+
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+        if(X509_NAME_cmp(X509_get_subject_name(issuer),
+                        X509_get_issuer_name(subject)))
+                                return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+        x509v3_cache_extensions(issuer);
+        x509v3_cache_extensions(subject);
+        if(subject->akid) {
+                /* Check key ids (if present) */
+                if(subject->akid->keyid && issuer->skid &&
+                 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
+                                return X509_V_ERR_AKID_SKID_MISMATCH;
+                /* Check serial number */
+                if(subject->akid->serial &&
+                        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
+                                                subject->akid->serial))
+                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+                /* Check issuer name */
+                if(subject->akid->issuer) {
+                        /* Ugh, for some peculiar reason AKID includes
+                         * SEQUENCE OF GeneralName. So look for a DirName.
+                         * There may be more than one but we only take any
+                         * notice of the first.
+                         */
+                        GENERAL_NAMES *gens;
+                        GENERAL_NAME *gen;
+                        X509_NAME *nm = NULL;
+                        int i;
+                        gens = subject->akid->issuer;
+                        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+                                gen = sk_GENERAL_NAME_value(gens, i);
+                                if(gen->type == GEN_DIRNAME) {
+                                        nm = gen->d.dirn;
+                                        break;
+                                }
+                        }
+                        if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+                                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+                }
+        }
+        if(subject->ex_flags & EXFLAG_PROXY)
+                {
+                if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+                        return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+                }
+        else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
+                return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+        return X509_V_OK;
+}
+
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
new file mode 100644
index 0000000000..c0f044ac1b
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -0,0 +1,144 @@
+/* v3_skey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_skey_id = { 
+NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+0,0,0,0,
+(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+(X509V3_EXT_S2I)s2i_skey_id,
+0,0,0,0,
+NULL};
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+             ASN1_OCTET_STRING *oct)
+{
+        return hex_to_string(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+             X509V3_CTX *ctx, char *str)
+{
+        ASN1_OCTET_STRING *oct;
+        long length;
+
+        if(!(oct = M_ASN1_OCTET_STRING_new())) {
+                X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        if(!(oct->data = string_to_hex(str, &length))) {
+                M_ASN1_OCTET_STRING_free(oct);
+                return NULL;
+        }
+
+        oct->length = length;
+
+        return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+             X509V3_CTX *ctx, char *str)
+{
+        ASN1_OCTET_STRING *oct;
+        ASN1_BIT_STRING *pk;
+        unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+        unsigned int diglen;
+
+        if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+        if(!(oct = M_ASN1_OCTET_STRING_new())) {
+                X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+
+        if(ctx && (ctx->flags == CTX_TEST)) return oct;
+
+        if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+                X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+                goto err;
+        }
+
+        if(ctx->subject_req) 
+                pk = ctx->subject_req->req_info->pubkey->public_key;
+        else pk = ctx->subject_cert->cert_info->key->public_key;
+
+        if(!pk) {
+                X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+                goto err;
+        }
+
+        EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
+
+        if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+                X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+
+        return oct;
+        
+        err:
+        M_ASN1_OCTET_STRING_free(oct);
+        return NULL;
+}
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
new file mode 100644
index 0000000000..d3f4ba3a72
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -0,0 +1,262 @@
+/* v3_sxnet.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
+#ifdef SXNET_TEST
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *nval);
+#endif
+X509V3_EXT_METHOD v3_sxnet = {
+NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+0,0,0,0,
+0,0,
+0, 
+#ifdef SXNET_TEST
+(X509V3_EXT_V2I)sxnet_v2i,
+#else
+0,
+#endif
+(X509V3_EXT_I2R)sxnet_i2r,
+0,
+NULL
+};
+
+ASN1_SEQUENCE(SXNETID) = {
+        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
+
+ASN1_SEQUENCE(SXNET) = {
+        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+} ASN1_SEQUENCE_END(SXNET)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+             int indent)
+{
+        long v;
+        char *tmp;
+        SXNETID *id;
+        int i;
+        v = ASN1_INTEGER_get(sx->version);
+        BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
+        for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+                id = sk_SXNETID_value(sx->ids, i);
+                tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+                BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+                OPENSSL_free(tmp);
+                M_ASN1_OCTET_STRING_print(out, id->user);
+        }
+        return 1;
+}
+
+#ifdef SXNET_TEST
+
+/* NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+             STACK_OF(CONF_VALUE) *nval)
+{
+        CONF_VALUE *cnf;
+        SXNET *sx = NULL;
+        int i;
+        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+                cnf = sk_CONF_VALUE_value(nval, i);
+                if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+                                                                 return NULL;
+        }
+        return sx;
+}
+                
+        
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
+             int userlen)
+{
+        ASN1_INTEGER *izone = NULL;
+        if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+                X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+                return 0;
+        }
+        return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+             int userlen)
+{
+        ASN1_INTEGER *izone = NULL;
+        if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+                X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
+                M_ASN1_INTEGER_free(izone);
+                return 0;
+        }
+        return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+        
+}
+
+/* Add an id given the zone as an ASN1_INTEGER.
+ * Note this version uses the passed integer and doesn't make a copy so don't
+ * free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
+             int userlen)
+{
+        SXNET *sx = NULL;
+        SXNETID *id = NULL;
+        if(!psx || !zone || !user) {
+                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
+                return 0;
+        }
+        if(userlen == -1) userlen = strlen(user);
+        if(userlen > 64) {
+                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
+                return 0;
+        }
+        if(!*psx) {
+                if(!(sx = SXNET_new())) goto err;
+                if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
+                *psx = sx;
+        } else sx = *psx;
+        if(SXNET_get_id_INTEGER(sx, zone)) {
+                X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
+                return 0;
+        }
+
+        if(!(id = SXNETID_new())) goto err;
+        if(userlen == -1) userlen = strlen(user);
+                
+        if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
+        if(!sk_SXNETID_push(sx->ids, id)) goto err;
+        id->zone = zone;
+        return 1;
+        
+        err:
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
+        SXNETID_free(id);
+        SXNET_free(sx);
+        *psx = NULL;
+        return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
+{
+        ASN1_INTEGER *izone = NULL;
+        ASN1_OCTET_STRING *oct;
+        if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+                X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+                return NULL;
+        }
+        oct = SXNET_get_id_INTEGER(sx, izone);
+        M_ASN1_INTEGER_free(izone);
+        return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+        ASN1_INTEGER *izone = NULL;
+        ASN1_OCTET_STRING *oct;
+        if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+                X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
+                M_ASN1_INTEGER_free(izone);
+                return NULL;
+        }
+        oct = SXNET_get_id_INTEGER(sx, izone);
+        M_ASN1_INTEGER_free(izone);
+        return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+        SXNETID *id;
+        int i;
+        for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+                id = sk_SXNETID_value(sx->ids, i);
+                if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
+        }
+        return NULL;
+}
+
+IMPLEMENT_STACK_OF(SXNETID)
+IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
new file mode 100644
index 0000000000..466c91d0e8
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -0,0 +1,535 @@
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static char *strip_spaces(char *name);
+static int sk_strcmp(const char * const *a, const char * const *b);
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
+static void str_free(void *str);
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(const char *name, const char *value,
+                                                STACK_OF(CONF_VALUE) **extlist)
+{
+        CONF_VALUE *vtmp = NULL;
+        char *tname = NULL, *tvalue = NULL;
+        if(name && !(tname = BUF_strdup(name))) goto err;
+        if(value && !(tvalue = BUF_strdup(value))) goto err;
+        if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
+        if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
+        vtmp->section = NULL;
+        vtmp->name = tname;
+        vtmp->value = tvalue;
+        if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
+        return 1;
+        err:
+        X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+        if(vtmp) OPENSSL_free(vtmp);
+        if(tname) OPENSSL_free(tname);
+        if(tvalue) OPENSSL_free(tvalue);
+        return 0;
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist)
+    {
+    return X509V3_add_value(name,(const char *)value,extlist);
+    }
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+        if(!conf) return;
+        if(conf->name) OPENSSL_free(conf->name);
+        if(conf->value) OPENSSL_free(conf->value);
+        if(conf->section) OPENSSL_free(conf->section);
+        OPENSSL_free(conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist)
+{
+        if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+        return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist)
+{
+        if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+        return 1;
+}
+
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
+{
+        BIGNUM *bntmp = NULL;
+        char *strtmp = NULL;
+        if(!a) return NULL;
+        if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
+            !(strtmp = BN_bn2dec(bntmp)) )
+                X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+        BN_free(bntmp);
+        return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+{
+        BIGNUM *bntmp = NULL;
+        char *strtmp = NULL;
+        if(!a) return NULL;
+        if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+            !(strtmp = BN_bn2dec(bntmp)) )
+                X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+        BN_free(bntmp);
+        return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+{
+        BIGNUM *bn = NULL;
+        ASN1_INTEGER *aint;
+        int isneg, ishex;
+        int ret;
+        bn = BN_new();
+        if (!value) {
+                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
+                return 0;
+        }
+        if (value[0] == '-') {
+                value++;
+                isneg = 1;
+        } else isneg = 0;
+
+        if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+                value += 2;
+                ishex = 1;
+        } else ishex = 0;
+
+        if (ishex) ret = BN_hex2bn(&bn, value);
+        else ret = BN_dec2bn(&bn, value);
+
+        if (!ret) {
+                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
+                return 0;
+        }
+
+        if (isneg && BN_is_zero(bn)) isneg = 0;
+
+        aint = BN_to_ASN1_INTEGER(bn, NULL);
+        BN_free(bn);
+        if (!aint) {
+                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+                return 0;
+        }
+        if (isneg) aint->type |= V_ASN1_NEG;
+        return aint;
+}
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+             STACK_OF(CONF_VALUE) **extlist)
+{
+        char *strtmp;
+        int ret;
+        if(!aint) return 1;
+        if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
+        ret = X509V3_add_value(name, strtmp, extlist);
+        OPENSSL_free(strtmp);
+        return ret;
+}
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+{
+        char *btmp;
+        if(!(btmp = value->value)) goto err;
+        if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+                 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+                || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+                *asn1_bool = 0xff;
+                return 1;
+        } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+                 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+                || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+                *asn1_bool = 0;
+                return 1;
+        }
+        err:
+        X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+        X509V3_conf_err(value);
+        return 0;
+}
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+        ASN1_INTEGER *itmp;
+        if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+                X509V3_conf_err(value);
+                return 0;
+        }
+        *aint = itmp;
+        return 1;
+}
+
+#define HDR_NAME        1
+#define HDR_VALUE       2
+
+/*#define DEBUG*/
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
+{
+        char *p, *q, c;
+        char *ntmp, *vtmp;
+        STACK_OF(CONF_VALUE) *values = NULL;
+        char *linebuf;
+        int state;
+        /* We are going to modify the line so copy it first */
+        linebuf = BUF_strdup(line);
+        state = HDR_NAME;
+        ntmp = NULL;
+        /* Go through all characters */
+        for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+                switch(state) {
+                        case HDR_NAME:
+                        if(c == ':') {
+                                state = HDR_VALUE;
+                                *p = 0;
+                                ntmp = strip_spaces(q);
+                                if(!ntmp) {
+                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                                        goto err;
+                                }
+                                q = p + 1;
+                        } else if(c == ',') {
+                                *p = 0;
+                                ntmp = strip_spaces(q);
+                                q = p + 1;
+#if 0
+                                printf("%s\n", ntmp);
+#endif
+                                if(!ntmp) {
+                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                                        goto err;
+                                }
+                                X509V3_add_value(ntmp, NULL, &values);
+                        }
+                        break ;
+
+                        case HDR_VALUE:
+                        if(c == ',') {
+                                state = HDR_NAME;
+                                *p = 0;
+                                vtmp = strip_spaces(q);
+#if 0
+                                printf("%s\n", ntmp);
+#endif
+                                if(!vtmp) {
+                                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+                                        goto err;
+                                }
+                                X509V3_add_value(ntmp, vtmp, &values);
+                                ntmp = NULL;
+                                q = p + 1;
+                        }
+
+                }
+        }
+
+        if(state == HDR_VALUE) {
+                vtmp = strip_spaces(q);
+#if 0
+                printf("%s=%s\n", ntmp, vtmp);
+#endif
+                if(!vtmp) {
+                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+                        goto err;
+                }
+                X509V3_add_value(ntmp, vtmp, &values);
+        } else {
+                ntmp = strip_spaces(q);
+#if 0
+                printf("%s\n", ntmp);
+#endif
+                if(!ntmp) {
+                        X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+                        goto err;
+                }
+                X509V3_add_value(ntmp, NULL, &values);
+        }
+OPENSSL_free(linebuf);
+return values;
+
+err:
+OPENSSL_free(linebuf);
+sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+        char *p, *q;
+        /* Skip over leading spaces */
+        p = name;
+        while(*p && isspace((unsigned char)*p)) p++;
+        if(!*p) return NULL;
+        q = p + strlen(p) - 1;
+        while((q != p) && isspace((unsigned char)*q)) q--;
+        if(p != q) q[1] = 0;
+        if(!*p) return NULL;
+        return p;
+}
+
+/* hex string utilities */
+
+/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation
+ * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
+ */
+
+char *hex_to_string(unsigned char *buffer, long len)
+{
+        char *tmp, *q;
+        unsigned char *p;
+        int i;
+        static char hexdig[] = "0123456789ABCDEF";
+        if(!buffer || !len) return NULL;
+        if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
+                X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
+                return NULL;
+        }
+        q = tmp;
+        for(i = 0, p = buffer; i < len; i++,p++) {
+                *q++ = hexdig[(*p >> 4) & 0xf];
+                *q++ = hexdig[*p & 0xf];
+                *q++ = ':';
+        }
+        q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
+        return tmp;
+}
+
+/* Give a string of hex digits convert to
+ * a buffer
+ */
+
+unsigned char *string_to_hex(char *str, long *len)
+{
+        unsigned char *hexbuf, *q;
+        unsigned char ch, cl, *p;
+        if(!str) {
+                X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
+                return NULL;
+        }
+        if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
+        for(p = (unsigned char *)str, q = hexbuf; *p;) {
+                ch = *p++;
+#ifdef CHARSET_EBCDIC
+                ch = os_toebcdic[ch];
+#endif
+                if(ch == ':') continue;
+                cl = *p++;
+#ifdef CHARSET_EBCDIC
+                cl = os_toebcdic[cl];
+#endif
+                if(!cl) {
+                        X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
+                        OPENSSL_free(hexbuf);
+                        return NULL;
+                }
+                if(isupper(ch)) ch = tolower(ch);
+                if(isupper(cl)) cl = tolower(cl);
+
+                if((ch >= '0') && (ch <= '9')) ch -= '0';
+                else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
+                else goto badhex;
+
+                if((cl >= '0') && (cl <= '9')) cl -= '0';
+                else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
+                else goto badhex;
+
+                *q++ = (ch << 4) | cl;
+        }
+
+        if(len) *len = q - hexbuf;
+
+        return hexbuf;
+
+        err:
+        if(hexbuf) OPENSSL_free(hexbuf);
+        X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
+        return NULL;
+
+        badhex:
+        OPENSSL_free(hexbuf);
+        X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
+        return NULL;
+
+}
+
+/* V2I name comparison function: returns zero if 'name' matches
+ * cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+        int len, ret;
+        char c;
+        len = strlen(cmp);
+        if((ret = strncmp(name, cmp, len))) return ret;
+        c = name[len];
+        if(!c || (c=='.')) return 0;
+        return 1;
+}
+
+static int sk_strcmp(const char * const *a, const char * const *b)
+{
+        return strcmp(*a, *b);
+}
+
+STACK *X509_get1_email(X509 *x)
+{
+        GENERAL_NAMES *gens;
+        STACK *ret;
+        gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+        ret = get_email(X509_get_subject_name(x), gens);
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        return ret;
+}
+
+STACK *X509_REQ_get1_email(X509_REQ *x)
+{
+        GENERAL_NAMES *gens;
+        STACK_OF(X509_EXTENSION) *exts;
+        STACK *ret;
+        exts = X509_REQ_get_extensions(x);
+        gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+        ret = get_email(X509_REQ_get_subject_name(x), gens);
+        sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+        sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        return ret;
+}
+
+
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
+{
+        STACK *ret = NULL;
+        X509_NAME_ENTRY *ne;
+        ASN1_IA5STRING *email;
+        GENERAL_NAME *gen;
+        int i;
+        /* Now add any email address(es) to STACK */
+        i = -1;
+        /* First supplied X509_NAME */
+        while((i = X509_NAME_get_index_by_NID(name,
+                                         NID_pkcs9_emailAddress, i)) >= 0) {
+                ne = X509_NAME_get_entry(name, i);
+                email = X509_NAME_ENTRY_get_data(ne);
+                if(!append_ia5(&ret, email)) return NULL;
+        }
+        for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+        {
+                gen = sk_GENERAL_NAME_value(gens, i);
+                if(gen->type != GEN_EMAIL) continue;
+                if(!append_ia5(&ret, gen->d.ia5)) return NULL;
+        }
+        return ret;
+}
+
+static void str_free(void *str)
+{
+        OPENSSL_free(str);
+}
+
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
+{
+        char *emtmp;
+        /* First some sanity checks */
+        if(email->type != V_ASN1_IA5STRING) return 1;
+        if(!email->data || !email->length) return 1;
+        if(!*sk) *sk = sk_new(sk_strcmp);
+        if(!*sk) return 0;
+        /* Don't add duplicates */
+        if(sk_find(*sk, (char *)email->data) != -1) return 1;
+        emtmp = BUF_strdup((char *)email->data);
+        if(!emtmp || !sk_push(*sk, emtmp)) {
+                X509_email_free(*sk);
+                *sk = NULL;
+                return 0;
+        }
+        return 1;
+}
+
+void X509_email_free(STACK *sk)
+{
+        sk_pop_free(sk, str_free);
+}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
new file mode 100644
index 0000000000..2df0c3ef01
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -0,0 +1,193 @@
+/* crypto/x509v3/v3err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA X509V3_str_functs[]=
+        {
+{ERR_PACK(0,X509V3_F_COPY_EMAIL,0),     "COPY_EMAIL"},
+{ERR_PACK(0,X509V3_F_COPY_ISSUER,0),    "COPY_ISSUER"},
+{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0),    "DO_EXT_CONF"},
+{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0),     "DO_EXT_I2D"},
+{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),  "hex_to_string"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),    "i2s_ASN1_ENUMERATED"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0),     "I2S_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),       "i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0),      "I2V_AUTHORITY_INFO_ACCESS"},
+{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
+{ERR_PACK(0,X509V3_F_NREF_NOS,0),       "NREF_NOS"},
+{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"},
+{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0),    "R2I_CERTPOL"},
+{ERR_PACK(0,X509V3_F_R2I_PCI,0),        "R2I_PCI"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),     "S2I_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0),       "s2i_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0),  "s2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0),       "S2I_ASN1_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0),        "S2I_S2I_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0),  "string_to_hex"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0),  "SXNET_ADD_ASC"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0),   "SXNET_add_id_INTEGER"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0),     "SXNET_add_id_ulong"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0),       "SXNET_get_id_asc"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0),     "SXNET_get_id_ulong"},
+{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"},
+{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),    "V2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0),    "V2I_AUTHORITY_KEYID"},
+{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0),  "V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_CRLD,0),       "V2I_CRLD"},
+{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0),     "V2I_EXT_KU"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0),       "v2i_GENERAL_NAME"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0),      "v2i_GENERAL_NAMES"},
+{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0),   "V3_GENERIC_EXTENSION"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),       "X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),   "X509V3_EXT_add_alias"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),        "X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),  "X509V3_get_value_bool"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),      "X509V3_parse_list"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0),       "X509_PURPOSE_add"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0),       "X509_PURPOSE_set"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA X509V3_str_reasons[]=
+        {
+{X509V3_R_BAD_IP_ADDRESS                 ,"bad ip address"},
+{X509V3_R_BAD_OBJECT                     ,"bad object"},
+{X509V3_R_BN_DEC2BN_ERROR                ,"bn dec2bn error"},
+{X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
+{X509V3_R_DUPLICATE_ZONE_ID              ,"duplicate zone id"},
+{X509V3_R_ERROR_CONVERTING_ZONE          ,"error converting zone"},
+{X509V3_R_ERROR_CREATING_EXTENSION       ,"error creating extension"},
+{X509V3_R_ERROR_IN_EXTENSION             ,"error in extension"},
+{X509V3_R_EXPECTED_A_SECTION_NAME        ,"expected a section name"},
+{X509V3_R_EXTENSION_EXISTS               ,"extension exists"},
+{X509V3_R_EXTENSION_NAME_ERROR           ,"extension name error"},
+{X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
+{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
+{X509V3_R_EXTENSION_VALUE_ERROR          ,"extension value error"},
+{X509V3_R_ILLEGAL_HEX_DIGIT              ,"illegal hex digit"},
+{X509V3_R_INCORRECT_POLICY_SYNTAX_TAG    ,"incorrect policy syntax tag"},
+{X509V3_R_INVALID_BOOLEAN_STRING         ,"invalid boolean string"},
+{X509V3_R_INVALID_EXTENSION_STRING       ,"invalid extension string"},
+{X509V3_R_INVALID_NAME                   ,"invalid name"},
+{X509V3_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{X509V3_R_INVALID_NULL_NAME              ,"invalid null name"},
+{X509V3_R_INVALID_NULL_VALUE             ,"invalid null value"},
+{X509V3_R_INVALID_NUMBER                 ,"invalid number"},
+{X509V3_R_INVALID_NUMBERS                ,"invalid numbers"},
+{X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
+{X509V3_R_INVALID_OPTION                 ,"invalid option"},
+{X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER,"invalid proxy policy identifier"},
+{X509V3_R_INVALID_PROXY_POLICY_SETTING   ,"invalid proxy policy setting"},
+{X509V3_R_INVALID_PURPOSE                ,"invalid purpose"},
+{X509V3_R_INVALID_SECTION                ,"invalid section"},
+{X509V3_R_INVALID_SYNTAX                 ,"invalid syntax"},
+{X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
+{X509V3_R_MISSING_VALUE                  ,"missing value"},
+{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS  ,"need organization and numbers"},
+{X509V3_R_NO_CONFIG_DATABASE             ,"no config database"},
+{X509V3_R_NO_ISSUER_CERTIFICATE          ,"no issuer certificate"},
+{X509V3_R_NO_ISSUER_DETAILS              ,"no issuer details"},
+{X509V3_R_NO_POLICY_IDENTIFIER           ,"no policy identifier"},
+{X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED,"no proxy cert policy language defined"},
+{X509V3_R_NO_PUBLIC_KEY                  ,"no public key"},
+{X509V3_R_NO_SUBJECT_DETAILS             ,"no subject details"},
+{X509V3_R_ODD_NUMBER_OF_DIGITS           ,"odd number of digits"},
+{X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED,"policy language alreadty defined"},
+{X509V3_R_POLICY_PATH_LENGTH             ,"policy path length"},
+{X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"},
+{X509V3_R_POLICY_SYNTAX_NOT              ,"policy syntax not"},
+{X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"},
+{X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY,"policy when proxy language requires no policy"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS   ,"unable to get issuer details"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID     ,"unable to get issuer keyid"},
+{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT    ,"unknown bit string argument"},
+{X509V3_R_UNKNOWN_EXTENSION              ,"unknown extension"},
+{X509V3_R_UNKNOWN_EXTENSION_NAME         ,"unknown extension name"},
+{X509V3_R_UNKNOWN_OPTION                 ,"unknown option"},
+{X509V3_R_UNSUPPORTED_OPTION             ,"unsupported option"},
+{X509V3_R_USER_TOO_LONG                  ,"user too long"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_X509V3_strings(void)
+        {
+        static int init=1;
+
+        if (init)
+                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
+                ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+#endif
+
+                }
+        }
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
new file mode 100644
index 0000000000..e6d91251c2
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -0,0 +1,687 @@
+/* x509v3.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_X509V3_H
+#define HEADER_X509V3_H
+
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/conf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void * (*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE)(void *);
+typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
+typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+int ext_nid;
+int ext_flags;
+/* If this is set the following four fields are ignored */
+ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+
+/* The following pair is used for string extensions */
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+
+/* The following pair is used for multi-valued extensions */
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+
+/* The following are used for raw extensions */
+X509V3_EXT_I2R i2r;
+X509V3_EXT_R2I r2i;
+
+void *usr_data; /* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+#define CTX_TEST 0x1
+int flags;
+X509 *issuer_cert;
+X509 *subject_cert;
+X509_REQ *subject_req;
+X509_CRL *crl;
+X509V3_CONF_METHOD *db_meth;
+void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+typedef struct v3_ext_ctx X509V3_CTX;
+
+DECLARE_STACK_OF(X509V3_EXT_METHOD)
+
+/* ext_flags values */
+#define X509V3_EXT_DYNAMIC      0x1
+#define X509V3_EXT_CTX_DEP      0x2
+#define X509V3_EXT_MULTILINE    0x4
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+int ca;
+ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+
+typedef struct PKEY_USAGE_PERIOD_st {
+ASN1_GENERALIZEDTIME *notBefore;
+ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct otherName_st {
+ASN1_OBJECT *type_id;
+ASN1_TYPE *value;
+} OTHERNAME;
+
+typedef struct EDIPartyName_st {
+        ASN1_STRING *nameAssigner;
+        ASN1_STRING *partyName;
+} EDIPARTYNAME;
+
+typedef struct GENERAL_NAME_st {
+
+#define GEN_OTHERNAME   0
+#define GEN_EMAIL       1
+#define GEN_DNS         2
+#define GEN_X400        3
+#define GEN_DIRNAME     4
+#define GEN_EDIPARTY    5
+#define GEN_URI         6
+#define GEN_IPADD       7
+#define GEN_RID         8
+
+int type;
+union {
+        char *ptr;
+        OTHERNAME *otherName; /* otherName */
+        ASN1_IA5STRING *rfc822Name;
+        ASN1_IA5STRING *dNSName;
+        ASN1_TYPE *x400Address;
+        X509_NAME *directoryName;
+        EDIPARTYNAME *ediPartyName;
+        ASN1_IA5STRING *uniformResourceIdentifier;
+        ASN1_OCTET_STRING *iPAddress;
+        ASN1_OBJECT *registeredID;
+
+        /* Old names */
+        ASN1_OCTET_STRING *ip; /* iPAddress */
+        X509_NAME *dirn;                /* dirn */
+        ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+        ASN1_OBJECT *rid; /* registeredID */
+        ASN1_TYPE *other; /* x400Address */
+} d;
+} GENERAL_NAME;
+
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+
+typedef struct ACCESS_DESCRIPTION_st {
+        ASN1_OBJECT *method;
+        GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
+
+DECLARE_STACK_OF(GENERAL_NAME)
+DECLARE_ASN1_SET_OF(GENERAL_NAME)
+
+DECLARE_STACK_OF(ACCESS_DESCRIPTION)
+DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
+typedef struct DIST_POINT_NAME_st {
+int type;
+union {
+        GENERAL_NAMES *fullname;
+        STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
+} DIST_POINT_NAME;
+
+typedef struct DIST_POINT_st {
+DIST_POINT_NAME *distpoint;
+ASN1_BIT_STRING *reasons;
+GENERAL_NAMES *CRLissuer;
+} DIST_POINT;
+
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
+
+DECLARE_STACK_OF(DIST_POINT)
+DECLARE_ASN1_SET_OF(DIST_POINT)
+
+typedef struct AUTHORITY_KEYID_st {
+ASN1_OCTET_STRING *keyid;
+GENERAL_NAMES *issuer;
+ASN1_INTEGER *serial;
+} AUTHORITY_KEYID;
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+        ASN1_INTEGER *zone;
+        ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DECLARE_STACK_OF(SXNETID)
+DECLARE_ASN1_SET_OF(SXNETID)
+
+typedef struct SXNET_st {
+        ASN1_INTEGER *version;
+        STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+        ASN1_STRING *organization;
+        STACK_OF(ASN1_INTEGER) *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+        NOTICEREF *noticeref;
+        ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+        ASN1_OBJECT *pqualid;
+        union {
+                ASN1_IA5STRING *cpsuri;
+                USERNOTICE *usernotice;
+                ASN1_TYPE *other;
+        } d;
+} POLICYQUALINFO;
+
+DECLARE_STACK_OF(POLICYQUALINFO)
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+        ASN1_OBJECT *policyid;
+        STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
+
+DECLARE_STACK_OF(POLICYINFO)
+DECLARE_ASN1_SET_OF(POLICYINFO)
+
+/* Proxy certificate structures, see RFC 3820 */
+typedef struct PROXY_POLICY_st
+        {
+        ASN1_OBJECT *policyLanguage;
+        ASN1_OCTET_STRING *policy;
+        } PROXY_POLICY;
+
+typedef struct PROXY_CERT_INFO_EXTENSION_st
+        {
+        ASN1_INTEGER *pcPathLengthConstraint;
+        PROXY_POLICY *proxyPolicy;
+        } PROXY_CERT_INFO_EXTENSION;
+
+DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
+DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
+
+
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+#define X509V3_set_ctx_test(ctx) \
+                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
+
+#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
+                        0,0,0,0, \
+                        0,0, \
+                        (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+                        (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+                        NULL, NULL, \
+                        table}
+
+#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
+                        0,0,0,0, \
+                        (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+                        (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+                        0,0,0,0, \
+                        NULL}
+
+#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+
+/* X509_PURPOSE stuff */
+
+#define EXFLAG_BCONS            0x1
+#define EXFLAG_KUSAGE           0x2
+#define EXFLAG_XKUSAGE          0x4
+#define EXFLAG_NSCERT           0x8
+
+#define EXFLAG_CA               0x10
+#define EXFLAG_SS               0x20
+#define EXFLAG_V1               0x40
+#define EXFLAG_INVALID          0x80
+#define EXFLAG_SET              0x100
+#define EXFLAG_CRITICAL         0x200
+#define EXFLAG_PROXY            0x400
+
+#define KU_DIGITAL_SIGNATURE    0x0080
+#define KU_NON_REPUDIATION      0x0040
+#define KU_KEY_ENCIPHERMENT     0x0020
+#define KU_DATA_ENCIPHERMENT    0x0010
+#define KU_KEY_AGREEMENT        0x0008
+#define KU_KEY_CERT_SIGN        0x0004
+#define KU_CRL_SIGN             0x0002
+#define KU_ENCIPHER_ONLY        0x0001
+#define KU_DECIPHER_ONLY        0x8000
+
+#define NS_SSL_CLIENT           0x80
+#define NS_SSL_SERVER           0x40
+#define NS_SMIME                0x20
+#define NS_OBJSIGN              0x10
+#define NS_SSL_CA               0x04
+#define NS_SMIME_CA             0x02
+#define NS_OBJSIGN_CA           0x01
+#define NS_ANY_CA               (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
+
+#define XKU_SSL_SERVER          0x1     
+#define XKU_SSL_CLIENT          0x2
+#define XKU_SMIME               0x4
+#define XKU_CODE_SIGN           0x8
+#define XKU_SGC                 0x10
+#define XKU_OCSP_SIGN           0x20
+#define XKU_TIMESTAMP           0x40
+#define XKU_DVCS                0x80
+
+#define X509_PURPOSE_DYNAMIC    0x1
+#define X509_PURPOSE_DYNAMIC_NAME       0x2
+
+typedef struct x509_purpose_st {
+        int purpose;
+        int trust;              /* Default trust ID */
+        int flags;
+        int (*check_purpose)(const struct x509_purpose_st *,
+                                const X509 *, int);
+        char *name;
+        char *sname;
+        void *usr_data;
+} X509_PURPOSE;
+
+#define X509_PURPOSE_SSL_CLIENT         1
+#define X509_PURPOSE_SSL_SERVER         2
+#define X509_PURPOSE_NS_SSL_SERVER      3
+#define X509_PURPOSE_SMIME_SIGN         4
+#define X509_PURPOSE_SMIME_ENCRYPT      5
+#define X509_PURPOSE_CRL_SIGN           6
+#define X509_PURPOSE_ANY                7
+#define X509_PURPOSE_OCSP_HELPER        8
+
+#define X509_PURPOSE_MIN                1
+#define X509_PURPOSE_MAX                8
+
+/* Flags for X509V3_EXT_print() */
+
+#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+/* Flags for X509V3_add1_i2d */
+
+#define X509V3_ADD_OP_MASK              0xfL
+#define X509V3_ADD_DEFAULT              0L
+#define X509V3_ADD_APPEND               1L
+#define X509V3_ADD_REPLACE              2L
+#define X509V3_ADD_REPLACE_EXISTING     3L
+#define X509V3_ADD_KEEP_EXISTING        4L
+#define X509V3_ADD_DELETE               5L
+#define X509V3_ADD_SILENT               0x10
+
+DECLARE_STACK_OF(X509_PURPOSE)
+
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+DECLARE_ASN1_FUNCTIONS(SXNET)
+DECLARE_ASN1_FUNCTIONS(SXNETID)
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
+
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
+
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+#ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
+void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+#endif
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                                 X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+                                                STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                                                STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                                                STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+                                                STACK_OF(CONF_VALUE) **extlist);
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
+
+char *hex_to_string(unsigned char *buffer, long len);
+unsigned char *string_to_hex(char *str, long *len);
+int name_cmp(const char *name, const char *cmp);
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                                                                 int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
+
+int X509_check_ca(X509 *x);
+int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
+int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_PURPOSE_get_count(void);
+X509_PURPOSE * X509_PURPOSE_get0(int idx);
+int X509_PURPOSE_get_by_sname(char *sname);
+int X509_PURPOSE_get_by_id(int id);
+int X509_PURPOSE_add(int id, int trust, int flags,
+                        int (*ck)(const X509_PURPOSE *, const X509 *, int),
+                                char *name, char *sname, void *arg);
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
+void X509_PURPOSE_cleanup(void);
+int X509_PURPOSE_get_id(X509_PURPOSE *);
+
+STACK *X509_get1_email(X509 *x);
+STACK *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK *sk);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_X509V3_strings(void);
+
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+#define X509V3_F_COPY_EMAIL                              122
+#define X509V3_F_COPY_ISSUER                             123
+#define X509V3_F_DO_EXT_CONF                             124
+#define X509V3_F_DO_EXT_I2D                              135
+#define X509V3_F_HEX_TO_STRING                           111
+#define X509V3_F_I2S_ASN1_ENUMERATED                     121
+#define X509V3_F_I2S_ASN1_IA5STRING                      142
+#define X509V3_F_I2S_ASN1_INTEGER                        120
+#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
+#define X509V3_F_NOTICE_SECTION                          132
+#define X509V3_F_NREF_NOS                                133
+#define X509V3_F_POLICY_SECTION                          131
+#define X509V3_F_R2I_CERTPOL                             130
+#define X509V3_F_R2I_PCI                                 142
+#define X509V3_F_S2I_ASN1_IA5STRING                      100
+#define X509V3_F_S2I_ASN1_INTEGER                        108
+#define X509V3_F_S2I_ASN1_OCTET_STRING                   112
+#define X509V3_F_S2I_ASN1_SKEY_ID                        114
+#define X509V3_F_S2I_S2I_SKEY_ID                         115
+#define X509V3_F_STRING_TO_HEX                           113
+#define X509V3_F_SXNET_ADD_ASC                           125
+#define X509V3_F_SXNET_ADD_ID_INTEGER                    126
+#define X509V3_F_SXNET_ADD_ID_ULONG                      127
+#define X509V3_F_SXNET_GET_ID_ASC                        128
+#define X509V3_F_SXNET_GET_ID_ULONG                      129
+#define X509V3_F_V2I_ACCESS_DESCRIPTION                  139
+#define X509V3_F_V2I_ASN1_BIT_STRING                     101
+#define X509V3_F_V2I_AUTHORITY_KEYID                     119
+#define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
+#define X509V3_F_V2I_CRLD                                134
+#define X509V3_F_V2I_EXT_KU                              103
+#define X509V3_F_V2I_GENERAL_NAME                        117
+#define X509V3_F_V2I_GENERAL_NAMES                       118
+#define X509V3_F_V3_GENERIC_EXTENSION                    116
+#define X509V3_F_X509V3_ADD_I2D                          140
+#define X509V3_F_X509V3_ADD_VALUE                        105
+#define X509V3_F_X509V3_EXT_ADD                          104
+#define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
+#define X509V3_F_X509V3_EXT_CONF                         107
+#define X509V3_F_X509V3_EXT_I2D                          136
+#define X509V3_F_X509V3_GET_VALUE_BOOL                   110
+#define X509V3_F_X509V3_PARSE_LIST                       109
+#define X509V3_F_X509_PURPOSE_ADD                        137
+#define X509V3_F_X509_PURPOSE_SET                        141
+
+/* Reason codes. */
+#define X509V3_R_BAD_IP_ADDRESS                          118
+#define X509V3_R_BAD_OBJECT                              119
+#define X509V3_R_BN_DEC2BN_ERROR                         100
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
+#define X509V3_R_DUPLICATE_ZONE_ID                       133
+#define X509V3_R_ERROR_CONVERTING_ZONE                   131
+#define X509V3_R_ERROR_CREATING_EXTENSION                144
+#define X509V3_R_ERROR_IN_EXTENSION                      128
+#define X509V3_R_EXPECTED_A_SECTION_NAME                 137
+#define X509V3_R_EXTENSION_EXISTS                        145
+#define X509V3_R_EXTENSION_NAME_ERROR                    115
+#define X509V3_R_EXTENSION_NOT_FOUND                     102
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
+#define X509V3_R_EXTENSION_VALUE_ERROR                   116
+#define X509V3_R_ILLEGAL_HEX_DIGIT                       113
+#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             153
+#define X509V3_R_INVALID_BOOLEAN_STRING                  104
+#define X509V3_R_INVALID_EXTENSION_STRING                105
+#define X509V3_R_INVALID_NAME                            106
+#define X509V3_R_INVALID_NULL_ARGUMENT                   107
+#define X509V3_R_INVALID_NULL_NAME                       108
+#define X509V3_R_INVALID_NULL_VALUE                      109
+#define X509V3_R_INVALID_NUMBER                          140
+#define X509V3_R_INVALID_NUMBERS                         141
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
+#define X509V3_R_INVALID_OPTION                          138
+#define X509V3_R_INVALID_POLICY_IDENTIFIER               134
+#define X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER         147
+#define X509V3_R_INVALID_PROXY_POLICY_SETTING            151
+#define X509V3_R_INVALID_PURPOSE                         146
+#define X509V3_R_INVALID_SECTION                         135
+#define X509V3_R_INVALID_SYNTAX                          143
+#define X509V3_R_ISSUER_DECODE_ERROR                     126
+#define X509V3_R_MISSING_VALUE                           124
+#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS           142
+#define X509V3_R_NO_CONFIG_DATABASE                      136
+#define X509V3_R_NO_ISSUER_CERTIFICATE                   121
+#define X509V3_R_NO_ISSUER_DETAILS                       127
+#define X509V3_R_NO_POLICY_IDENTIFIER                    139
+#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   148
+#define X509V3_R_NO_PUBLIC_KEY                           114
+#define X509V3_R_NO_SUBJECT_DETAILS                      125
+#define X509V3_R_ODD_NUMBER_OF_DIGITS                    112
+#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED        149
+#define X509V3_R_POLICY_PATH_LENGTH                      152
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED     150
+#define X509V3_R_POLICY_SYNTAX_NOT                       154
+#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   155
+#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 156
+#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
+#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111
+#define X509V3_R_UNKNOWN_EXTENSION                       129
+#define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
+#define X509V3_R_UNKNOWN_OPTION                          120
+#define X509V3_R_UNSUPPORTED_OPTION                      117
+#define X509V3_R_USER_TOO_LONG                           132
+
+#ifdef  __cplusplus
+}
+#endif
+#endif